blog.malwarebytes.com Open in urlscan Pro
130.211.198.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links.e.malwarebytes.com/z/qayflic8t?uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bs...
Effective URL:
https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshif...
Submission: On January 20 via api (January 20th 2022, 8:52:07 am UTC) from BE — Scanned from DE

Summary HTTP 236 Redirects Links 93 Behaviour Indicators

Summary

This website contacted 50 IPs in 5 countries across 38 domains to perform 236 HTTP transactions. The main IP is 130.211.198.3, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is blog.malwarebytes.com. The Cisco Umbrella rank of the primary domain is 234310.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 1st 2021. Valid for: a year.

This is the only time blog.malwarebytes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6810:d03f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
74	130.211.198.3 130.211.198.3	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 15	2600:9000:223... 2600:9000:223c:6e00:16:26c7:ff80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.239.137.4 52.239.137.4	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	54.208.225.246 54.208.225.246	14618 (AMAZON-AES) (AMAZON-AES)
1	18.66.248.52 18.66.248.52	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:5f80:a::... 2a03:5f80:a::b212:e7c0	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
3	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.112.121 18.66.112.121	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225e:ca00:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
6	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
2	2a02:26f0:170... 2a02:26f0:1700:786::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.205.51.212 18.205.51.212	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	18.64.79.84 18.64.79.84	16509 (AMAZON-02) (AMAZON-02)
2 2	52.210.199.144 52.210.199.144	16509 (AMAZON-02) (AMAZON-02)
1 2	52.222.214.93 52.222.214.93	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
38	2600:9000:231... 2600:9000:2315:b600:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
11	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
3 3	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
1 8	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	2600:1f18:730... 2600:1f18:730:b130:4896:6298:98c:bff0	14618 (AMAZON-AES) (AMAZON-AES)
1	34.238.14.155 34.238.14.155	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2016	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
14	199.232.194.49 199.232.194.49	54113 (FASTLY) (FASTLY)
1 2	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	69.16.175.10 69.16.175.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
236	50

1 2606:4700::6810:d03f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

links.e.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

74 130.211.198.3 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 3.198.211.130.bc.googleusercontent.com

blog.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:9000:223c:6e00:16:26c7:ff80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.239.137.4 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

optanon.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.208.225.246 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-208-225-246.compute-1.amazonaws.com

genesis.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-52.dus51.r.cloudfront.net

api.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:5f80:a::b212:e7c0 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-121.fra56.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:ca00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

malwarebytesunpacked.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:786::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.205.51.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-51-212.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.79.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-79-84.txl50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.210.199.144 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-199-144.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.214.93 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-93.fra56.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2600:9000:2315:b600:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.128.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:22::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.0.84 (United States) 1 redirects

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.pinterest.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b130:4896:6298:98c:bff0 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.238.14.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-14-155.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 199.232.194.49 (United States)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

5118230.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net

cdn.bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
92	malwarebytes.com 2 redirects links.e.malwarebytes.com — Cisco Umbrella Rank: 215278 blog.malwarebytes.com — Cisco Umbrella Rank: 234310 www.malwarebytes.com — Cisco Umbrella Rank: 23074 genesis.malwarebytes.com — Cisco Umbrella Rank: 255505	1 MB
52	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4071 a.disquscdn.com — Cisco Umbrella Rank: 8099	1 MB
17	disqus.com malwarebytesunpacked.disqus.com — Cisco Umbrella Rank: 675056 disqus.com — Cisco Umbrella Rank: 2768 referrer.disqus.com — Cisco Umbrella Rank: 6042	169 KB
9	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	732 KB
7	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 96 googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 static.doubleclick.net — Cisco Umbrella Rank: 356 5118230.fls.doubleclick.net — Cisco Umbrella Rank: 787929	4 KB
4	bttrack.com cdn.bttrack.com — Cisco Umbrella Rank: 7187 bttrack.com — Cisco Umbrella Rank: 746	5 KB
4	pinterest.de www.pinterest.de — Cisco Umbrella Rank: 26282	15 KB
4	google.com www.google.com — Cisco Umbrella Rank: 13 adservice.google.com — Cisco Umbrella Rank: 80	14 KB
4	pinterest.com 1 redirects ct.pinterest.com — Cisco Umbrella Rank: 823 www.pinterest.com — Cisco Umbrella Rank: 1200	1 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 546 www.linkedin.com — Cisco Umbrella Rank: 647 px4.ads.linkedin.com — Cisco Umbrella Rank: 5501	4 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	21 KB
4	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 1713	22 KB
3	company-target.com 1 redirects api.company-target.com — Cisco Umbrella Rank: 3850 segments.company-target.com — Cisco Umbrella Rank: 1306	2 KB
3	gstatic.com fonts.gstatic.com www.gstatic.com	33 KB
3	liadm.com 1 redirects b-code.liadm.com — Cisco Umbrella Rank: 3664 rp.liadm.com — Cisco Umbrella Rank: 2775 rp4.liadm.com — Cisco Umbrella Rank: 10903	12 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	134 KB
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2008	3 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5557	565 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	313 B
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 524	1019 B
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 701	20 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1098	5 KB
2	demandbase.com api.demandbase.com — Cisco Umbrella Rank: 11921 scripts.demandbase.com — Cisco Umbrella Rank: 7439	18 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	129 KB
2	windows.net optanon.blob.core.windows.net — Cisco Umbrella Rank: 10017	27 KB
1	t.co t.co — Cisco Umbrella Rank: 487	338 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 537	458 B
1	adsrvr.org insight.adsrvr.org — Cisco Umbrella Rank: 624	261 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 630	6 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 109	16 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 206	3 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 106	15 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 738	66 B
1	quora.com q.quora.com — Cisco Umbrella Rank: 3455	425 B
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 881	2 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 743	256 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 440	2 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
236	38

	Domain	Requested by
74	blog.malwarebytes.com	blog.malwarebytes.com www.malwarebytes.com
38	c.disquscdn.com	malwarebytesunpacked.disqus.com disqus.com c.disquscdn.com blog.malwarebytes.com
15	www.malwarebytes.com	1 redirects blog.malwarebytes.com www.googletagmanager.com
14	a.disquscdn.com	blog.malwarebytes.com c.disquscdn.com
11	disqus.com	malwarebytesunpacked.disqus.com c.disquscdn.com
9	www.youtube.com	blog.malwarebytes.com www.youtube.com
4	www.pinterest.de	s.pinimg.com blog.malwarebytes.com
4	malwarebytesunpacked.disqus.com	blog.malwarebytes.com www.malwarebytes.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com blog.malwarebytes.com
4	secure.gravatar.com	blog.malwarebytes.com secure.gravatar.com
3	bttrack.com	cdn.bttrack.com bttrack.com
3	googleads.g.doubleclick.net	1 redirects www.googleadservices.com www.youtube.com
3	www.google.com	blog.malwarebytes.com www.youtube.com
3	ct.pinterest.com	s.pinimg.com blog.malwarebytes.com
3	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
2	5118230.fls.doubleclick.net	1 redirects www.malwarebytes.com
2	referrer.disqus.com	blog.malwarebytes.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	www.google.de	blog.malwarebytes.com
2	www.facebook.com	blog.malwarebytes.com
2	px.ads.linkedin.com	2 redirects
2	segments.company-target.com	1 redirects blog.malwarebytes.com
2	match.prod.bidr.io	2 redirects
2	s.pinimg.com	www.googletagmanager.com s.pinimg.com
2	snap.licdn.com	www.googletagmanager.com
2	genesis.malwarebytes.com	www.malwarebytes.com
2	www.googletagmanager.com	blog.malwarebytes.com www.googletagmanager.com
2	optanon.blob.core.windows.net	blog.malwarebytes.com optanon.blob.core.windows.net
1	adservice.google.com	5118230.fls.doubleclick.net
1	cdn.bttrack.com	5118230.fls.doubleclick.net
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	insight.adsrvr.org
1	static.ads-twitter.com	blog.malwarebytes.com
1	www.pinterest.com	1 redirects
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	rp4.liadm.com	blog.malwarebytes.com
1	rp.liadm.com	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	px4.ads.linkedin.com	blog.malwarebytes.com
1	www.linkedin.com	1 redirects
1	www.googleadservices.com	www.googletagmanager.com
1	id.rlcdn.com	blog.malwarebytes.com
1	api.company-target.com	scripts.demandbase.com
1	fonts.gstatic.com	www.youtube.com
1	q.quora.com	blog.malwarebytes.com
1	b-code.liadm.com	www.googletagmanager.com
1	unpkg.com	www.googletagmanager.com
1	scripts.demandbase.com	blog.malwarebytes.com
1	api.demandbase.com	www.malwarebytes.com
1	geolocation.onetrust.com	www.malwarebytes.com
1	cdn.jsdelivr.net	blog.malwarebytes.com
1	fonts.googleapis.com	blog.malwarebytes.com
1	links.e.malwarebytes.com	1 redirects
236	57

This site contains links to these domains. Also see Links.

Domain
www.malwarebytes.com
onetrust.com
resources.malwarebytes.com
press.malwarebytes.com
www.rsaconference.com
support.malwarebytes.com
forums.malwarebytes.com
www.youtube.com
jobs.malwarebytes.com
my.malwarebytes.com
cloud.malwarebytes.com
partners.malwarebytes.com
www.facebook.com
twitter.com
www.linkedin.com
github.com
blog.zecops.com
naehrdine.blogspot.com
support.apple.com
www.twitter.com
www.instagram.com
de.malwarebytes.com
es.malwarebytes.com
fr.malwarebytes.com
it.malwarebytes.com
pt.malwarebytes.com
br.malwarebytes.com
nl.malwarebytes.com
pl.malwarebytes.com
ru.malwarebytes.com

Subject Issuer	Validity	Valid
blog.malwarebytes.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-01` - `2022-07-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
www.malwarebytes.com Amazon	`2021-05-26` - `2022-06-24`	a year	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2021-12-13` - `2022-12-13`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.malwarebytes.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-08` - `2022-11-08`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-20` - `2022-09-26`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-29` - `2022-01-27`	3 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-18` - `2022-10-14`	a year	crt.sh
*.liadm.com Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
*.quora.com R3	`2022-01-12` - `2022-04-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2022-01-03` - `2023-02-04`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Frame ID: 74A38B14BA2C27C5C51BC47D83A836E1
Requests: 151 HTTP requests in this frame

Frame: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
Frame ID: BB1FD458A124E4D18E7B60073DB666E7
Requests: 18 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
Frame ID: 0E22EC4C062AD849F7E3A988E68FD1DD
Requests: 27 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7C689359D817B2AE816E2816D9BD149C
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 66A837296EBEB46E20B73A980C23BEF2
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 83BDDE76D457CBE9CFA8ED543D38E11E
Requests: 1 HTTP requests in this frame

Frame: https://5118230.fls.doubleclick.net/activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967
Frame ID: 4CF0A934E6931582FD44BD61F3F3EB35
Requests: 6 HTTP requests in this frame

Frame: https://www.pinterest.de/ct.html
Frame ID: 4909504C2E6358223EA05FBE8F3362E1
Requests: 4 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
Frame ID: C5CE2DF48EF15CB6E8533A2B4A969B25
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
Frame ID: 006A2C1047CFA824A8B42091944A469D
Requests: 27 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 6E5E45274181C32B30F11E531579690A
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: C9A2F55C656AA2E022D394E4B4BFCC4E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New iPhone malware spies via camera when device appears off | Malwarebytes Labs The official Malwarebytes logo

Page URL History Show full URLs

https://links.e.malwarebytes.com/z/qayflic8t?uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&mid=85c1ddbc-94a5-4703-... HTTP 307
https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

optanon\.blob\.core\.windows\.net

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

prettyPhoto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:<link [^>]*href="[^"]*prettyPhoto(?:\.min)?\.css|<a [^>]*rel="prettyPhoto)

Page Statistics

236
Requests

98 %
HTTPS

55 %
IPv6

38
Domains

57
Subdomains

50
IPs

5
Countries

4007 kB
Transfer

9143 kB
Size

37
Cookies

93 Outgoing links

These are links going to different origins than the main page.

URL: https://www.malwarebytes.com/privacy/
Title: More Information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/premium/
Title: Malwarebytes for Windows

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mac/
Title: Malwarebytes for Mac

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/chromebook/
Title: Malwarebytes for Chromebook

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/browserguard/
Title: Malwarebytes Browser Guard

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/for-home/
Title: Overview

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/android/
Title: Malwarebytes for Android

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ios/
Title: Malwarebytes for iOS

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/vpn/
Title: Malwarebytes Privacy VPN

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/for-home/products/
Title: Explore all Personal Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/pricing/
Title: Explore Pricing

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mwb-download/thankyou/
Title: Free Trial of Malwarebytes Premium Protect your devices, your data, and your privacy—at home or on the go. Get free trial

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/small-business
Title: Small Business

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/pricing/business

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/mid-market/
Title: Mid-size Businesses

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/enterprise/
Title: Large Enterprise

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/education/
Title: Education

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/finance/
Title: Finance

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/healthcare/
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/products
Title: Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/teams/
Title: For Teams

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpoint-protection/
Title: Endpoint Protection

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/edr/
Title: Endpoint Detection & Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/incident-response/
Title: Incident Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/crowdstrike/
Title: Remediation for CrowdStrike®

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpoint-protection/server-security/
Title: Endpoint Protection for Servers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/edr/server-security/
Title: Endpoint Detection & Response for Servers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/cloud/
Title: Nebula

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/product-selector
Title: Help me choose a product

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/request_trial?ref=nav
Title: Get a free trial

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/
Title: Explore Partnerships

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/solution-providers/
Title: Resellers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/managed-service-providers/
Title: Managed Service Providers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/techbench/
Title: Computer Repair

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/integrations/
Title: Technology Partners

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/casestudy/optimus-systems-delivers-trusted-desktop-security-services-malwarebytes-managed-services-provider/
Title: See full story

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/antivirus/
Title: Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/malware/
Title: Malware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ransomware/
Title: Ransomware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/cybersecurity/
Title: See all

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/#reviews
Title: Reviews

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/#analyst-reports
Title: Analyst Reports

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/casestudies/
Title: Case Studies

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/
Title: See all

Search URL Search Domain Scan URL

URL: https://press.malwarebytes.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.rsaconference.com/usa
Title: See Event

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/services/
Title: Premium Services

Search URL Search Domain Scan URL

URL: https://forums.malwarebytes.com/
Title: Forums

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/secure/
Title: Vulnerability Disclosure

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCB7JQhkZpiyvGPufW2RPBoQ
Title: Training for Personal Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/academy/
Title: Training for Business Products

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us/articles/360046199873-Activate-Malwarebytes-Privacy-on-Windows-device
Title: See Content

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/contact/
Title: CONTACT US

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/company/
Title: About Malwarebytes

Search URL Search Domain Scan URL

URL: https://jobs.malwarebytes.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/en/login/
Title: My Account

Search URL Search Domain Scan URL

URL: https://cloud.malwarebytes.com/
Title: Cloud Console

Search URL Search Domain Scan URL

URL: https://partners.malwarebytes.com/English/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/newsletter/?email=&source=labs
Title: SUBSCRIBE

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Malwarebytes/

Search URL Search Domain Scan URL

URL: https://twitter.com/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/malwarebytes

Search URL Search Domain Scan URL

URL: https://github.com/ZecOps/public/tree/master/fake_shutdown_POC
Title: a new proof-of-concept (PoC) iPhone Trojan

Search URL Search Domain Scan URL

URL: https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/
Title: here

Search URL Search Domain Scan URL

URL: https://naehrdine.blogspot.com/2021/09/always-on-processor-magic-how-find-my.html
Title: “off” is not-quite-off anymore.

