urlscan.io logo urlscan.io
SecurityTrails logo

c3rb3ru5d3d53c.github.io Open in urlscan Pro
2606:50c0:8002::153  Public Scan

Go To Rescan Add Verdict Report
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Submission: On August 26 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 1 countries across 13 domains to perform 96 HTTP transactions. The main IP is 2606:50c0:8002::153, located in United States and belongs to FASTLY, US. The main domain is c3rb3ru5d3d53c.github.io.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 7th 2022. Valid for: a year.
This is the only time c3rb3ru5d3d53c.github.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

17    2606:50c0:8002::153 (United States)

ASN54113 (FASTLY, US)
c3rb3ru5d3d53c.github.io
1    2607:f8b0:4006:80d::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
15    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
13    2606:2800:220:131d:1d30:1f1d:238b:1e56 (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
10    2607:f8b0:4006:80c::200e (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
15    74.125.34.46 (United States)

ASN15169 (GOOGLE, US)
PTR: ghs-vip-any-c46.ghs-ssl.googlehosted.com
www.virustotal.com
6    2607:f8b0:4006:80c::2003 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    104.244.42.8 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
2    2607:f8b0:4006:820::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2607:f8b0:4006:817::2006 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
static.doubleclick.net
4    2607:f8b0:4006:823::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
jnn-pa.googleapis.com
1    2607:f8b0:4006:807::2004 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.google.com
1    2607:f8b0:4006:80c::2001 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
yt3.ggpht.com
1    2607:f8b0:4006:81c::2016 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
i.ytimg.com
2    2607:f8b0:4006:80b::2003 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2607:f8b0:4006:80d::200e (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:2800:220:1410:489:141e:20bb:12f6 (United States)

ASN15133 (EDGECAST, US)
cdn.syndication.twimg.com
1    2a04:4e42:46::159 (United States)

ASN54113 (FASTLY, US)
pbs.twimg.com
Apex Domain
Subdomains		 Transfer
18 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 701
syndication.twitter.com — Cisco Umbrella Rank: 956
536 KB
17 github.io
c3rb3ru5d3d53c.github.io
1 MB
15 virustotal.com
www.virustotal.com — Cisco Umbrella Rank: 52564
554 KB
15 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 422
412 KB
10 youtube.com
www.youtube.com — Cisco Umbrella Rank: 113
788 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
107 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 54
jnn-pa.googleapis.com — Cisco Umbrella Rank: 306
122 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52
static.doubleclick.net — Cisco Umbrella Rank: 398
1 KB
2 twimg.com
cdn.syndication.twimg.com — Cisco Umbrella Rank: 1441
pbs.twimg.com — Cisco Umbrella Rank: 693
4 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 45
20 KB
1 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 133
34 KB
1 ggpht.com
yt3.ggpht.com — Cisco Umbrella Rank: 256
4 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 9
15 KB
96 13
Domain Requested by
17 c3rb3ru5d3d53c.github.io c3rb3ru5d3d53c.github.io
15 www.virustotal.com c3rb3ru5d3d53c.github.io
www.virustotal.com
15 cdn.jsdelivr.net c3rb3ru5d3d53c.github.io
13 platform.twitter.com c3rb3ru5d3d53c.github.io
platform.twitter.com
10 www.youtube.com c3rb3ru5d3d53c.github.io
www.youtube.com
6 fonts.gstatic.com fonts.googleapis.com
www.youtube.com
5 syndication.twitter.com platform.twitter.com
c3rb3ru5d3d53c.github.io
4 jnn-pa.googleapis.com www.youtube.com
2 www.gstatic.com www.youtube.com
www.gstatic.com
2 googleads.g.doubleclick.net 1 redirects www.youtube.com
1 pbs.twimg.com c3rb3ru5d3d53c.github.io
1 cdn.syndication.twimg.com platform.twitter.com
1 www.google-analytics.com www.virustotal.com
1 i.ytimg.com www.youtube.com
1 yt3.ggpht.com www.youtube.com
1 www.google.com www.youtube.com
1 static.doubleclick.net www.youtube.com
1 fonts.googleapis.com c3rb3ru5d3d53c.github.io
96 18
Subject Issuer Validity Valid
*.github.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-07 -
2023-04-07		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-02 -
2023-06-01		 a year crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
*.virustotal.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-17 -
2023-01-18		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-22 -
2023-02-22		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Frame ID: D979EB4551C192D84E740911448D8ACF
Requests: 40 HTTP requests in this frame

Frame: https://www.youtube.com/embed/m3jrWoQK6sI
Frame ID: 8012D578DBA228C73D760A2E127CE5E1
Requests: 21 HTTP requests in this frame

Frame: https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Frame ID: FDF0161E4FAEF2461621620E917A2117
Requests: 16 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io
Frame ID: 3A429ABB4F863D303394A91B3171E824
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
Frame ID: ECF2DCB0D51C6AA06939DCDA06BF2D40
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Making Fun of Your APT Malware - Bitter APT Using ZxxZ Backdoor to Target Pakistan Public Accounts Committee | Malware Hell

Detected technologies

Overall confidence: 100%
Detected patterns
  • katex(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /mermaid(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.github\.io
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /(?:([\d.])+/)?highlight(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

96
Requests

99 %
HTTPS

89 %
IPv6

13
Domains

18
Subdomains

19
IPs

1
Countries

4014