Search URL Search Domain Scan URL

URL: https://support.apple.com/en-gb/apple-configurator
Title: download for free

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t=New+iPhone+malware+spies+via+camera+when+device+appears+off

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=New+iPhone+malware+spies+via+camera+when+device+appears+off+https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&via=Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&title=New+iPhone+malware+spies+via+camera+when+device+appears+off&summary=&source=

Search URL Search Domain Scan URL

URL: https://www.twitter.com/joviannfeed

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.instagram.com/malwarebytesofficial/

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/
Title: FOR BUSINESS

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/en/login
Title: SIGN IN

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/legal/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/tos/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/
Title: English

Search URL Search Domain Scan URL

URL: https://de.malwarebytes.com/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://es.malwarebytes.com/
Title: Español

Search URL Search Domain Scan URL

URL: https://fr.malwarebytes.com/
Title: Français

Search URL Search Domain Scan URL

URL: https://it.malwarebytes.com/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://pt.malwarebytes.com/
Title: Português (Portugal)

Search URL Search Domain Scan URL

URL: https://br.malwarebytes.com/
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://nl.malwarebytes.com/
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://pl.malwarebytes.com/
Title: Polski

Search URL Search Domain Scan URL

URL: https://ru.malwarebytes.com/
Title: Pусский

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/se/
Title: Svenska

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links.e.malwarebytes.com/z/qayflic8t?uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_ek=2022-01-15T16:30:40Z&bsft_mime_type=html&bsft_tv=9&bsft_lx=9 HTTP 307
https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://www.malwarebytes.com/css/NEW-NAV.css HTTP 301
https://www.malwarebytes.com/css/new-nav.css

Request Chain 119

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AHr7Z07D0kUAAEtrjHsDFQ HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AHr7Z07D0kUAAEtrjHsDFQ&verifyHash=d6a3805a7e47166cf5e2a3f11169780d77748da3

Request Chain 129

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%3D%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1642668720620%26url%3Dhttps%253A%252F%252Fblog.malwarebytes.com%252Ftrojans%252F2022%252F01%252Fnew-iphone-malware-spies-via-camera-when-device-appears-off%252F%253Futm_source%253Dblueshift%2526utm_medium%253Demail%2526utm_campaign%253Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%2526amp%253D%2526utm_content%253Dnew-iphone-malware-spies-via-camera-when-device-appears-off%2526bsft_aaid%253D18a8abbd-b7b6-422b-8352-283554e9475a%2526bsft_eid%253Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%2526bsft_clkid%253D93654ee9-6e1c-4723-a262-cd25dade6809%2526bsft_uid%253D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%2526bsft_mid%253D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%2526bsft_mime_type%253Dhtml%2526bsft_ek%253D2022-01-15T16%25253A30%25253A40Z%2526bsft_lx%253D9%2526bsft_tv%253D9%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%3D%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%3D%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&liSync=true&e_ipv6=AQLsr-qQUB_9ZQAAAX52r4TWMSdxNZShDQYS9Sfgpotaq29ue4P5_zwMPpYABGpIsQHDUcvM

Request Chain 135

https://rp.liadm.com/j?dtstmp=1642668720682&aid=a-06kg&se=e30&duid=ff3668206ce6--01fsvaz0dq072ms1pq1s788ym0&tna=v2.3.0&pu=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&wpn=lc-bundle&c=PHRpdGxlPgoKTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYgfCBNYWx3YXJlYnl0ZXMgTGFicyAgPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTm9SZUJvb3QgaXMgYW4gaU9TIFRyb2phbiB0aGF0IHNwaWVzIG9uIHBlb3BsZSBhbmQgbWFrZXMgdXNlcnMgYmVsaWV2ZSB0aGF0IGEgZGV2aWNlIGlzIHR1cm5lZCBvZmYgd2hlbiBpdCdzIG5vdC4iPjx0aXRsZSBpZD0ibWFsd2FyZWJ5dGVzLW1haW4tbG9nby10aXRsZSI-VGhlIG9mZmljaWFsIE1hbHdhcmVieXRlcyBsb2dvPC90aXRsZT48aDEgY2xhc3M9ImVudHJ5LXRpdGxlIHAtbmFtZSI-CgkJCQkJTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYJCQkJPC9oMT4 HTTP 302
https://rp4.liadm.com/j?dtstmp=1642668720682&aid=a-06kg&se=e30&duid=ff3668206ce6--01fsvaz0dq072ms1pq1s788ym0&tna=v2.3.0&pu=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&wpn=lc-bundle&c=PHRpdGxlPgoKTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYgfCBNYWx3YXJlYnl0ZXMgTGFicyAgPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTm9SZUJvb3QgaXMgYW4gaU9TIFRyb2phbiB0aGF0IHNwaWVzIG9uIHBlb3BsZSBhbmQgbWFrZXMgdXNlcnMgYmVsaWV2ZSB0aGF0IGEgZGV2aWNlIGlzIHR1cm5lZCBvZmYgd2hlbiBpdCdzIG5vdC4iPjx0aXRsZSBpZD0ibWFsd2FyZWJ5dGVzLW1haW4tbG9nby10aXRsZSI-VGhlIG9mZmljaWFsIE1hbHdhcmVieXRlcyBsb2dvPC90aXRsZT48aDEgY2xhc3M9ImVudHJ5LXRpdGxlIHAtbmFtZSI-CgkJCQkJTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYJCQkJPC9oMT4&i6=MmEwMzoxYjIwOjY6ZjAxMTo6MmU%3D&n3pc=true

Request Chain 144

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 184

https://5118230.fls.doubleclick.net/activityi;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967 HTTP 302
https://5118230.fls.doubleclick.net/activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967

Request Chain 187

https://www.pinterest.com/ct.html HTTP 302
https://www.pinterest.de/ct.html

236 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/
Redirect Chain

https://links.e.malwarebytes.com/z/qayflic8t?uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_ek=2022-01-15T16:30:40Z&bsft_mime_type=html&bsft_tv=9&bsft_lx=9
https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan...

138 KB
33 KB

465ms
226ms

Document
text/html

130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

6fd928788b7593c518b6eafd0f501a83a4ccc4d78dd87dc1f351eb05387d2b60

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Thu, 20 Jan 2022 08:51:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-pingback: https://blog.malwarebytes.com/xmlrpc.php
link: <https://blog.malwarebytes.com/wp-json/>; rel="https://api.w.org/" <https://blog.malwarebytes.com/wp-json/wp/v2/posts/53469>; rel="alternate"; type="application/json" <https://blog.malwarebytes.com/?p=53469>; rel=shortlink
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 5
x-cache-group: normal
x-frame-options: DENY
content-security-policy: frame-ancestors none;
content-encoding: br

Redirect headers

date: Thu, 20 Jan 2022 08:51:58 GMT
content-type: text/html; charset=utf-8
location: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-cache, no-store
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Content-Type
access-control-max-age: 1728000
x-request-id: 071a6961-def9-469a-9ec0-aa3b50d7d7da
x-runtime: 0.011525
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6d07105fe9274414-FRA

GET
H2 200 related-posts.css
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/related-posts/ 7 KB
2 KB 116ms
114ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/related-posts/related-posts.css?ver=20210930
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: d256a37a8296aef486aa5c129a8c4d95ab20908ce5342fd41f66bc3d62ad8d63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:33 GMT
server: nginx
etag: W/"61ba72a1-1c6e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 style.min.css
blog.malwarebytes.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 121ms
117ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 01 Sep 2021 04:05:58 GMT
server: nginx
etag: W/"612efc26-13abe"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 mediaelementplayer-legacy.min.css
blog.malwarebytes.com/wp-includes/js/mediaelement/ 11 KB
3 KB 121ms
117ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
etag: W/"5f735862-2bf8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-mediaelement.min.css
blog.malwarebytes.com/wp-includes/js/mediaelement/ 4 KB
1 KB 142ms
134ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.8.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
etag: W/"5cfaccce-105a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 prettyPhoto.min.css
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/ 19 KB
3 KB 147ms
139ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/prettyPhoto.min.css?ver=2.3.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3df56cf5e9b367ce3a1f69c52fe68655893e7443d0b9df0a8a094606775657c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:57:42 GMT
server: nginx
etag: W/"61ba72e6-4bdc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 143ms
47ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C400%2C700%2C300italic%2C400italic%2C700italic%7CBitter%3A400%2C700&subset=latin%2Clatin-ext

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5ab9d6964cc7724a61f9d71be47b962f13ab920141f8048e9fde5245ec1ebe5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 07:25:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 20 Jan 2022 08:51:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Jan 2022 08:51:59 GMT

GET
H2 200 genericons.css
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/genericons/genericons/ 28 KB
16 KB 178ms
169ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:33 GMT
server: nginx
etag: W/"61ba72a1-6e6a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 related-posts.min.js Show response
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 183ms
174ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20210930
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2256c9e5605323f852f232fd6819a02cf2cac3e04c84299e19efe83037fd8cda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:33 GMT
server: nginx
etag: W/"61ba72a1-1670"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 87 KB
31 KB 200ms
192ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
etag: W/"6048e0ac-15db1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-migrate.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 11 KB
4 KB 200ms
192ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
etag: W/"5fb4e3fe-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.prettyPhoto.min.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/ 22 KB
6 KB 337ms
330ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/jquery.prettyPhoto.min.js?ver=2.3.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ba0504cfd673e9fbf0bab2b70a67ac1bbea97891e12fc8cd3f94070f0c4898f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:57:42 GMT
server: nginx
etag: W/"61ba72e6-5955"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 underscore.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 19 KB
8 KB 337ms
330ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/underscore.min.js?ver=1.13.1
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Thu, 27 May 2021 19:33:19 GMT
server: nginx
etag: W/"60aff3ff-4a84"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 infinite-scroll.pkgd.min.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/ 25 KB
7 KB 337ms
330ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=5.8.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:57:42 GMT
server: nginx
etag: W/"61ba72e6-64e6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 front.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/js/ 26 KB
6 KB 337ms
330ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:57:42 GMT
server: nginx
etag: W/"61ba72e6-68e8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 normalize.css
cdn.jsdelivr.net/npm/normalize.css@8.0.1/ 6 KB
2 KB 46ms
21ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/normalize.css@8.0.1/normalize.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7273936
x-jsd-version: 8.0.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19155-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"17fa-f/3jQ73xCt0fBS88QwihUYDrRAQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6d071067aee14a56-FRA

GET
H2 200 style.css
www.malwarebytes.com/css/ 222 KB
34 KB 37ms
13ms Stylesheet
text/css 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/css/style.css?12-20-2016

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

106ff2dcabdf33e3a570650ebd622f534c02c6f751a8320ed879e172d767bbd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 14:26:52 GMT
server: Microsoft-IIS/10.0
age: 138
x-powered-by: ASP.NET
etag: W/"de67f948737dd71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Thu, 20 Jan 2022 08:49:40 GMT
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: ZeQuGMm0DzPcn0DYAp3LdTxGHZNW94jZOrGqLDW9WP2tn2Un2nvx4A==

GET
H2 200 style.css
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 192 KB
31 KB 282ms
275ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: de62e6565dcb19432d7f42a0d37001f82027494bc371684894ec776edb75fbd3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-2ff5d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-1.11.3.min.js Show response
www.malwarebytes.com/js/ 94 KB
33 KB 37ms
13ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:43:21 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 20 Jul 2021 23:13:40 GMT
server: Microsoft-IIS/10.0
age: 516
x-powered-by: ASP.NET
etag: W/"2cfb9e0bc7dd71:0"
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: ALqZNp7Avw4kiYgEkv4UY_CnKkS6BVdkvcWU-fC_Sw0MXIMCQdGZQQ==

GET
H/1.1 200
OK 9530a107-0af8-4204-a2c2-217efb78222b.js Show response
optanon.blob.core.windows.net/consent/ 140 KB
21 KB 146ms
35ms Script
application/x-javascript 52.239.137.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://optanon.blob.core.windows.net/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: ec442600e3c090c1171e6d0aca38073cc048af3a7a301ec06bf933da6aa65c1b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 20 Jan 2022 08:51:59 GMT
Content-Encoding: GZIP
Last-Modified: Wed, 19 Aug 2020 23:29:25 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: NyuiOqvVdJMyWTtUb2ZlDA==
ETag: 0x8D84497B6030FBF
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: 0846d8bf-601e-008a-4cda-0d62c5000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=14400
x-ms-version: 2009-09-19
Content-Length: 20591

GET
H2 200 bootstrap.js Show response
www.malwarebytes.com/js/ 74 KB
14 KB 36ms
13ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/bootstrap.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d4e61ea4aafc5da0b582e7e15077addf35379acc4b7b03df0128ed33ba589884

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:42:56 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 20 Jul 2021 22:24:55 GMT
server: Microsoft-IIS/10.0
age: 542
x-powered-by: ASP.NET
etag: W/"48ddd510b67dd71:0"
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: AMcXCLrTzfEvT_xYOlbjxAzKpl3sjg1fKPEizk_Ntibtaa3IMYgpXA==

GET
H2 200 respond.min.js Show response
www.malwarebytes.com/js/ie-fixes/ 4 KB
3 KB 36ms
14ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/ie-fixes/respond.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

6252f8d40b521387483f57b7d0c812912a1d59ce038fdde2bcf67cf920486cac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 23:10:33 GMT
server: Microsoft-IIS/10.0
age: 542
x-powered-by: ASP.NET
etag: W/"3c795171bc7dd71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Thu, 20 Jan 2022 08:42:58 GMT
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: Y117DPOM63jBiWGPzgZJGWpzgTg0WUjOiDFn-YiWqGaqJvD4R2Nbcg==

GET
H2 200 modernizr.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 17 KB
7 KB 334ms
330ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/modernizr.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: da819542692b3f1c2a667ba34eff3465a82d9756953a1446ab7d0772f9b1edd5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-434b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 nav-resize.js Show response
www.malwarebytes.com/js/ 12 KB
4 KB 36ms
14ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/nav-resize.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

93e43a00cd73303f914fe90d7be15dc032f4796891b571bf6cd9d9f36f4c91eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:43:22 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Mon, 17 May 2021 00:58:50 GMT
server: Microsoft-IIS/10.0
age: 516
x-powered-by: ASP.NET
etag: W/"f16ddcccb74ad71:0"
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: sU0110t5vwevBLDhobpQXfjCgdQl3L2X8aLx4fzPwEYa5ZJUz58NGg==

GET
H2 200 flexibility.js Show response
www.malwarebytes.com/js/ 17 KB
6 KB 52ms
30ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/flexibility.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

58c13e24cdfb6384c26836e3eac52d17701cd9d686c56ebf93efbbe9426f8cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 23:13:07 GMT
server: Microsoft-IIS/10.0
age: 653
x-powered-by: ASP.NET
etag: W/"4d1ec7ccbc7dd71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Thu, 20 Jan 2022 08:41:06 GMT
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: -rhajWcZem4o21kJnzGg-JcPtfyFrA9PIHv7fvnT1AG25YtAYHqUHw==

GET
H2 200 global.js Show response
www.malwarebytes.com/js/ 21 KB
8 KB 54ms
32ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/global.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

cabcba2fb0a11127afe1eba21cbdba800100f5a591ad7870aada8142379a955a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 05 Oct 2021 21:07:35 GMT
server: Microsoft-IIS/10.0
age: 516
x-powered-by: ASP.NET
etag: W/"a4be3752dbad71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Thu, 20 Jan 2022 08:44:08 GMT
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: UQa-jdGaF1dM-kUxsfNPNhK5JW3XWdhlKq3bfcpwA2IYTK6--Ew1bw==

GET
H2 200 xs.js Show response
www.malwarebytes.com/js/ 9 KB
3 KB 46ms
24ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/xs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

c13527e6600d478c3cd7ae449acd6813e1c7209a97c0334702ee8d1a999a3a93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 23:10:17 GMT
server: Microsoft-IIS/10.0
age: 138
x-powered-by: ASP.NET
etag: W/"f2378867bc7dd71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Thu, 20 Jan 2022 08:49:40 GMT
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: XN1VVSUmehMFTClQgVREv5pJM9_5aJeJ3Up1jP1jPDhxEu83gl2QbA==

GET
H2 200 search.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 1 KB
713 B 333ms
331ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/search.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1dc2b8fb26c1a74260a66519a2a5fdf37a938d1b43bbe4d8da7fcd652acc61b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-55e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2

200

new-nav.css
www.malwarebytes.com/css/
Redirect Chain

https://www.malwarebytes.com/css/NEW-NAV.css
https://www.malwarebytes.com/css/new-nav.css

22 KB
4 KB

22ms
21ms

Stylesheet
text/css

2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/css/new-nav.css

Requested by

Protocol

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

72622641b79819e5c8b5c0543d105a45e30f13b1a6c0b5c3701e72de5b57e427

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:15 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 22 Apr 2021 13:23:18 GMT
server: Microsoft-IIS/10.0
age: 44
x-powered-by: ASP.NET
etag: W/"55eeb1a87a37d71:0"
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: 9vJlQofTPmXnj9h_UjL4mfQ6OAt1Yc9dO73c5wPrGGxCq00R3KCzYA==

Redirect headers

date: Thu, 20 Jan 2022 08:49:41 GMT
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
server: Microsoft-IIS/10.0
age: 138
x-powered-by: ASP.NET
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
location: https://www.malwarebytes.com/css/new-nav.css
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
content-length: 167
x-amz-cf-id: WXaYa5_fIgKonE37ryFTqBYZgitRAl7Rdf8YVkjOBw3kFKd_vqJFRA==

GET
H2 200 new-nav.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 6 KB
2 KB 333ms
331ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/new-nav.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6f40db0e6f7db01d94e5b2aed5acf30d1b9aecc4a4482a5044a3cffbe5c40164

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-1725"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 call-to-action.min.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
854 B 333ms
331ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/call-to-action.min.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 523d1af6ce4ee7e7193dd9d3f8b2145f525349131492d2defc81cbd653249e1a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-616"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 arrow.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/refreshed_homepage/ 2 KB
1 KB 140ms
128ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/refreshed_homepage/arrow.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ad15e02b8d9bee31a51c502cff1977983fa2c8103b769db7ab097750f34016a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-94e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 personal-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 2 KB
1 KB 141ms
129ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/personal-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9d815528e2ed7985b63e839cbeb0b684e1fa8da87da3c1a0962b1eecfe437614

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-6f4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 pricing-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 2 KB
1022 B 141ms
129ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/pricing-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 21da5195f86350f2b52a0ee70a668d4f72542d0413b57dd84f06593e0e0f7207

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-73c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 smb.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 2 KB
1 KB 142ms
130ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/smb.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 80f0eb912943ad0deab2ad7a8125b7404b726bac65dca9e6be97b063ca490662

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-9ac"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 buy-label.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 3 KB
1 KB 204ms
192ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/buy-label.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: b569dd28a56f53339cc04cc2e251dcfb426262bd7ad60ed44cc35da0dd3b2cc6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-aa1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 mid-size.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 1 KB
1011 B 204ms
193ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/mid-size.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7e6aa30a919ae381fbcf4d4d6f970531bf513bf0847097e7927123bf032b0f09

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-5d2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 large-ent.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 2 KB
1 KB 205ms
193ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/large-ent.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5d09ea31b4f26497480482f539fdc221990ae192c8b8be5002f4f2b9bef26876

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-7bd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 call.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 2 KB
1 KB 205ms
194ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/call.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: e2adf740376f608d5a3b6977b793a5e1c92c4de9e0a792921b8e24476e56c9ed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-679"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 partner-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 4 KB
2 KB 209ms
198ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/partner-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f8869aa9427c07872b91f3bb5485a65a0e389302f54ad6fe1b684c59d97d154a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-116b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 optimus-systems.webp
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/partners/ 2 KB
2 KB 213ms
202ms Image
image/webp 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/partners/optimus-systems.webp
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8528b83134ef333f8b4f3b722f422569b5121e6fa817c9942bcbb91f5f61ea93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-728"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1832

GET
H2 200 rsa2021.jpg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 27 KB
28 KB 222ms
211ms Image
image/jpeg 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/rsa2021.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8a849c6ffa64946fefa17e874080dea467783d0e20857bbfbb23480739625648

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-6d66"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 28006

GET
H2 200 watch-personal-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 1 KB
830 B 228ms
218ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/watch-personal-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: fa07bfad3039513f81cc0551de10a79c7c823bce84a5fbfba5a547f96479a367

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-4f9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 watch-business-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 1 KB
824 B 229ms
218ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/watch-business-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 361aabb783830d45d3de5f19c4fe47d295e11518fb0279dd99d589eea8d43319

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-504"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 privacy.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 4 KB
2 KB 230ms
220ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/privacy.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0d8ac30d9520ce94e0246020e4bff9b6fea04f92ac0b5f09c7346104b9f5772a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-10a3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 search.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 296 B
438 B 230ms
220ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/search.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8f796d398e512c5d19a2fecc943d19a204927ff3cf9ec2cb3f75a025535268cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-128"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 global_mwb.min.js Show response
www.malwarebytes.com/js/ 21 KB
7 KB 30ms
17ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/global_mwb.min.js?v=34556

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e39a61e62de49ec594437288cb8f6cfd581f14212f9782b5dec6ece2a685ad87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:49:40 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 14 Dec 2021 22:05:38 GMT
server: Microsoft-IIS/10.0
age: 138
x-powered-by: ASP.NET
etag: W/"ae1feb936f1d71:0"
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: 5ZX0eHjTmTaqfERPwUWFNvW2uxrMwvHWydBCg5Ue_qc5yxe4Hj9VMg==

GET
H2 200 user.min.js Show response
www.malwarebytes.com/js/personalization/ 2 KB
1 KB 34ms
19ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/personalization/user.min.js?v=141053055

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

570361e321c60495aef57d5abf5762eeef6f243032a773f62feb59a3e787462b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 18 Jan 2022 22:10:46 GMT
server: Microsoft-IIS/10.0
age: 138
x-powered-by: ASP.NET
etag: W/"fb66193eb8cd81:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Thu, 20 Jan 2022 08:49:41 GMT
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: ps50ITAsPtU7P56u-JGU3Ei3bcvqqhs1f03IbVucf5CPPIsbaSwi-w==

GET
H2 200 styles.promobanners.min.css
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/ 3 KB
1019 B 127ms
112ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/styles.promobanners.min.css
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a6453b0bf49115380414b0823f6b4c5e699b7d0ea86bd6ce1ca6aad56e24e394

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-a76"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 close.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 868 B
708 B 231ms
220ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/close.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4f7da1e8c51daecdde094d37ad6ed35f3f70a3a0026d7df53cc88e4533a69f87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-364"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 promo-banner.min.js Show response
www.malwarebytes.com/components/promo-banner/ 821 B
1 KB 291ms
276ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/components/promo-banner/promo-banner.min.js?v=277391195

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

0ed94f0c2bd4beed5fc6c2ae298f572ecaea4be7d16dcc45265b524b29709573

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
etag: "3488534af7d81:0"
last-modified: Tue, 11 Jan 2022 17:18:46 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: FRA56-P2
x-powered-by: ASP.NET
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 821
x-amz-cf-id: 0thUG8QkpaAE1qH1Fu3uW_qcPXnAeNJzMJjFdk7aQGF9GxJIMusfHg==

GET
H2 200 nodiscountcountries.js Show response
www.malwarebytes.com/js/ecommerce/ 499 B
897 B 34ms
19ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/ecommerce/nodiscountcountries.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

7961789aed44f7b97f6f755bfae322b38dd398de4a1022821c7be836a47f01f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:15 GMT
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
etag: "996235a7cf0d71:0"
last-modified: Mon, 13 Dec 2021 23:49:16 GMT
server: Microsoft-IIS/10.0
age: 44
x-powered-by: ASP.NET
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 499
x-amz-cf-id: r5FtXqoJb0prNtzfRd9t5hbqYzN61zpCtdjDv_bLIa4Go5XPSXc7Ww==

GET
H2 200 Untitled-design-16-900x506.png
blog.malwarebytes.com/wp-content/uploads/2022/01/ 350 KB
350 KB 237ms
227ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2022/01/Untitled-design-16-900x506.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ffff1e98c43cb9453e53709e79e16421d9ae371e2b9812e191f81189fb78d3c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Thu, 06 Jan 2022 16:48:55 GMT
server: nginx
etag: "61d71d77-57758"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 358232

GET
H2 200 wp-emoji-release.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 18 KB
5 KB 259ms
250ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 08 Jun 2021 22:15:12 GMT
server: nginx
etag: W/"60bfebf0-4705"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 labs-nav.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 493 B
413 B 128ms
113ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/labs-nav.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 19333622f176d68bc17e307d8df96b15447864fbb0bbaac495e507fa64d96077

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-1ed"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 contributors.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 910 B
743 B 259ms
250ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/contributors.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6429fe0ed81fca5f6bb18cb0a0aacae3bd9de79192635aeed4cbda438139d75d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-38e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 threat-center.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 2 KB
852 B 259ms
250ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/threat-center.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 32d4b293bb7f25a21cc44e81184d4bbcb3bdd1837e026b98ed0ad85b3b1a5292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-812"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 podcast.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 3 KB
1 KB 259ms
250ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/podcast.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c2b61a7c5b7861eb46842ccf373e2524d90d14034f5d56e92ad50f27756156b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-bc7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 glossary.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 760 B
654 B 259ms
251ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/glossary.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: b4e6efb587f3fdfb8155148201d0c51ac95d249a6727e8256acdfe624ade69af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-2f8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 scams.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 842 B
698 B 258ms
251ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/scams.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05a173cb58022e81eb499529ac56df6ad7bafe1c61b8128dca8b76f300b5b60e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-34a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 write.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 615 B
585 B 258ms
251ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/write.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a6a97c4046257c7e4e063c9f76434c7ce2c1f105e46b07424fabfc054f2d4d24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-267"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ic-pin-map.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 1 KB
821 B 258ms
251ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ic-pin-map.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 928759d761adf61723feb7a9affc2b058cc9d5044831da66fcadd823e265ab1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-45a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 world.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 4 KB
2 KB 258ms
251ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/world.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05369fa3ab175c5ba5e63b7c60a872a64f82ddcb1de6a950d73004ed25930e69

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-1019"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 swiper-bundle.css
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/ 14 KB
4 KB 129ms
115ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/swiper-bundle.css?ver=10.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 78e3802122f7016333437f9908ad30173eb681234d9ed7ebd74490abc525c8b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:33 GMT
server: nginx
etag: W/"61ba72a1-375b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jetpack-carousel.css
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/ 23 KB
5 KB 132ms
118ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.css?ver=10.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5b06b85bdf477d92de6f3c9e7c037b4d679f0b17bb633ca659c50bd630f29d09

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:33 GMT
server: nginx
etag: W/"61ba72a1-5bf6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 comment_count.js Show response
blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
620 B 132ms
119ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:28 GMT
server: nginx
etag: W/"61ba729c-379"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 comment_embed.js Show response
blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
703 B 133ms
119ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.22
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 556172885a172763c715eace05597d5575ee4d4f2df6b61d723f4666b0a730a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:28 GMT
server: nginx
etag: W/"61ba729c-4d0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 23 KB
7 KB 46ms
6ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js?ver=202203
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Thu, 02 Apr 2020 15:50:36 GMT
server: nginx
etag: W/"5e8609cc-5dea"
content-type: application/javascript
cache-control: max-age=604800
expires: Thu, 27 Jan 2022 08:51:59 GMT

GET
H2 200 wpgroho.js Show response
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/ 2 KB
1021 B 133ms
120ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=10.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:33 GMT
server: nginx
etag: W/"61ba72a1-7a1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 imagesloaded.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 5 KB
2 KB 133ms
120ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
etag: W/"5ee520a7-15fd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 masonry.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 24 KB
8 KB 136ms
122ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
etag: W/"5ee520a7-5e4a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.masonry.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 2 KB
915 B 140ms
127ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
server: nginx
etag: W/"57b604a2-71b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 functions.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
1 KB 132ms
119ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/functions.js?ver=2013-07-18
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9fcb181721162ce0d395b7b9b1e5bb5ca82c5f79bde749d4d0467ec2e65fcb4a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-8f9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-embed.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 1 KB
947 B 133ms
120ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/wp-embed.min.js?ver=5.8.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
etag: W/"5ff5d754-592"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jetpack-carousel.min.js Show response
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/carousel/ 24 KB
8 KB 139ms
126ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=10.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 95f35047b87b34c7d442d8244762cb17accc58b1c6eab3522d33f38de4b20487

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 22:56:33 GMT
server: nginx
etag: W/"61ba72a1-5f32"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 standard-search-results-footer.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
772 B 139ms
127ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/standard-search-results-footer.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1532b16aa9cd1fef51c097aaf1abeac6cb6f239b026660e7105e49f4ae6549ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-704"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK optanon.css
optanon.blob.core.windows.net/skins/6.4.0/default_flat_bottom_two_button_white/v2/css/ 23 KB
6 KB 34ms
34ms Stylesheet
text/css 52.239.137.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://optanon.blob.core.windows.net/skins/6.4.0/default_flat_bottom_two_button_white/v2/css/optanon.css
Requested by: Host: optanon.blob.core.windows.net
URL: https://optanon.blob.core.windows.net/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 20 Jan 2022 08:51:59 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Aug 2020 04:48:01 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: E062TbpGx6vwVsuuNM/jFw==
ETag: 0x8D83F440F482A65
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: 0846d949-601e-008a-47da-0d62c5000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 5561

GET
H2 200 EU Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 32 B
256 B 68ms
30ms Script
text/javascript 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery111305472497807771868_1642668719661&_=1642668719662

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6d07106a7e1b4e0d-FRA
content-length: 32

GET
H2 200 Locator-Light.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 29 KB
29 KB 121ms
121ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-Light.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ed2491fc7526ff0b5cfec3fe6f4cf8153796520fc845b735286b0f42183da98a

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-7330"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 29488

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 290 KB
90 KB 142ms
47ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

56abf2a0b03d5f31053efb36cb548e05793f98367ae92efd2d33e83eeb5216a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91634
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 20 Jan 2022 08:51:59 GMT

GET
H2 200 box-link-rings-personal.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/ 1 KB
813 B 253ms
251ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/box-link-rings-personal.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2409f262a4b65de1c6867ad7d607898380900587b69a60b881a9b888bd53e625

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-52c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 Graphik-Light.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 132 KB
132 KB 251ms
251ms Font
application/octet-stream 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Light.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 30b410ec60b2dda5e521206ed5b3a9318922f62828db7409240f047f21593bcc

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-20e60"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 134752

GET
H2 200 Graphik-Medium.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 134 KB
135 KB 251ms
251ms Font
application/octet-stream 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Medium.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a7d4e6165ce4042167fcaaa0623eab885d6992458eb05c4fc74184cee79a9eb3

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-219c0"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 137664

GET
H2 200 Graphik-Regular.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 128 KB
128 KB 251ms
251ms Font
application/octet-stream 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Regular.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f575112df5398271c1f04b48a995ccc6e17d69730e37304078178d46781152da

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-20084"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 131204

GET
H2 200 Locator-Medium.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 29 KB
29 KB 251ms
250ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-Medium.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a52bbdb7b132e850fdaf5740012fcc0bc3f6ef0be520bc4b987d8761d40d015a

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-734c"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 29516

GET
H2 200 socicon.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 20 KB
20 KB 251ms
251ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/socicon.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0ed37960a59a6ec6b443f9ef043864d09a51db6fd276ae578d9166467bf986d1

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:51:59 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-4ff8"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 20472

GET
H2 200 wai.gif Show response
genesis.malwarebytes.com/api/v1/ 436 B
598 B 307ms
107ms XHR
application/json 54.208.225.246
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.malwarebytes.com/api/v1/wai.gif
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/global_mwb.min.js?v=34556
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.225.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-208-225-246.compute-1.amazonaws.com
Software: /
Resource Hash: b0d78148b9ab75681bf8638664351d2a901c1dfdc5a77940a2007f8be0f77538

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 20 Jan 2022 08:52:00 GMT
content-length: 436
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H/1.1 200
OK ip.json Show response
api.demandbase.com/api/v2/ 444 B
1 KB 161ms
100ms XHR
application/json 18.66.248.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.demandbase.com/api/v2/ip.json?key=5527c2aa519592df7d44a24d0105731b

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-52.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

c3e093146fad0e34b98a7b0f9e57fbe4ef571abfff63b3af50689b20f8718a41

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
Identification-Source: CENTRAL
X-Amz-Cf-Pop: DUS51-P1
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Access-Control-Max-Age: 7200
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Request-ID: a5122153-d5ca-442f-8e05-d71bee7fc64e
Content-Encoding: gzip
Pragma: no-cache
Access-Control-Allow-Origin: https://blog.malwarebytes.com
Server: nginx
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Vary: Accept-Encoding, Origin
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json;charset=utf-8
Via: 1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
Access-Control-Expose-Headers
Connection: keep-alive
Access-Control-Allow-Credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
Api-Version: v2
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Amz-Cf-Id: 8TdNJstoxANUEqWpeCp0rHX7nS-rnzWe_Tl6pBYAo1LvlrYeQ51XMw==
Expires: Wed, 19 Jan 2022 08:52:00 GMT

GET
H2 200 Locator-LightItalic.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 30 KB
30 KB 116ms
116ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-LightItalic.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ad2cc26b0fdde8f4eb637ed12b25364e85af0bfba227dad42cb997ff4ad23eeb

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: "61d4c582-7888"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 30856

GET
H2 200 g_8JVUVLxTk Show response
www.youtube.com/embed/ Frame BB1F 60 KB
25 KB 195ms
104ms Document
text/html 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

001e7c5308cffd02033dc299d64b21c013eec7980b3008b68c89749b011852f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 20 Jan 2022 08:52:00 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
report-to: {"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 zecops-persistence-noreboot-600x555.png
blog.malwarebytes.com/wp-content/uploads/2022/01/ 82 KB
82 KB 118ms
118ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2022/01/zecops-persistence-noreboot-600x555.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: aee1359e4fcc53f0a7918574ba627e0ca6c6e61bb75262214d53802a68554593

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
last-modified: Thu, 06 Jan 2022 13:43:04 GMT
server: nginx
etag: "61d6f1e8-1479c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 83868

GET
H2 200 zecops-spinny-wheel-600x172.png
blog.malwarebytes.com/wp-content/uploads/2022/01/ 42 KB
42 KB 126ms
126ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2022/01/zecops-spinny-wheel-600x172.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f898c8113b802725b5b95b896301d5f763b7ff5d8ef54dd0a1195e5cb0349a36

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
last-modified: Thu, 06 Jan 2022 14:25:28 GMT
server: nginx
etag: "61d6fbd8-a8a6"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 43174

GET
H2 200 f7ebd803bc18a18cd5f945f7148298b1
secure.gravatar.com/avatar/ 12 KB
12 KB 7ms
6ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f7ebd803bc18a18cd5f945f7148298b1?s=96&d=identicon&r=g
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: c41517c93c6eb23ffc0a81503d8ed79cab09157c5f9b7b335d20bd974ed9a2a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 08:52:00 GMT
last-modified: Tue, 04 Apr 2017 14:57:08 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f7ebd803bc18a18cd5f945f7148298b1.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f7ebd803bc18a18cd5f945f7148298b1?s=96&d=identicon&r=g>; rel="canonical"
content-length: 12028
expires: Thu, 20 Jan 2022 08:57:00 GMT

GET
H2 200 instagram_icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 5 KB
2 KB 119ms
119ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/instagram_icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5b62da3ed3fe1c94582c2a75526716000f7361ff70c0cc41aae4ee8212735c3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-1225"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ic-search.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 601 B
604 B 119ms
119ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ic-search.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: d6f36a088f7c6dc6459a02c048b23e2407bf38a5249ecbc9547be2fce143f63a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: br
last-modified: Tue, 04 Jan 2022 22:09:06 GMT
server: nginx
etag: W/"61d4c582-259"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 278ms
71ms Script
application/x-javascript 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=28584
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 28ms
9ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

16c13044cedc5c7482ad7db51913c164ffabc787ec5b6b0246acfec84cd6d01b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26187
x-xss-protection: 0
pragma: public
x-fb-debug: gU+mCFtohdZwcpX6LE3Lt6BEJ+ho2n8Q1hizLPvhfXFp2Bm/euMHAbbS3/DxsLgDicF8+KY7D6AH0a9vRZfphQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 20 Jan 2022 08:52:00 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 129ms
38ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6654
date: Thu, 20 Jan 2022 07:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 20 Jan 2022 09:01:06 GMT

GET
H2 200 HWyTnY16.min.js Show response
scripts.demandbase.com/ 60 KB
16 KB 36ms
12ms Script
application/javascript 18.66.112.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://scripts.demandbase.com/HWyTnY16.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-121.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

16f961e4eedc84409f706d7043ec879d9a7783c6f317640b0d97a73e98e9e8ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: IE5IzYwU4gx7oNbzFWwbL4ZS6nSJjwBv
content-encoding: gzip
etag: W/"c890c8c9866d4d0ee9b287e7db203091"
age: 1544
x-cache: Hit from cloudfront
vary: Accept-Encoding
last-modified: Tue, 08 Dec 2020 23:24:47 GMT
server: AmazonS3
date: Thu, 20 Jan 2022 08:26:16 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: rGhaUBp2efYsZVJISo1Inx-v0mB26ZJ02SuZCJJUKFcouAjYEOQ0PQ==

GET
H2 200 web-vitals.umd.js Show response
unpkg.com/web-vitals@1.1.0/dist/ 4 KB
2 KB 43ms
21ms Script
application/javascript 2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8750052
fly-request-id: 01FHPJ8KE2MXBY6D10158EXMPT
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1060-9qPq4bqeRCeFWudNuS98Bp0PQDY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6d07106e291d702d-FRA

GET
H2 200 a-06kg.min.js Show response
b-code.liadm.com/ 26 KB
10 KB 31ms
9ms Script
application/javascript 2600:9000:225e:ca00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-06kg.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ca00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ZIO-Http /
Resource Hash: c86a4ff5993b96a3a497952d1542fe93d46efdda55c98da63843694d4da41af7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 21:17:49 GMT
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
server: ZIO-Http
age: 41651
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-pop: FRA60-P4
content-encoding: gzip
x-amz-cf-id: I1eB_INsyPntIVQ7O-Rth4A-PkmaXObWqn8nzKZPPZMLrpMt4N8Mbw==

GET
H/1.1 200
OK count.js Show response
malwarebytesunpacked.disqus.com/ 1 KB
2 KB 25ms
8ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/count.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 287
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Jan 2022 16:09:39 GMT
Server: nginx
ETag: "61e837c3-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW3-C1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: gdf2blOoBs2zPle4nyDjWtsFRAZkBzYRuyM-ldO1FlPya7jDNXMORQ==

GET
H/1.1 200
OK embed.js Show response
malwarebytesunpacked.disqus.com/ 74 KB
24 KB 35ms
19ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/embed.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.22

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

dcfdce51b194eeb3dd58cd5c1bb69184a948100fee91743aa61185ea0afc30a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
Content-Encoding: gzip
Server: openresty
Age: 3
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24548
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 wai.gif Show response
genesis.malwarebytes.com/api/v1/ 436 B
597 B 99ms
99ms XHR
application/json 54.208.225.246
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.malwarebytes.com/api/v1/wai.gif
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.225.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-208-225-246.compute-1.amazonaws.com
Software: /
Resource Hash: b0d78148b9ab75681bf8638664351d2a901c1dfdc5a77940a2007f8be0f77538

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 20 Jan 2022 08:52:00 GMT
content-length: 436
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2 200 / Show response
blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/ 138 KB
33 KB 122ms
121ms XHR
text/html 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20210930

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

6fd928788b7593c518b6eafd0f501a83a4ccc4d78dd87dc1f351eb05387d2b60

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
x-requested-with: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pingback: https://blog.malwarebytes.com/xmlrpc.php
date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: br
x-cacheable: SHORT
server: nginx
x-frame-options: DENY
x-powered-by: WP Engine
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-cache: HIT: 6
content-type: text/html; charset=UTF-8
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
link: <https://blog.malwarebytes.com/wp-json/>; rel="https://api.w.org/", <https://blog.malwarebytes.com/wp-json/wp/v2/posts/53469>; rel="alternate"; type="application/json", <https://blog.malwarebytes.com/?p=53469>; rel=shortlink
x-cache-group: normal

GET
H2 200 pillarpages.json Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 100 B
413 B 225ms
225ms XHR
application/json 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/pillarpages.json

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

7e9bcd405af64ba784d4ead6dba8ed5c146a22c5bb6f264e756e3ded19a6fb6f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
vary: Accept-Encoding,Cookie
last-modified: Thu, 20 Jan 2022 08:51:15 GMT
server: nginx
x-cacheable: SHORT
x-powered-by: WP Engine
etag: W/"64-5d5ff9adbce45"
x-frame-options: DENY
x-cache: HIT: 22
content-type: application/json
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
accept-ranges: bytes
content-length: 100
x-cache-group: normal

GET
H2 200 intl-sites.json Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 890 B
630 B 225ms
225ms XHR
application/json 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/intl-sites.json

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

728054ccf1f41ec0afdb688b6db421601bb60d505d9e1e2c2de16d9e4a14b774

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
last-modified: Thu, 20 Jan 2022 08:50:22 GMT
server: nginx
x-cacheable: SHORT
x-powered-by: WP Engine
etag: W/"37a-5d5ff97bca60c"
x-frame-options: DENY
x-cache: HIT: 41
content-type: application/json
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
x-cache-group: normal

GET
H2 200 hovercard.min.css
secure.gravatar.com/dist/css/ 8 KB
2 KB 7ms
7ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/hovercard.min.css?ver=202203
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202203
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: br
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
server: nginx
etag: W/"5fac09d6-1e86"
content-type: text/css
cache-control: max-age=604800
expires: Thu, 27 Jan 2022 08:52:00 GMT

GET
H2 200 services.min.css
secure.gravatar.com/dist/css/ 3 KB
582 B 7ms
7ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/services.min.css?ver=202203
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202203
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: br
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
server: nginx
etag: W/"5ab37b5c-a54"
content-type: text/css
cache-control: max-age=604800
expires: Thu, 27 Jan 2022 08:52:00 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
823 B 30ms
8ms Script
application/javascript 2a02:26f0:1700:786::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:786::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a85ea540e774d24b3472a92b0e69b48634c76af3a0dfce7d10ed473163285984

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
content-encoding: gzip
x-cdn: akamai
etag: "b994f61922eded883a63a8a3d9ec54c1"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
accept-ranges: bytes
content-length: 584
access-control-expose-headers: X-CDN

GET
H2 200 demandbase-forms.js Show response
www.malwarebytes.com/js/ 3 KB
1 KB 10ms
8ms Script
application/javascript 2600:9000:223c:6e00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/demandbase-forms.js?d=2020-02-04-15-03-08--0800

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:6e00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:38:08 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 20 Jul 2021 23:12:41 GMT
server: Microsoft-IIS/10.0
age: 832
x-powered-by: ASP.NET
etag: W/"178b70bdbc7dd71:0"
strict-transport-security: max-age=63072000
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: d6sX2KxoxvAUoP3MunyATPeIe1_89bIhQgwAhpuo2M-r4Bdr8WxO4g==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 49ms
48ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-930356311

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

582b676c74e7976221db49e0d0ee4a5b0cbdbf77f9cce9131aa5133ec3492b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39932
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 20 Jan 2022 08:52:00 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/64fab857ca52427587d3bd14a8d437b7/ 43 B
425 B 396ms
98ms Image
image/gif 18.205.51.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/64fab857ca52427587d3bd14a8d437b7/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.205.51.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-51-212.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,6b516a3c89f83f4f3308ee6477350a85,10.0.0.198,42822,185.213.155.162,,141658174350,1,1642668720.862,0.001,,.,0,0,0.000,0.000,-,0,0,197,231,115,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 www-player-webp.css
www.youtube.com/s/player/2b718ca6/ Frame BB1F 340 KB
47 KB 39ms
38ms Stylesheet
text/css 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/2b718ca6/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3347be09e14b684dad1ea6d9817e34fd36e10bd4c4f0914daa054932344c1d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54913
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47664
x-xss-protection: 0
last-modified: Wed, 19 Jan 2022 01:22:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 19 Jan 2023 17:36:47 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/2b718ca6/www-embed-player.vflset/ Frame BB1F 273 KB
84 KB 75ms
74ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/2b718ca6/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e8a3989b219973b8be975160717142ea7233989f5be268d2f0067d295559fd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:37:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85800
x-xss-protection: 0
last-modified: Wed, 19 Jan 2022 01:22:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 19 Jan 2023 17:37:56 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/ Frame BB1F 2 MB
537 KB 136ms
136ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96f64f19c7e878d8f04b58675912e11937649c92cbd1ac33280d77e263daabc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:45:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54399
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 549455
x-xss-protection: 0
last-modified: Wed, 19 Jan 2022 01:22:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 19 Jan 2023 17:45:21 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/2b718ca6/fetch-polyfill.vflset/ Frame BB1F 8 KB
3 KB 142ms
142ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/2b718ca6/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:37:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Wed, 19 Jan 2022 01:22:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 19 Jan 2023 17:37:56 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 07:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 20 Jan 2022 08:52:53 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BB1F 15 KB
16 KB 134ms
39ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 143119
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 18 Jan 2023 17:06:41 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 444 B
951 B 119ms
68ms XHR
application/json 18.64.79.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&page_title=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%20%7C%20Malwarebytes%20Labs&src=tag&key=5527c2aa519592df7d44a24d0105731b
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/HWyTnY16.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.79.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-79-84.txl50.r.cloudfront.net
Software: nginx /
Resource Hash: c3e093146fad0e34b98a7b0f9e57fbe4ef571abfff63b3af50689b20f8718a41

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: TXL50-P2
x-cache: Miss from cloudfront
request-id: 49ae8041-e0b0-4a4a-9691-dc7fc8ce222f
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://blog.malwarebytes.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 97d0bbf6e879b5cbfab87acc7ccd4218.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HqwlCjxCy95oJhk27yHUPK6OIo_u4LKUo-3r6lT-9JYMz0RNM5AkoQ==
expires: Wed, 19 Jan 2022 08:52:00 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AHr7Z07D0kUAAEtrjHsDFQ
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AHr7Z07D0kUAAEtrjHsDFQ&verifyHash=d6a3805a7e47166cf5e2a3f11169780d77748da3

26 B
409 B

98ms
97ms

Image
image/gif

52.222.214.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AHr7Z07D0kUAAEtrjHsDFQ&verifyHash=d6a3805a7e47166cf5e2a3f11169780d77748da3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: HTTP/1.1
Server: 52.222.214.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-93.fra56.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:01 GMT
Via: 1.1 740769d10d5ef217a54d33b1ec64faf4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P3
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 342d3d538fd3b5d0
X-Amz-Cf-Id: MN-U7Zy-WKyZa5H-33OoFhHcwrnU-ggi9ojjs2DBPW6ls-rkgxK9Bg==

Redirect headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
Via: 1.1 740769d10d5ef217a54d33b1ec64faf4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P3
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AHr7Z07D0kUAAEtrjHsDFQ&verifyHash=d6a3805a7e47166cf5e2a3f11169780d77748da3
Connection: keep-alive
trace-id: d89a5b8d5844e590
Content-Length: 0
X-Amz-Cf-Id: 1NY7NINwL-hR0JgJCY2ee0pjBu0d91yUuNxYonzhImtr_47ysZo5lw==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 59ms
24ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H3 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 23ms
9ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.49

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 20661
x-xss-protection: 0
pragma: public
x-fb-debug: zuQevU8DtmFMLx8VIjOZfd/m0GxDSHCTM6RqDPUpgnLsiU5i0TWIyKWfR0ZJlmuy/B1vqG1kmy+1G022aFijow==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 20 Jan 2022 08:52:00 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1480959392203028 Show response
connect.facebook.net/signals/config/ 306 KB
88 KB 24ms
10ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1480959392203028?v=2.9.49&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b14c2ce45cd99008790a246e2ec2b0647b16a9e5b4c07bf92e5051212b526dff

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89698
x-xss-protection: 0
pragma: public
x-fb-debug: QYxmPZEeaOstJ2UKbijgv3HTFfGy4oV60mEiUNnhtlurozjU1DiVXEBNRBiEiHfyRV6uxEMGFQ9aOebC4qbgYw==
x-frame-options: DENY
date: Thu, 20 Jan 2022 08:52:00 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 55ms
12ms Other
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3749093
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26065
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-65d1"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: AnIklBxG3VgSjQDuvGTpM0dsJCHlMJlXn2Ib1dd5DBtahiyrJw8B1g==
x-cache-hits: 0

GET
H2 200 common.bundle.d53d00706a584180a3368c8e414318a7.js
c.disquscdn.com/next/embed/ 0
93 KB 62ms
21ms Other
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 20 Dec 2021 21:46:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2631954
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94734
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 20 Dec 2021 21:29:18 GMT
server: nginx
etag: "61c0f5ae-1720e"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Tue, 20 Dec 2022 21:46:06 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: r0ImhMnMLdAw8hXIiv4ph4I_7xH3feDu7n9U1Lb9fAiM5KnDQ8ISqg==
x-cache-hits: 0

GET
H2 200 lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js
c.disquscdn.com/next/embed/ 0
121 KB 75ms
35ms Other
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 05 Jan 2022 20:30:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1254106
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 122875
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 05 Jan 2022 19:53:04 GMT
server: nginx
etag: "61d5f720-1dffb"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Thu, 05 Jan 2023 20:30:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: eSbwbREP7EZIFq6_wT7f4Jmf0MmusYwZa7SnzD3PrNcAIGok0BFRsQ==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
15 KB 35ms
11ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 52
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14720
X-XSS-Protection: 1; mode=block

GET
H2 200 main.4fd9fcbb.js Show response
s.pinimg.com/ct/lib/ 55 KB
19 KB 9ms
9ms Script
application/javascript 2a02:26f0:1700:786::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.4fd9fcbb.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:786::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5955908348c9dc49badb9b08e2448d49db335f16720edaf1bf6cbe67692129ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: gzip
x-cdn: akamai
etag: "ee862b07a016793ba80ef67b90f043d5"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 19222
access-control-expose-headers: X-CDN

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 38 KB
15 KB 148ms
55ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-930356311

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

0ce5d039d3e58fc10808f0695156d2bd99daae7791d26cc5dfc569154b5e0b22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14846
x-xss-protection: 0
server: cafe
etag: 1633785920527017951
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 20 Jan 2022 08:52:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1642668720620%26url%3Dhttps%253A%252F%252Fblog.malwarebytes.com%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appear...

0
156 B

408ms
189ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%3D%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&liSync=true&e_ipv6=AQLsr-qQUB_9ZQAAAX52r4TWMSdxNZShDQYS9Sfgpotaq29ue4P5_zwMPpYABGpIsQHDUcvM
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: 5LQwzX/uyxbQR5458SoAAA==

Redirect headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 91B30C91F7904E88BAE0F61AAEB3F490 Ref B: VIEEDGE2918 Ref C: 2022-01-20T08:52:01Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1642668720620&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%3D%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&liSync=true&e_ipv6=AQLsr-qQUB_9ZQAAAX52r4TWMSdxNZShDQYS9Sfgpotaq29ue4P5_zwMPpYABGpIsQHDUcvM
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXV/52eromfig3Q/a02lA==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
446 B 69ms
20ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3347303-10&cid=377775517.1642668721&jid=1330327442&uid=FFFBC6F6-C700-4CFC-B25C-044DAF20D322&gjid=234594829&_gid=1222576018.1642668721&_u=aGBAgEAjAAAAAE~&z=1586430520

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 20 Jan 2022 08:52:00 GMT
content-type: text/plain
access-control-allow-origin: https://blog.malwarebytes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 47ms
47ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1453414673&t=pageview&_s=1&dl=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&ul=en-us&de=UTF-8&dt=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%20%7C%20Malwarebytes%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgEAj~&jid=1330327442&gjid=234594829&cid=377775517.1642668721&uid=FFFBC6F6-C700-4CFC-B25C-044DAF20D322&tid=UA-3347303-10&_gid=1222576018.1642668721&gtm=2wg1c0MKSKW3&z=668373082

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 17:30:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55281
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 519 B
761 B 63ms
37ms XHR
application/json 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%2C%22gtm_aem_configs%22%3A%5B%22em%22%5D%7D&cb=1642668720647
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.4fd9fcbb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8eaf1a8091eda3e365c041e5c4782ad56044ecab9e926dc4f35766207054500a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: gzip
referrer-policy: origin
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.malwarebytes.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
pin-unauth: dWlkPVlUQTVOVFl5WXpBdE5XRTNPQzAwTURVMUxXSTBaVFF0TTJVM1pXVmxZVGc0WlRneg
x-pinterest-rid: 7039865874476295
x-envoy-upstream-service-time: 0
access-control-allow-credentials: true
content-length: 375
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 42ms
13ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1480959392203028&ev=PageView&dl=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&rl=&if=false&ts=1642668720668&sw=1600&sh=1200&v=2.9.49&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=30&fbp=fb.1.1642668720667.649305846&it=1642668720580&coo=false&tm=1&exp=p1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:00 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 20 Jan 2022 08:52:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
96 B 41ms
38ms Image
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%2C%22gtm_aem_configs%22%3A%5B%22em%22%5D%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%224fd9fcbb%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1642668720670
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:00 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
x-pinterest-rid: 1691180592314654
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1642668720682&aid=a-06kg&se=e30&duid=ff3668206ce6--01fsvaz0dq072ms1pq1s788ym0&tna=v2.3.0&pu=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malw...
https://rp4.liadm.com/j?dtstmp=1642668720682&aid=a-06kg&se=e30&duid=ff3668206ce6--01fsvaz0dq072ms1pq1s788ym0&tna=v2.3.0&pu=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-mal...

13 B
568 B

304ms
101ms

XHR
application/json

34.238.14.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1642668720682&aid=a-06kg&se=e30&duid=ff3668206ce6--01fsvaz0dq072ms1pq1s788ym0&tna=v2.3.0&pu=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&wpn=lc-bundle&c=PHRpdGxlPgoKTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYgfCBNYWx3YXJlYnl0ZXMgTGFicyAgPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTm9SZUJvb3QgaXMgYW4gaU9TIFRyb2phbiB0aGF0IHNwaWVzIG9uIHBlb3BsZSBhbmQgbWFrZXMgdXNlcnMgYmVsaWV2ZSB0aGF0IGEgZGV2aWNlIGlzIHR1cm5lZCBvZmYgd2hlbiBpdCdzIG5vdC4iPjx0aXRsZSBpZD0ibWFsd2FyZWJ5dGVzLW1haW4tbG9nby10aXRsZSI-VGhlIG9mZmljaWFsIE1hbHdhcmVieXRlcyBsb2dvPC90aXRsZT48aDEgY2xhc3M9ImVudHJ5LXRpdGxlIHAtbmFtZSI-CgkJCQkJTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYJCQkJPC9oMT4&i6=MmEwMzoxYjIwOjY6ZjAxMTo6MmU%3D&n3pc=true

Requested by

Protocol

Server

34.238.14.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-14-155.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-pixel-event-id: 9565f1d2-b677-4e9a-a86b-e6bcc218997d
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
request-time: 1
vary: Origin
content-length: 13
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-origin: null
access-control-allow-credentials: true
trace-id: 9a558b0e52facaa4

Redirect headers

date: Thu, 20 Jan 2022 08:52:00 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
vary: Origin
location: https://rp4.liadm.com/j?dtstmp=1642668720682&aid=a-06kg&se=e30&duid=ff3668206ce6--01fsvaz0dq072ms1pq1s788ym0&tna=v2.3.0&pu=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&wpn=lc-bundle&c=PHRpdGxlPgoKTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYgfCBNYWx3YXJlYnl0ZXMgTGFicyAgPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTm9SZUJvb3QgaXMgYW4gaU9TIFRyb2phbiB0aGF0IHNwaWVzIG9uIHBlb3BsZSBhbmQgbWFrZXMgdXNlcnMgYmVsaWV2ZSB0aGF0IGEgZGV2aWNlIGlzIHR1cm5lZCBvZmYgd2hlbiBpdCdzIG5vdC4iPjx0aXRsZSBpZD0ibWFsd2FyZWJ5dGVzLW1haW4tbG9nby10aXRsZSI-VGhlIG9mZmljaWFsIE1hbHdhcmVieXRlcyBsb2dvPC90aXRsZT48aDEgY2xhc3M9ImVudHJ5LXRpdGxlIHAtbmFtZSI-CgkJCQkJTmV3IGlQaG9uZSBtYWx3YXJlIHNwaWVzIHZpYSBjYW1lcmEgd2hlbiBkZXZpY2UgYXBwZWFycyBvZmYJCQkJPC9oMT4&i6=MmEwMzoxYjIwOjY6ZjAxMTo6MmU%3D&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://blog.malwarebytes.com
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: b20d0ba9885450d5
request-time: 0
content-length: 0
x-content-type-options: nosniff

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 42ms
42ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1453414673&t=event&ni=1&_s=2&dl=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&ul=en-us&de=UTF-8&dt=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%20%7C%20Malwarebytes%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAgEAjAAAAAE~&jid=&gjid=&cid=377775517.1642668721&uid=FFFBC6F6-C700-4CFC-B25C-044DAF20D322&tid=UA-3347303-10&_gid=1222576018.1642668721&gtm=2wg1c0MKSKW3&cd2=(Non-Company%20Visitor)&cd3=Bot&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=Frankfurt%20am%20Main&cd12=HE&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=DE&cd18=(Non-Company%20Visitor)&z=190558189

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 17:30:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55281
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 159ms
69ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3347303-10&cid=377775517.1642668721&jid=1330327442&_u=aGBAgEAjAAAAAE~&z=1854159227

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 159ms
66ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3347303-10&cid=377775517.1642668721&jid=1330327442&_u=aGBAgEAjAAAAAE~&z=1854159227

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 0E22 58 KB
12 KB 8ms
7ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a61ef61d6c16032beefa8805690af62fe814386a01cd261af736c4912fbcf08b

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/

Response headers

Connection: keep-alive
Content-Length: 10752
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 19 Jan 2022 00:53:34 GMT
ETag: W/"lounge:view:8959024000.e9590b78d1dc36a5d5892c84635345d0.2"
Referrer-Policy: no-referrer-when-downgrade
Content-Encoding: gzip
Date: Thu, 20 Jan 2022 08:52:00 GMT
Age: 1
Vary: Accept-Encoding
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains

POST
H2 204 / Show response
ct.pinterest.com/md/ 0
197 B 52ms
36ms XHR
text/plain 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/md/
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.4fd9fcbb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.malwarebytes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:00 GMT
referrer-policy: origin
x-cdn: fastly
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1666061021880541
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 lounge.load.4474eb952b0ac3bafd98c3224c1d140c.js Show response
c.disquscdn.com/next/embed/ Frame 0E22 958 B
1 KB 32ms
9ms Script
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.4474eb952b0ac3bafd98c3224c1d140c.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6ee52eaf1db539683b3e508c5973c5b4011b86dcabd32983756482588b08ad52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
Origin: https://disqus.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 05 Jan 2022 20:30:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1254106
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 495
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 05 Jan 2022 19:53:03 GMT
server: nginx
etag: "61d5f71f-1ef"
content-type: application/javascript; charset=utf-8
via: 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
expires: Thu, 05 Jan 2023 20:30:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: TUAUdhO8RbvNMpYjAimDQcxy9a99QIoQLuW6_jCL3ZSvvw-1Lwnp5w==
x-cache-hits: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/ 3 KB
2 KB 146ms
52ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1642668720774&cv=9&fst=1642668720774&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d&tiba=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%20%7C%20Malwarebytes%20Labs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6f9e9eda5217ed7b70e7476a43ad789a2f0ca9a001135cdc1d4a13eed2d65b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1373
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 common.bundle.d53d00706a584180a3368c8e414318a7.js Show response
c.disquscdn.com/next/embed/ Frame 0E22 282 KB
93 KB 11ms
11ms Script
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.4474eb952b0ac3bafd98c3224c1d140c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f6f40e18e6522384652ca2a0159499791d93c5f72486f54b06e7ccb728cb0de5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 20 Dec 2021 21:46:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2631954
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94734
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 20 Dec 2021 21:29:18 GMT
server: nginx
etag: "61c0f5ae-1720e"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Tue, 20 Dec 2022 21:46:06 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: jVsKr7TDSltlA5K3pk0JoSBiBWKrWfZZCLgXMa4bEMSnJlTi2z_r3A==
x-cache-hits: 0

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame BB1F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

94ms
46ms

XHR
application/json

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9f2fd217a445901bad1ae575c60f3b6a335dd22713609fdcfd827205d7f546c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 20 Jan 2022 08:52:00 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame BB1F 29 B
588 B 124ms
39ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/2b718ca6/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:42:14 GMT
x-content-type-options: nosniff
age: 586
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 20 Jan 2022 08:57:14 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/ Frame BB1F 94 KB
29 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9dd21b8f0d0f7b8e688744ba7aeb0dc2d5a730d0778aa16ec6cb84cd1b9ee885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:45:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29675
x-xss-protection: 0
last-modified: Wed, 19 Jan 2022 01:22:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 19 Jan 2023 17:45:34 GMT

GET
H3 200 7e_fOZOdU3tkYVALdQ2CIIiQXA88wGzE5YsN6mGGn9U.js Show response
www.google.com/js/th/ Frame BB1F 35 KB
13 KB 100ms
50ms Script
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/7e_fOZOdU3tkYVALdQ2CIIiQXA88wGzE5YsN6mGGn9U.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edefdf39939d537b6461500b750d822088905c0f3cc06cc4e58b0dea61869fd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 06:09:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 96140
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13475
x-xss-protection: 0
last-modified: Tue, 11 Jan 2022 17:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 06:09:40 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/ Frame BB1F 26 KB
7 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2324e1cc321922f4b94b5ba9a66fb3206bab61c670f92db5264d956983cfa26d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:45:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54386
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7574
x-xss-protection: 0
last-modified: Wed, 19 Jan 2022 01:22:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 19 Jan 2023 17:45:34 GMT

GET
DATA 200
OK truncated
/ Frame BB1F 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLS1PSD0sd1rU1sL1le5zMUHaP3sbDTr7VFG2S-5=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame BB1F 2 KB
3 KB 136ms
38ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLS1PSD0sd1rU1sL1le5zMUHaP3sbDTr7VFG2S-5=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c3ecb65228fd4f5a7504dfa3c4239e2daf2a47559622bbb565738929042d93eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:18:11 GMT
x-content-type-options: nosniff
age: 2030
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2314
x-xss-protection: 0
server: fife
etag: "v5"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 03 Jan 2022 07:43:16 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/g_8JVUVLxTk/ Frame BB1F 16 KB
16 KB 136ms
39ms Image
image/webp 2a00:1450:4001:808::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/g_8JVUVLxTk/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb766d65a2b957a1c4d766cb0d98c348b8d7222abb3341ae555019bd22bde65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:50:17 GMT
x-content-type-options: nosniff
age: 104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15980
x-xss-protection: 0
server: sffe
etag: "1641376473"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 20 Jan 2022 10:50:17 GMT

GET
H2 200 lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ Frame 0E22 165 KB
26 KB 12ms
10ms Stylesheet
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3749093
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26065
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-65d1"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: hAKDjBbPJm0_rewzgDlJBgrLS9T5HtZ9mr6WiampZt8mTnxE0uqCtA==
x-cache-hits: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/930356311/ 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/930356311/?random=1642668720774&cv=9&fst=1642665600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d&tiba=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%20%7C%20Malwarebytes%20Labs&async=1&fmt=3&is_vtc=1&random=2606407453&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/930356311/ 42 B
64 B 105ms
51ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/930356311/?random=1642668720774&cv=9&fst=1642665600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d&tiba=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%20%7C%20Malwarebytes%20Labs&async=1&fmt=3&is_vtc=1&random=2606407453&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js Show response
c.disquscdn.com/next/embed/ Frame 0E22 475 KB
121 KB 18ms
17ms Script
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d5b8a226657de542d2e9b1d9d82189cad8b3ceadcc01a8f48f97fd064d4ba64a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 05 Jan 2022 20:30:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1254106
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 122875
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 05 Jan 2022 19:53:04 GMT
server: nginx
etag: "61d5f720-1dffb"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Thu, 05 Jan 2023 20:30:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: _QSrywj7pciA09gPvJ99E-MAZAW7yObBmnzCGB80VtcO-KnjIxH_8g==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 0E22 14 KB
15 KB 13ms
13ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d94422e57e4c284a83be71222e80f64c7528bf5cf18622736af461a861fbbe86

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:00 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 52
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14720
X-XSS-Protection: 1; mode=block

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame BB1F 4 KB
3 KB 163ms
73ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 08:52:01 GMT

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 0E22 3 KB
4 KB 7ms
7ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=malwarebytesunpacked&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

01e406a043d5ea27bb0f32d0cd323c4cd5e4356fb35c86f43b94231e3953dfed

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:01 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 2
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3232
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 0E22 1 KB
2 KB 7ms
7ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=8959024000&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eccfd782108d7cedecdc6c55dc800faaa9c6dde383367d30bae9f63cbd671d34

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:01 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 55
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 1131
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 0E22 2 KB
2 KB 24ms
7ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160278
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
DATA 200
OK truncated
/ Frame 0E22 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 generate_204
www.youtube.com/ Frame BB1F 0
9 B 38ms
38ms Image
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?Byrh1g
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 0E22 13 KB
13 KB 12ms
11ms Image
image/svg+xml 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 23048060
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 9tvyniy509CqSeHew63negR9HZ_aoCEa_L_5FSKs1I5QDflMGeRgZQ==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 0E22 3 KB
3 KB 10ms
9ms Image
image/gif 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 03 Feb 2021 04:58:07 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 30340434
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 27 Jan 2021 17:23:07 GMT
server: nginx
etag: "6011a17b-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Thu, 03 Feb 2022 04:58:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 71rYARyLFnE0htzlVh7zY99aUms4hUT-ildq1wHbQP5_sXexfMQs5g==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 0E22 2 KB
2 KB 10ms
10ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 19:47:48 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 10328653
x-cache: Hit from cloudfront
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 22 Sep 2021 19:30:27 GMT
server: nginx
etag: "614b8453-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 22 Sep 2022 19:47:48 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: KQV89pFetrfP3ZtDJHH693h4gAOLp_zhmeg99hoMIWtqAVkxiFLkrQ==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 0E22 8 KB
8 KB 10ms
10ms Font
application/octet-stream 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Origin: https://disqus.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:58:18 GMT
via: 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 12178423
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 24 Aug 2021 21:06:44 GMT
server: nginx
etag: "61255f64-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Thu, 01 Sep 2022 09:58:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ybb9odlPUnO9y2gS4WHzx7NFbGRqPxJM442m0jpjmVoMjeEYpXeFwQ==
x-cache-hits: 0

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 0E22 8 KB
8 KB 10ms
9ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:48:42 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 208
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-1fea"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:53:33 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: TOTIfsL40RoXVRiDzVzG6cLP_9s-8y7Kr4YaHVxjcqMvbwWMO-Y-Mw==
x-cache-hits: 0

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 0E22 9 KB
9 KB 11ms
10ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:47:43 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 259
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-22b3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:52:42 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: iPWgp_AZ_FUyl_PhuJOoIWcyIpsWH9TXR5mwzQ90IlMTXH9UCABtXQ==
x-cache-hits: 0

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 0E22 12 KB
12 KB 12ms
11ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:47:53 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 248
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-2e86"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:52:53 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: _kgoY1dFTApJS3g9Yd9SMn87UopRuvFsffXe7qED_Wr0gXADrtzmPg==
x-cache-hits: 0

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 0E22 20 KB
21 KB 13ms
13ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:49:05 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 176
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-50c3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:54:05 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 0SmuQqLyw4PKTnM-1P9UA3lUjBCPkBMbqmriyiJzKMWXdyE_Mte_fg==
x-cache-hits: 0

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 0E22 9 KB
9 KB 15ms
15ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:49:00 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 181
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-231a"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:54:00 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: skVhfI6X_JobW_nSVbNOuPzuOy6Bav9WTGNqUhASGGZfL_d-bu3ecQ==
x-cache-hits: 0

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 0E22 43 B
339 B 204ms
98ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.22&load_time=164&event=init_embed&thread=8959024000&forum=malwarebytesunpacked&forum_id=3107640&imp=2e3a1eg153sea4&thread_slug=new_iphone_malware_spies_via_camera_when_device_appears_off&user_type=anon&referrer=https%3A%2F%2Fblog.malwarebytes.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:01 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 0E22 2 KB
2 KB 8ms
8ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160278
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 7C68 0
18 B 18ms
7ms Document
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://blog.malwarebytes.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://blog.malwarebytes.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Thu, 20 Jan 2022 08:52:01 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/97/ Frame BB1F 53 KB
15 KB 87ms
40ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/97/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1a9324c503cc885e5bf568d8c5de12c34c0adc3a4990d547a4514179108badd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 14:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15488
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 15:04:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="cloudview-release"
expires: Thu, 20 Jan 2022 14:45:15 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 0E22 2 KB
2 KB 7ms
7ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160278
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 0E22 2 KB
2 KB 7ms
7ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160278
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 0E22 2 KB
2 KB 8ms
8ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160278
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 0E22 2 KB
2 KB 8ms
8ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160279
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 0E22 2 KB
2 KB 7ms
6ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160279
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 66A8 337 B
839 B 9ms
9ms Stylesheet
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 19:05:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6788812
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 02 Nov 2021 18:16:01 GMT
server: nginx
etag: "61818061-f4"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 02 Nov 2022 19:05:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: mHbAuW11UulomOjwc8ebXU1dGzDQWeFCi0QmEpItEKNkdpSCutOdDw==
x-cache-hits: 0

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 83BD 337 B
840 B 11ms
10ms Stylesheet
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 19:05:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6788812
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 02 Nov 2021 18:16:01 GMT
server: nginx
etag: "61818061-f4"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 02 Nov 2022 19:05:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: ZbUzoCcARBNi_lK6QCdSOAFX7BWYxBNg0FtAEXFW_uZOAE6gFGWIfA==
x-cache-hits: 0

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 0E22 13 KB
13 KB 12ms
12ms Image
image/svg+xml 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 23048060
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: kr9xHE1kpALSLnX8rD-uBU8eDEgywB67-gxsY5GTTUt3Mb52wkynwQ==
x-cache-hits: 0

GET
H3

200

activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967 Show response
5118230.fls.doubleclick.net/ Frame 4CF0
Redirect Chain

https://5118230.fls.doubleclick.net/activityi;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967?
https://5118230.fls.doubleclick.net/activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967?

481 B
400 B

103ms
57ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5118230.fls.doubleclick.net/activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967?

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

ffecc1558ecf46b33ea79808eac375e8bfb0bc6a5f799a3bc2ca2df96f2c50db

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jan 2022 08:52:02 GMT
expires: Thu, 20 Jan 2022 08:52:02 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 375
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jan 2022 08:52:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5118230.fls.doubleclick.net/activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK embed.js Show response
malwarebytesunpacked.disqus.com/ 74 KB
24 KB 124ms
124ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/embed.js?_=1642668719663

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

63c041fe48b6010776541e3eaf922df7c113b28186226dbe53df7eedcf8e95d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24548
Cross-Origin-Resource-Policy: cross-origin

GET
H/1.1 200
OK embed.js Show response
malwarebytesunpacked.disqus.com/ 74 KB
24 KB 139ms
139ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/embed.js?_=1642668719664

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

63c041fe48b6010776541e3eaf922df7c113b28186226dbe53df7eedcf8e95d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24548
Cross-Origin-Resource-Policy: cross-origin

GET
H2

200

ct.html Show response
www.pinterest.de/ Frame 4909
Redirect Chain

https://www.pinterest.com/ct.html
https://www.pinterest.de/ct.html

413 B
4 KB

285ms
273ms

Document
text/html

151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.de/ct.html

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.4fd9fcbb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

987c2a4c3eeff2bab184577a1b636049c8595e284178076f5eb3d52fecd6cb95

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-501d18963f83d59ac3f9ac18a3b5323a' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1029721289332129; frame-ancestors *
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/

Response headers

x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-ua-compatible: IE=edge
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
p3p: CP="This is not a P3P policy. See https://www.pinterest.com/_/_/help/articles/pinterest-and-p3p for more info."
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-501d18963f83d59ac3f9ac18a3b5323a' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1029721289332129; frame-ancestors *
content-security-policy-report-only: script-src 'nonce-501d18963f83d59ac3f9ac18a3b5323a' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
link: <https://i.pinimg.com>; rel=preconnect; crossorigin=anonymous, <https://s.pinimg.com>; rel=preconnect; crossorigin=anonymous, <https://v.pinimg.com>; rel=preconnect; crossorigin=anonymous
x-envoy-upstream-service-time: 170
content-encoding: gzip
referrer-policy: origin
x-pinterest-rid: 1029721289332129
date: Thu, 20 Jan 2022 08:52:02 GMT
vary: User-Agent, Accept-Encoding
x-cdn: fastly
pinterest-generated-by: coreapp-webapp-prod-0a03f366
pinterest-version: af00b22

Redirect headers

x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-ua-compatible: IE=edge
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
location: https://www.pinterest.de/ct.html
x-envoy-upstream-service-time: 113
content-encoding: gzip
referrer-policy: origin
x-pinterest-rid: 4269789764967636
date: Thu, 20 Jan 2022 08:52:02 GMT
vary: User-Agent, Accept-Encoding
x-cdn: fastly
pinterest-generated-by: coreapp-webapp-prod-0a011ca2
pinterest-version: af00b22

GET
H2 200 2893.js Show response
script.crazyegg.com/pages/scripts/0081/ 5 KB
2 KB 71ms
50ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf16a6be9c1f8d220216cd8bc2d5a7d68731c383f8a1d394c2727e7564a9ca7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 94135
cf-polished: origSize=4899
cf-ray: 6d07107869487027-FRA
ce-version: 11.1.376
last-modified: Wed, 19 Jan 2022 06:43:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-bgj: minify

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 81ms
81ms Script
application/x-javascript 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=28582
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 25ms
7ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off/?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299&amp&utm_content=new-iphone-malware-spies-via-camera-when-device-appears-off&bsft_aaid=18a8abbd-b7b6-422b-8352-283554e9475a&bsft_eid=bae4f2b5-5fe4-fe76-a028-428ae8279c2f&bsft_clkid=93654ee9-6e1c-4723-a262-cd25dade6809&bsft_uid=3eff0a33-885d-44f8-9c2d-23ee978fc0bd&bsft_mid=85c1ddbc-94a5-4703-b0d7-fe44cc5604a7&bsft_mime_type=html&bsft_ek=2022-01-15T16%3A30%3A40Z&bsft_lx=9&bsft_tv=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:01 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000162-IAD, cache-fra19178-FRA

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
261 B 126ms
48ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=jtuxrxn&ct=0:fyckj1z&fmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
458 B 141ms
115ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f5acfeb4-cf94-4a5e-b6f9-21f8a8a0b3e2&tw_document_href=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 107
date: Thu, 20 Jan 2022 08:52:02 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 311ce2040df16db5d46564cbf5f96831b2eb8d44d79fe7d971d54d7e2d47138f
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
338 B 136ms
118ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f5acfeb4-cf94-4a5e-b6f9-21f8a8a0b3e2&tw_document_href=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 111
date: Thu, 20 Jan 2022 08:52:01 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 66f1519d04c6745b88a40e3f3369fff6fb492134b245f2a6c30f579e7fe42ecb
content-length: 43

GET
H2 200 2893.json Show response
script.crazyegg.com/pages/data-scripts/0081/ 752 B
605 B 53ms
34ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0081/2893.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 132929046ec851dd779a36aab378d290a6a2a617c4b173518d0ad1faf04e3525

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1109051
ce-version: 11.1.376
content-length: 259
timing-allow-origin: *
last-modified: Fri, 07 Jan 2022 12:47:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 6d071078dbaf5c9e-FRA

GET
H2 200 lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 14ms
13ms Other
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1642668719663

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3749095
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26065
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-65d1"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: wUgl5zbO3cIXxlmRYw5GT0LLLcC7bRTFzMSKaf72-YG7aWjBt7Op4w==
x-cache-hits: 0

GET
H2 200 common.bundle.d53d00706a584180a3368c8e414318a7.js
c.disquscdn.com/next/embed/ 0
93 KB 16ms
15ms Other
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1642668719663

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 20 Dec 2021 21:46:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2631956
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94734
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 20 Dec 2021 21:29:18 GMT
server: nginx
etag: "61c0f5ae-1720e"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Tue, 20 Dec 2022 21:46:06 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: fmedmYm7ZibSINI-ud0Mx-rkyt9Yum4kC4xp0FWsa9oBeL0hgBvxgQ==
x-cache-hits: 0

GET
H2 200 lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js
c.disquscdn.com/next/embed/ 0
121 KB 25ms
24ms Other
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1642668719663

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 05 Jan 2022 20:30:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1254108
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 122875
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 05 Jan 2022 19:53:04 GMT
server: nginx
etag: "61d5f720-1dffb"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Thu, 05 Jan 2023 20:30:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: HKUiIWjc-j9MAoJSbMjR11n3tHGXo-OF7AIflMg3fhQea-51qXRTvg==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
15 KB 10ms
9ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1642668719663

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 53
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14720
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame C5CE 0
0 7ms
7ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/

Response headers

Connection: keep-alive
Content-Length: 10752
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 19 Jan 2022 00:53:34 GMT
ETag: W/"lounge:view:8959024000.e9590b78d1dc36a5d5892c84635345d0.2"
Referrer-Policy: no-referrer-when-downgrade
Content-Encoding: gzip
Date: Thu, 20 Jan 2022 08:52:02 GMT
Age: 2
Vary: Accept-Encoding
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 006A 58 KB
12 KB 8ms
8ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a61ef61d6c16032beefa8805690af62fe814386a01cd261af736c4912fbcf08b

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/

Response headers

Connection: keep-alive
Content-Length: 10752
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 19 Jan 2022 00:53:34 GMT
ETag: W/"lounge:view:8959024000.e9590b78d1dc36a5d5892c84635345d0.2"
Referrer-Policy: no-referrer-when-downgrade
Content-Encoding: gzip
Date: Thu, 20 Jan 2022 08:52:02 GMT
Age: 2
Vary: Accept-Encoding
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H/1.1 200
OK analytics.min.js Show response
cdn.bttrack.com/js/14102/analytics/1.0/ Frame 4CF0 599 B
696 B 72ms
23ms Script
text/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bttrack.com/js/14102/analytics/1.0/analytics.min.js
Requested by: Host: 5118230.fls.doubleclick.net
URL: https://5118230.fls.doubleclick.net/activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: fbf44047407fd1714993b1c5cebf5bf2b17915261b8c24ec8c70382b4d389ece

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
Content-Encoding: gzip
X-HW: 1642668722.dop238.am5.t,1642668722.cds237.am5.shn,1642668722.dop238.am5.t,1642668722.cds300.am5.c
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=16274
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 368

GET
H2 200 dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967
adservice.google.com/ddm/fls/z/ Frame 4CF0 42 B
494 B 255ms
75ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967

Requested by

Host: 5118230.fls.doubleclick.net
URL: https://5118230.fls.doubleclick.net/activityi;dc_pre=COrMpO35v_UCFRD2UQodPsgLHQ;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=6016915333442.967?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.load.4474eb952b0ac3bafd98c3224c1d140c.js Show response
c.disquscdn.com/next/embed/ Frame 006A 958 B
1 KB 10ms
10ms Script
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.4474eb952b0ac3bafd98c3224c1d140c.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6ee52eaf1db539683b3e508c5973c5b4011b86dcabd32983756482588b08ad52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
Origin: https://disqus.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 05 Jan 2022 20:30:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1254108
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 495
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 05 Jan 2022 19:53:03 GMT
server: nginx
etag: "61d5f71f-1ef"
content-type: application/javascript; charset=utf-8
via: 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
expires: Thu, 05 Jan 2023 20:30:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: nnqvrc0qLe6LS6ulN1K9Jxxqhh9DveZkGvoQXpWHrrHnBqRi2eSUaQ==
x-cache-hits: 0

GET
H2 200 common.bundle.d53d00706a584180a3368c8e414318a7.js Show response
c.disquscdn.com/next/embed/ Frame 006A 282 KB
93 KB 12ms
12ms Script
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.4474eb952b0ac3bafd98c3224c1d140c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f6f40e18e6522384652ca2a0159499791d93c5f72486f54b06e7ccb728cb0de5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 20 Dec 2021 21:46:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2631956
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94734
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 20 Dec 2021 21:29:18 GMT
server: nginx
etag: "61c0f5ae-1720e"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Tue, 20 Dec 2022 21:46:06 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: Px24V7pf03UV57F02PQio3rIALR5qL5g-Y6RzFjUV8hRI2Mts8ozyg==
x-cache-hits: 0

GET
H2 200 lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ Frame 006A 165 KB
26 KB 11ms
11ms Stylesheet
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3749095
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26065
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-65d1"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: AcK7OXIZgHCCeO-0ugKTfovM7bpob9HP2AUaV9USb44PPJt-9sQIYQ==
x-cache-hits: 0

GET
H2 200 lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js Show response
c.disquscdn.com/next/embed/ Frame 006A 475 KB
121 KB 11ms
10ms Script
application/javascript 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d5b8a226657de542d2e9b1d9d82189cad8b3ceadcc01a8f48f97fd064d4ba64a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 05 Jan 2022 20:30:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1254108
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 122875
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 05 Jan 2022 19:53:04 GMT
server: nginx
etag: "61d5f720-1dffb"
content-type: application/javascript; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Thu, 05 Jan 2023 20:30:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: D5qi6_-oMsGQQxEluKztdQIoCqY0DZLTjZvGyOCm1ZH1zxGB3scIfw==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 006A 14 KB
15 KB 7ms
7ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d94422e57e4c284a83be71222e80f64c7528bf5cf18622736af461a861fbbe86

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 53
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14720
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK js Show response
bttrack.com/engagement/ Frame 4CF0 10 KB
4 KB 385ms
97ms Script
text/javascript 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/js?goalId=14102&cb=1642668722279
Requested by: Host: cdn.bttrack.com
URL: https://cdn.bttrack.com/js/14102/analytics/1.0/analytics.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: f79704ed98d8af99946cad373171b02c590411e5ad3aab36f52c5f3f73567705

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Thu, 20 Jan 2022 08:52:01 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: text/javascript; charset=utf-8
Content-Length: 3517
Expires: -1

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 006A 3 KB
4 KB 7ms
7ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=malwarebytesunpacked&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

01e406a043d5ea27bb0f32d0cd323c4cd5e4356fb35c86f43b94231e3953dfed

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 3
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3232
X-XSS-Protection: 1; mode=block

POST
H2 204 /
www.pinterest.de/_/_/csp_report/ Frame 4909 0
4 KB 174ms
174ms Other
text/plain 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.de/_/_/csp_report/?rid=1029721289332129

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-bdc81a883d4451e6cc56d4e38a78ff78' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=5787608976870832; frame-ancestors 'self' , script-src 'nonce-bdc81a883d4451e6cc56d4e38a78ff78' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=5787608976870832
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.pinterest.de/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
pinterest-generated-by: coreapp-webapp-prod-0a03ba85
x-cdn: fastly
content-security-policy-report-only: script-src 'nonce-bdc81a883d4451e6cc56d4e38a78ff78' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-envoy-upstream-service-time: 71
x-pinterest-rid: 5787608976870832
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: origin
x-frame-options: SAMEORIGIN
date: Thu, 20 Jan 2022 08:52:02 GMT
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
vary: User-Agent, Accept-Encoding
pinterest-version: af00b22
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-bdc81a883d4451e6cc56d4e38a78ff78' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=5787608976870832; frame-ancestors 'self' , script-src 'nonce-bdc81a883d4451e6cc56d4e38a78ff78' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=5787608976870832
timing-allow-origin: https://www.pinterest.de

POST
H2 204 /
www.pinterest.de/_/_/csp_report/ Frame 4909 0
4 KB 124ms
123ms Other
text/plain 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.de/_/_/csp_report/?reportonly

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-7446bd816e3d9f639cb78ac6d0c5eafc' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1639768703237862; frame-ancestors 'self' , script-src 'nonce-7446bd816e3d9f639cb78ac6d0c5eafc' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=1639768703237862
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.pinterest.de/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
pinterest-generated-by: coreapp-webapp-prod-0a03d79c
x-cdn: fastly
content-security-policy-report-only: script-src 'nonce-7446bd816e3d9f639cb78ac6d0c5eafc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-envoy-upstream-service-time: 26
x-pinterest-rid: 1639768703237862
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: origin
x-frame-options: SAMEORIGIN
date: Thu, 20 Jan 2022 08:52:02 GMT
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
vary: User-Agent, Accept-Encoding
pinterest-version: af00b22
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-7446bd816e3d9f639cb78ac6d0c5eafc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1639768703237862; frame-ancestors 'self' , script-src 'nonce-7446bd816e3d9f639cb78ac6d0c5eafc' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=1639768703237862
timing-allow-origin: https://www.pinterest.de

POST
H2 204 /
www.pinterest.de/_/_/csp_report/ Frame 4909 0
4 KB 127ms
127ms Other
text/plain 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.de/_/_/csp_report/?reportonly

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-7ed75a46bd037d425c91d7684d510ddc' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1622590260810087; frame-ancestors 'self' , script-src 'nonce-7ed75a46bd037d425c91d7684d510ddc' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=1622590260810087
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.pinterest.de/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
pinterest-generated-by: coreapp-webapp-prod-0a03dc0c
x-cdn: fastly
content-security-policy-report-only: script-src 'nonce-7ed75a46bd037d425c91d7684d510ddc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-envoy-upstream-service-time: 29
x-pinterest-rid: 1622590260810087
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: origin
x-frame-options: SAMEORIGIN
date: Thu, 20 Jan 2022 08:52:02 GMT
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
vary: User-Agent, Accept-Encoding
pinterest-version: af00b22
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-7ed75a46bd037d425c91d7684d510ddc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1622590260810087; frame-ancestors 'self' , script-src 'nonce-7ed75a46bd037d425c91d7684d510ddc' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=1622590260810087
timing-allow-origin: https://www.pinterest.de

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 006A 2 KB
2 KB 7ms
6ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160280
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
DATA 200
OK truncated
/ Frame 006A 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 006A 1 KB
2 KB 8ms
8ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=8959024000&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.d53d00706a584180a3368c8e414318a7.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eccfd782108d7cedecdc6c55dc800faaa9c6dde383367d30bae9f63cbd671d34

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 56
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 1131
X-XSS-Protection: 1; mode=block

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 006A 13 KB
13 KB 12ms
11ms Image
image/svg+xml 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 23048061
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Uxjs9QTzDKeILYBbi0zZ4wz66yZCSOK_IJAnYh5imCsoBx9rzrwLBQ==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 006A 3 KB
3 KB 12ms
12ms Image
image/gif 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 03 Feb 2021 04:58:07 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 30340435
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 27 Jan 2021 17:23:07 GMT
server: nginx
etag: "6011a17b-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Thu, 03 Feb 2022 04:58:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: euTjA9YdFwpgS7aBMDZQXOVANwMM3QZDO310znl_Ed8Q6CovuWY4aw==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 006A 2 KB
2 KB 12ms
11ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 19:47:48 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 10328654
x-cache: Hit from cloudfront
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 22 Sep 2021 19:30:27 GMT
server: nginx
etag: "614b8453-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 22 Sep 2022 19:47:48 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: QPvhNi3lhFudzEKLrx_ccvQK7NRxpnh7VxfseNH86SwOQYQ6f0FQJw==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 006A 8 KB
8 KB 12ms
12ms Font
application/octet-stream 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Origin: https://disqus.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:58:18 GMT
via: 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 12178424
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 24 Aug 2021 21:06:44 GMT
server: nginx
etag: "61255f64-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Thu, 01 Sep 2022 09:58:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: scSI92d-Lb2wH_iPHaOFuBJEJmK8yIjAGiF2zW22_wdbOreUP5RKjA==
x-cache-hits: 0

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 006A 2 KB
2 KB 8ms
8ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160280
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 006A 8 KB
8 KB 10ms
10ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:48:42 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 209
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-1fea"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:53:33 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: -N2QLvgRWBkntRTXzpNeBOpVmyefD9JtN9ScybtfJMY2H57_tE1eNw==
x-cache-hits: 0

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 006A 9 KB
9 KB 11ms
10ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:47:43 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 260
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-22b3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:52:42 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 7i-rMMRu46vYrDTEfUbvIQctjQXpqewQB05phSxTzQsDJmX7IyrUbQ==
x-cache-hits: 0

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 006A 12 KB
12 KB 11ms
11ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:47:53 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 249
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-2e86"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:52:53 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 4JlGdU0pcu-GeqrOA7epT-FwCNjlZwh8TPYcb7G8t4_dqhWLZsu1_A==
x-cache-hits: 0

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 006A 20 KB
21 KB 13ms
12ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:49:05 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 177
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-50c3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:54:05 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 2aRbV8VdqhuK3ad1JuW-faL49C8YPJk9GZimTf5darBrDowXHTodnA==
x-cache-hits: 0

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 006A 9 KB
9 KB 14ms
13ms Image
image/png 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:49:00 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 182
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 19 Jan 2022 16:25:38 GMT
server: nginx
etag: "61e83b82-231a"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 08:54:00 GMT
cache-control: max-age=300, public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 26m1xFNKVFwcQGQweUtUy-RV2Dy8g7i_R0DfD9zQfHVqEHoBei95Tw==
x-cache-hits: 0

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 006A 2 KB
2 KB 7ms
6ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160280
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 006A 2 KB
2 KB 8ms
8ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160280
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 006A 43 B
339 B 100ms
100ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.22&load_time=323&event=init_embed&thread=8959024000&forum=malwarebytesunpacked&forum_id=3107640&imp=2e3a2oo3t2net2&thread_slug=new_iphone_malware_spies_via_camera_when_device_appears_off&user_type=anon&referrer=https%3A%2F%2Fblog.malwarebytes.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 20 Jan 2022 08:52:02 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 006A 2 KB
2 KB 12ms
10ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160280
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 006A 2 KB
2 KB 7ms
6ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160280
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 006A 2 KB
2 KB 7ms
6ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.67f9fd26b5922562ba93be9d9b520b54.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=53469%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D53469&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F&t_e=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&t_d=%0A%09%09%09%09%09New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off%09%09%09%09&t_t=New%20iPhone%20malware%20spies%20via%20camera%20when%20device%20appears%20off&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:52:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1160280
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-C2
content-length: 1644
x-amz-cf-id: XOvRip4c0pdbi8AUHq-hObtfQl1FVuy1Zg73MdYBXr_uk1jdRK-sYA==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 6E5E 337 B
840 B 10ms
10ms Stylesheet
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 19:05:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6788813
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 02 Nov 2021 18:16:01 GMT
server: nginx
etag: "61818061-f4"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 02 Nov 2022 19:05:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: sjDTkZi31VGDORUbqhfXhoe58P9qsvRbuNrDaK6z35vuUDEQx_fD1w==
x-cache-hits: 0

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame C9A2 337 B
840 B 9ms
9ms Stylesheet
text/css 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 19:05:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6788813
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 02 Nov 2021 18:16:01 GMT
server: nginx
etag: "61818061-f4"
content-type: text/css; charset=utf-8
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
expires: Wed, 02 Nov 2022 19:05:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: c3cLSeQxFHHz-gLQqf70Sc5i5X2ut2Tw9V_B8SwwHd1MzXpkSh5TdQ==
x-cache-hits: 0

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 006A 13 KB
13 KB 11ms
11ms Image
image/svg+xml 2600:9000:2315:b600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:b600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 23048061
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: YD--LWabSMxmhoB2wp7e4KuEJSKCGmZlpkSjF0wsgRAfdDHylnwDDw==
x-cache-hits: 0

GET
H/1.1 200
OK event Show response
bttrack.com/engagement/ Frame 4CF0 0
401 B 378ms
98ms XHR
text/plain 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2214102%22%2C%22sessionId%22%3A%2291dfd595-0230-46a7-81e0-11ff91cc2d67%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2F5118230.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOrMpO35v_UCFRD2UQodPsgLHQ%3Bsrc%3D5118230%3Btype%3Dcount0%3Bcat%3Dsecur00%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Bord%3D1%3Bnum%3D6016915333442.967%3F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1642668722279
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Thu, 20 Jan 2022 08:52:02 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/plain
Content-Length: 0
Expires: -1

GET
H/1.1 200
OK getpixels Show response
bttrack.com/engagement/ Frame 4CF0 0
400 B 389ms
100ms XHR
text/html 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/getpixels?gid=14102
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1642668722279
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-ServerName: Track003-dc3
Pragma: no-cache
Date: Thu, 20 Jan 2022 08:52:02 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/html
Content-Length: 0
Expires: -1

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame BB1F 28 B
54 B 55ms
54ms XHR
application/json 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/2b718ca6/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/g_8JVUVLxTk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
X-YouTube-Client-Version: 1.20220118.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtQRl9qV0tJWHRTVSiwxaSPBg%3D%3D
X-YouTube-Ad-Signals: dt=1642668720692&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C736%2C340&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 20 Jan 2022 08:52:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 20 Jan 2022 08:52:03 GMT

Verdicts & Comments Add Verdict or Comment

249 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.malwarebytes.com/trojans/2022/01/new-iphone-malware-spies-via-camera-when-device-appears-off	1970-01-20 09:03:24	Name: gaUserID Value: FFFBC6F6-C700-4CFC-B25C-044DAF20D322
links.e.malwarebytes.com/	1969-12-31 23:59:59	Name: XSRF-TOKEN Value: UegizgQA9AWH0Xd7ZVVvJEiFjDBZsPifFy9DB9EvilmXyrUuq8yHY2W7BJ4xBrhYKaY%2B0sEScB3FUkRfCkA42g%3D%3D
links.e.malwarebytes.com/	1969-12-31 23:59:59	Name: _gbs_session_api Value: NWNtNW5Zc29QVmNMQ2NRRVV6MlhoaTQ2c1NMUUZWQ3FsSzFGNTlvOVhmK2RHTDcvSGRnajA3RklKMkFveWhXK0JPQXQrM0lVdjFOTkhQdFVTalZpdVAyRjNSVkNUVng2VkFJMmRyaTgvemZiWk5mcWhUaFVZY2NqU3FDSGl6QURnWkIyNjRHZ3BOeHZJNU9ra0NrcHVBWGt4dmUvd3M5MHgzOXVuZmZMOGRNSTFYYUg0WjBVU1hkZlgxTlRTOFhoLS1jLzhHUFh2UTZNbEgzd2hFeVJZRHB3PT0%3D--832d4d79533e32552273df886dedd40c43acbfca
blog.malwarebytes.com/	1970-01-20 00:19:15	Name: global_variables.user.type Value: eyJpc0J1c2luZXNzU21hbGwiOmZhbHNlLCJpc0J1c2luZXNzTGFyZ2UiOmZhbHNlLCJpc0J1c2luZXNzIjpmYWxzZSwiaXNDb25zdW1lciI6dHJ1ZX0%3D
.malwarebytes.com/	1970-01-20 00:19:15	Name: global_variables.user.type Value: eyJpc0J1c2luZXNzU21hbGwiOmZhbHNlLCJpc0J1c2luZXNzTGFyZ2UiOmZhbHNlLCJpc0J1c2luZXNzIjpmYWxzZSwiaXNDb25zdW1lciI6dHJ1ZX0%3D
blog.malwarebytes.com/	1970-01-20 00:19:15	Name: over100 Value: false
.malwarebytes.com/	1970-01-20 00:19:15	Name: over100 Value: false
.malwarebytes.com/	1970-01-20 00:19:15	Name: visited Value: true
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 5nJ1ikhUUyI
.youtube.com/	1970-01-20 04:37:00	Name: VISITOR_INFO1_LIVE Value: PF_jWKIXtSU
.malwarebytes.com/	1969-12-31 23:59:59	Name: __gtm_campaign_url Value: https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9
.malwarebytes.com/	1970-01-20 17:49:00	Name: _ga Value: GA1.2.377775517.1642668721
.malwarebytes.com/	1970-01-20 00:19:15	Name: _gid Value: GA1.2.1222576018.1642668721
.malwarebytes.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .malwarebytes.com
.malwarebytes.com/	1970-01-20 17:49:00	Name: _lc2_fpi Value: ff3668206ce6--01fsvaz0dq072ms1pq1s788ym0
.malwarebytes.com/	1970-01-20 02:27:24	Name: _gcl_au Value: 1.1.1141780559.1642668721
.malwarebytes.com/	1970-01-20 00:17:48	Name: _dc_gtm_UA-3347303-10 Value: 1
.malwarebytes.com/	1970-01-20 02:27:24	Name: _fbp Value: fb.1.1642668720667.649305846
.blog.malwarebytes.com/	1970-01-20 09:03:24	Name: _pin_unauth Value: dWlkPVlUQTVOVFl5WXpBdE5XRTNPQzAwTURVMUxXSTBaVFF0TTJVM1pXVmxZVGc0WlRneg
.bidr.io/	1970-01-20 09:46:18	Name: bito Value: AHr7Z07D0kUAAEtrjHsDFQ
.bidr.io/	1970-01-20 09:46:18	Name: bitoIsSecure Value: ok
.company-target.com/	1970-01-20 17:49:00	Name: tuuid Value: 636c677a-9eb1-46f6-bcd0-6d1ffce6701f
.company-target.com/	1970-01-20 17:49:00	Name: tuuid_lu Value: 1642668720
.linkedin.com/	1970-01-20 01:01:00	Name: UserMatchHistory Value: AQIHdYbr1e922wAAAX52r4KfmDoHhs0R7eXOgfNE4N-ZcWcmg47amWvAt6v7kWO1EnxatDmNlUmdEg
.linkedin.com/	1970-01-20 01:01:00	Name: AnalyticsSyncHistory Value: AQL0EVuhgZBWtwAAAX52r4KfJHOPpg7v4SRODxtDJBKG-6hhGfa5sJpwzb0l79303M0KcX1QGcp9hGAcj8K3fA
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:49:42	Name: bcookie Value: "v=2&c11df39d-c6d4-400a-8e17-07d59b676a2d"
.linkedin.com/	1970-01-20 00:19:15	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2583:u=1:x=1:i=1642668720:t=1642755120:v=2:sig=AQH-DDz4CJS2bR6TcV12JlnKHVEd-f4Q"
.liadm.com/	1970-01-20 17:49:00	Name: lidid Value: 2fe37a65-e3b1-4ce6-b0d4-61d509899cd0
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 17:49:42	Name: bscookie Value: "v=1&20220120085201e334fdb4-95f0-4a65-8c34-c8fc52eaac1cAQF_vxll1RaR9a0Yb_xHSYIC33RJx1-X"
.linkedin.com/	1970-01-20 17:35:20	Name: li_gc Value: MTswOzE2NDI2Njg3MjE7MjswMjH1eHoqgJmgXAId1frBoOba+dH39a2fZX0aAbsRJrKfLw==
.malwarebytes.com/	1970-01-20 09:03:24	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Thu+Jan+20+2022+08%3A52%3A01+GMT%2B0000+(GMT)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Ftrojans%2F2022%2F01%2Fnew-iphone-malware-spies-via-camera-when-device-appears-off%2F%3Futm_source%3Dblueshift%26utm_medium%3Demail%26utm_campaign%3Db2c_tri_oth_2022_consumernewsletter_jan_issue1_164192466299%26amp%26utm_content%3Dnew-iphone-malware-spies-via-camera-when-device-appears-off%26bsft_aaid%3D18a8abbd-b7b6-422b-8352-283554e9475a%26bsft_eid%3Dbae4f2b5-5fe4-fe76-a028-428ae8279c2f%26bsft_clkid%3D93654ee9-6e1c-4723-a262-cd25dade6809%26bsft_uid%3D3eff0a33-885d-44f8-9c2d-23ee978fc0bd%26bsft_mid%3D85c1ddbc-94a5-4703-b0d7-fe44cc5604a7%26bsft_mime_type%3Dhtml%26bsft_ek%3D2022-01-15T16%253A30%253A40Z%26bsft_lx%3D9%26bsft_tv%3D9&groups=1%3A1%2C0_165071%3A1%2C101%3A1%2C2%3A1%2C3%3A1%2C102%3A1%2C103%3A1%2C4%3A1%2C104%3A1%2C105%3A1%2C106%3A1%2C107%3A1%2C109%3A1%2C110%3A1%2C112%3A1%2C113%3A1%2C114%3A1%2C115%3A1%2C116%3A1%2C117%3A1%2C118%3A1%2C0_165051%3A1%2C0_165052%3A1%2C0_165053%3A1%2C0_165054%3A1%2C0_165055%3A1%2C0_165056%3A1%2C0_165057%3A1%2C0_165058%3A1%2C0_165059%3A1%2C0_165060%3A1%2C0_165061%3A1%2C0_165062%3A1%2C0_165063%3A1%2C0_165064%3A1%2C0_165065%3A1%2C0_165066%3A1%2C0_165067%3A1%2C0_165068%3A1%2C0_165069%3A1%2C0_165070%3A1%2C0_165072%3A1%2C0_165073%3A1%2C0_165074%3A1%2C0_168809%3A1%2C0_168810%3A1%2C0_171059%3A1%2C0_171060%3A1%2C0_171061%3A1%2C0_171062%3A1%2C0_171063%3A1%2C0_171064%3A1%2C0_172264%3A1%2C0_172327%3A1%2C0_179764%3A1%2C0_172332%3A1%2C0_172328%3A1%2C0_172329%3A1%2C108%3A1%2C111%3A1
.t.co/	1970-01-20 17:49:00	Name: muc_ads Value: 31d6ca4b-72bf-4051-8560-78fbb8ba8840
.twitter.com/	1970-01-20 17:49:00	Name: personalization_id Value: "v1_RRb6Cl3AbOBlKoR6g7dG2w=="
.doubleclick.net/	1970-01-20 09:39:24	Name: IDE Value: AHWqTUlz5GsUuL2k5VBjUXehj5mR0VCw2rIC98GGD8fPNI0C0zII08Qr5vQp6g0hT7g
www.pinterest.de/	1970-01-20 08:56:12	Name: _pinterest_sess Value: TWc9PSZJSjlVckhSWnJEd1drVWkvWTBacEJUaEFkMkRVVE5mRGJxL0xEUG9YOTlKdnN4RTBZU3ZIem04K3dQUnppcGd3c3dzUVpKWEVueTBwaEVzT1h0cmZCNk42ZFBsWmpmUHJuSXFNQU1icTVSWT0mbHQwYU9SdEhQcmtHRHdzS3JxT216dnp2TnNNPQ==

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'nonce-501d18963f83d59ac3f9ac18a3b5323a' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .online.tableau.com .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .online.tableau.com .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5118230.fls.doubleclick.net
a.disquscdn.com
adservice.google.com
analytics.twitter.com
api.company-target.com
api.demandbase.com
b-code.liadm.com
blog.malwarebytes.com
bttrack.com
c.disquscdn.com
cdn.bttrack.com
cdn.jsdelivr.net
connect.facebook.net
ct.pinterest.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
genesis.malwarebytes.com
geolocation.onetrust.com
googleads.g.doubleclick.net
i.ytimg.com
id.rlcdn.com
insight.adsrvr.org
links.e.malwarebytes.com
malwarebytesunpacked.disqus.com
match.prod.bidr.io
optanon.blob.core.windows.net
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
referrer.disqus.com
rp.liadm.com
rp4.liadm.com
s.pinimg.com
script.crazyegg.com
scripts.demandbase.com
secure.gravatar.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
static.doubleclick.net
stats.g.doubleclick.net
t.co
unpkg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.malwarebytes.com
www.pinterest.com
www.pinterest.de
www.youtube.com
yt3.ggpht.com
104.244.42.197
104.244.42.3
108.174.10.14
130.211.198.3
142.250.185.198
142.250.186.130
151.101.0.84
151.101.12.157
151.101.128.134
18.205.51.212
18.64.79.84
18.66.112.121
18.66.248.52
192.132.33.46
199.232.194.49
199.232.196.134
2600:1f18:730:b130:4896:6298:98c:bff0
2600:9000:223c:6e00:16:26c7:ff80:93a1
2600:9000:225e:ca00:8:8845:1500:93a1
2600:9000:2315:b600:6:8656:f5c0:93a1
2606:4700:10::6814:b844
2606:4700::6810:5914
2606:4700::6810:7aaf
2606:4700::6810:d03f
2606:4700::6813:9308
2620:1ec:22::14
2a00:1450:4001:803::2003
2a00:1450:4001:808::200e
2a00:1450:4001:808::2016
2a00:1450:4001:811::200e
2a00:1450:4001:812::2004
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2006
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c06::9a
2a02:26f0:1700:786::1931
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a03:5f80:a::b212:e7c0
2a04:fa87:fffe::c000:4902
3.33.220.150
34.238.14.155
35.244.174.68
52.210.199.144
52.222.214.93
52.239.137.4
54.208.225.246
69.16.175.10
001e7c5308cffd02033dc299d64b21c013eec7980b3008b68c89749b011852f4
01e406a043d5ea27bb0f32d0cd323c4cd5e4356fb35c86f43b94231e3953dfed
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05369fa3ab175c5ba5e63b7c60a872a64f82ddcb1de6a950d73004ed25930e69
05a173cb58022e81eb499529ac56df6ad7bafe1c61b8128dca8b76f300b5b60e
0ce5d039d3e58fc10808f0695156d2bd99daae7791d26cc5dfc569154b5e0b22
0d8ac30d9520ce94e0246020e4bff9b6fea04f92ac0b5f09c7346104b9f5772a
0ed37960a59a6ec6b443f9ef043864d09a51db6fd276ae578d9166467bf986d1
0ed94f0c2bd4beed5fc6c2ae298f572ecaea4be7d16dcc45265b524b29709573
106ff2dcabdf33e3a570650ebd622f534c02c6f751a8320ed879e172d767bbd2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
132929046ec851dd779a36aab378d290a6a2a617c4b173518d0ad1faf04e3525
1532b16aa9cd1fef51c097aaf1abeac6cb6f239b026660e7105e49f4ae6549ff
16c13044cedc5c7482ad7db51913c164ffabc787ec5b6b0246acfec84cd6d01b
16f961e4eedc84409f706d7043ec879d9a7783c6f317640b0d97a73e98e9e8ea
19333622f176d68bc17e307d8df96b15447864fbb0bbaac495e507fa64d96077
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1dc2b8fb26c1a74260a66519a2a5fdf37a938d1b43bbe4d8da7fcd652acc61b9
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
21da5195f86350f2b52a0ee70a668d4f72542d0413b57dd84f06593e0e0f7207
2256c9e5605323f852f232fd6819a02cf2cac3e04c84299e19efe83037fd8cda
22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62
2324e1cc321922f4b94b5ba9a66fb3206bab61c670f92db5264d956983cfa26d
2409f262a4b65de1c6867ad7d607898380900587b69a60b881a9b888bd53e625
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2eb766d65a2b957a1c4d766cb0d98c348b8d7222abb3341ae555019bd22bde65
30b410ec60b2dda5e521206ed5b3a9318922f62828db7409240f047f21593bcc
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
32d4b293bb7f25a21cc44e81184d4bbcb3bdd1837e026b98ed0ad85b3b1a5292
3347be09e14b684dad1ea6d9817e34fd36e10bd4c4f0914daa054932344c1d7f
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
361aabb783830d45d3de5f19c4fe47d295e11518fb0279dd99d589eea8d43319
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2
378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a
3df56cf5e9b367ce3a1f69c52fe68655893e7443d0b9df0a8a094606775657c0
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
4f7da1e8c51daecdde094d37ad6ed35f3f70a3a0026d7df53cc88e4533a69f87
523d1af6ce4ee7e7193dd9d3f8b2145f525349131492d2defc81cbd653249e1a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
556172885a172763c715eace05597d5575ee4d4f2df6b61d723f4666b0a730a9
5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d
56abf2a0b03d5f31053efb36cb548e05793f98367ae92efd2d33e83eeb5216a0
570361e321c60495aef57d5abf5762eeef6f243032a773f62feb59a3e787462b
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
582b676c74e7976221db49e0d0ee4a5b0cbdbf77f9cce9131aa5133ec3492b14
58c13e24cdfb6384c26836e3eac52d17701cd9d686c56ebf93efbbe9426f8cd6
5955908348c9dc49badb9b08e2448d49db335f16720edaf1bf6cbe67692129ae
5ab9d6964cc7724a61f9d71be47b962f13ab920141f8048e9fde5245ec1ebe5d
5b06b85bdf477d92de6f3c9e7c037b4d679f0b17bb633ca659c50bd630f29d09
5b62da3ed3fe1c94582c2a75526716000f7361ff70c0cc41aae4ee8212735c3e
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d09ea31b4f26497480482f539fdc221990ae192c8b8be5002f4f2b9bef26876
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
6252f8d40b521387483f57b7d0c812912a1d59ce038fdde2bcf67cf920486cac
63c041fe48b6010776541e3eaf922df7c113b28186226dbe53df7eedcf8e95d8
6429fe0ed81fca5f6bb18cb0a0aacae3bd9de79192635aeed4cbda438139d75d
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6ee52eaf1db539683b3e508c5973c5b4011b86dcabd32983756482588b08ad52
6f40db0e6f7db01d94e5b2aed5acf30d1b9aecc4a4482a5044a3cffbe5c40164
6fd928788b7593c518b6eafd0f501a83a4ccc4d78dd87dc1f351eb05387d2b60
72622641b79819e5c8b5c0543d105a45e30f13b1a6c0b5c3701e72de5b57e427
728054ccf1f41ec0afdb688b6db421601bb60d505d9e1e2c2de16d9e4a14b774
78e3802122f7016333437f9908ad30173eb681234d9ed7ebd74490abc525c8b7
7961789aed44f7b97f6f755bfae322b38dd398de4a1022821c7be836a47f01f1
7e6aa30a919ae381fbcf4d4d6f970531bf513bf0847097e7927123bf032b0f09
7e9bcd405af64ba784d4ead6dba8ed5c146a22c5bb6f264e756e3ded19a6fb6f
80f0eb912943ad0deab2ad7a8125b7404b726bac65dca9e6be97b063ca490662
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8528b83134ef333f8b4f3b722f422569b5121e6fa817c9942bcbb91f5f61ea93
8a849c6ffa64946fefa17e874080dea467783d0e20857bbfbb23480739625648
8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e8a3989b219973b8be975160717142ea7233989f5be268d2f0067d295559fd1
8eaf1a8091eda3e365c041e5c4782ad56044ecab9e926dc4f35766207054500a
8f796d398e512c5d19a2fecc943d19a204927ff3cf9ec2cb3f75a025535268cd
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
928759d761adf61723feb7a9affc2b058cc9d5044831da66fcadd823e265ab1c
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93e43a00cd73303f914fe90d7be15dc032f4796891b571bf6cd9d9f36f4c91eb
95f35047b87b34c7d442d8244762cb17accc58b1c6eab3522d33f38de4b20487
96f64f19c7e878d8f04b58675912e11937649c92cbd1ac33280d77e263daabc8
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
987c2a4c3eeff2bab184577a1b636049c8595e284178076f5eb3d52fecd6cb95
9d815528e2ed7985b63e839cbeb0b684e1fa8da87da3c1a0962b1eecfe437614
9dd21b8f0d0f7b8e688744ba7aeb0dc2d5a730d0778aa16ec6cb84cd1b9ee885
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
9fcb181721162ce0d395b7b9b1e5bb5ca82c5f79bde749d4d0467ec2e65fcb4a
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1a9324c503cc885e5bf568d8c5de12c34c0adc3a4990d547a4514179108badd
a52bbdb7b132e850fdaf5740012fcc0bc3f6ef0be520bc4b987d8761d40d015a
a61ef61d6c16032beefa8805690af62fe814386a01cd261af736c4912fbcf08b
a6453b0bf49115380414b0823f6b4c5e699b7d0ea86bd6ce1ca6aad56e24e394
a6a97c4046257c7e4e063c9f76434c7ce2c1f105e46b07424fabfc054f2d4d24
a7d4e6165ce4042167fcaaa0623eab885d6992458eb05c4fc74184cee79a9eb3
a85ea540e774d24b3472a92b0e69b48634c76af3a0dfce7d10ed473163285984
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad15e02b8d9bee31a51c502cff1977983fa2c8103b769db7ab097750f34016a9
ad2cc26b0fdde8f4eb637ed12b25364e85af0bfba227dad42cb997ff4ad23eeb
aee1359e4fcc53f0a7918574ba627e0ca6c6e61bb75262214d53802a68554593
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b0d78148b9ab75681bf8638664351d2a901c1dfdc5a77940a2007f8be0f77538
b14c2ce45cd99008790a246e2ec2b0647b16a9e5b4c07bf92e5051212b526dff
b4e6efb587f3fdfb8155148201d0c51ac95d249a6727e8256acdfe624ade69af
b569dd28a56f53339cc04cc2e251dcfb426262bd7ad60ed44cc35da0dd3b2cc6
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
ba0504cfd673e9fbf0bab2b70a67ac1bbea97891e12fc8cd3f94070f0c4898f8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c13527e6600d478c3cd7ae449acd6813e1c7209a97c0334702ee8d1a999a3a93
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c2b61a7c5b7861eb46842ccf373e2524d90d14034f5d56e92ad50f27756156b0
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c3e093146fad0e34b98a7b0f9e57fbe4ef571abfff63b3af50689b20f8718a41
c3ecb65228fd4f5a7504dfa3c4239e2daf2a47559622bbb565738929042d93eb
c41517c93c6eb23ffc0a81503d8ed79cab09157c5f9b7b335d20bd974ed9a2a4
c86a4ff5993b96a3a497952d1542fe93d46efdda55c98da63843694d4da41af7
cabcba2fb0a11127afe1eba21cbdba800100f5a591ad7870aada8142379a955a
ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf16a6be9c1f8d220216cd8bc2d5a7d68731c383f8a1d394c2727e7564a9ca7a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d256a37a8296aef486aa5c129a8c4d95ab20908ce5342fd41f66bc3d62ad8d63
d4e61ea4aafc5da0b582e7e15077addf35379acc4b7b03df0128ed33ba589884
d5b8a226657de542d2e9b1d9d82189cad8b3ceadcc01a8f48f97fd064d4ba64a
d6f36a088f7c6dc6459a02c048b23e2407bf38a5249ecbc9547be2fce143f63a
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d94422e57e4c284a83be71222e80f64c7528bf5cf18622736af461a861fbbe86
da819542692b3f1c2a667ba34eff3465a82d9756953a1446ab7d0772f9b1edd5
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
dcfdce51b194eeb3dd58cd5c1bb69184a948100fee91743aa61185ea0afc30a5
ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
de62e6565dcb19432d7f42a0d37001f82027494bc371684894ec776edb75fbd3
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e2adf740376f608d5a3b6977b793a5e1c92c4de9e0a792921b8e24476e56c9ed
e39a61e62de49ec594437288cb8f6cfd581f14212f9782b5dec6ece2a685ad87
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e9f2fd217a445901bad1ae575c60f3b6a335dd22713609fdcfd827205d7f546c
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
ec442600e3c090c1171e6d0aca38073cc048af3a7a301ec06bf933da6aa65c1b
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
eccfd782108d7cedecdc6c55dc800faaa9c6dde383367d30bae9f63cbd671d34
ed2491fc7526ff0b5cfec3fe6f4cf8153796520fc845b735286b0f42183da98a
edefdf39939d537b6461500b750d822088905c0f3cc06cc4e58b0dea61869fd5
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f575112df5398271c1f04b48a995ccc6e17d69730e37304078178d46781152da
f6f40e18e6522384652ca2a0159499791d93c5f72486f54b06e7ccb728cb0de5
f6f9e9eda5217ed7b70e7476a43ad789a2f0ca9a001135cdc1d4a13eed2d65b3
f79704ed98d8af99946cad373171b02c590411e5ad3aab36f52c5f3f73567705
f8869aa9427c07872b91f3bb5485a65a0e389302f54ad6fe1b684c59d97d154a
f898c8113b802725b5b95b896301d5f763b7ff5d8ef54dd0a1195e5cb0349a36
fa07bfad3039513f81cc0551de10a79c7c823bce84a5fbfba5a547f96479a367
fbf44047407fd1714993b1c5cebf5bf2b17915261b8c24ec8c70382b4d389ece
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ffecc1558ecf46b33ea79808eac375e8bfb0bc6a5f799a3bc2ca2df96f2c50db
ffff1e98c43cb9453e53709e79e16421d9ae371e2b9812e191f81189fb78d3c6

blog.malwarebytes.com Open in urlscan Pro 130.211.198.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

236 Requests

98 %HTTPS

55 %IPv6

38 Domains

57 Subdomains

50 IPs

5 Countries

4007 kBTransfer

9143 kBSize

37 Cookies

93 Outgoing links

Page URL History

Redirected requests

236 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.malwarebytes.com Open in urlscan Pro
130.211.198.3 Public Scan

Screenshot
Live screenshot

Full Image

236
Requests

98 %
HTTPS

55 %
IPv6

38
Domains

57
Subdomains

50
IPs

5
Countries

4007 kB
Transfer

9143 kB
Size

37
Cookies

236 HTTP transactions
3 data transactions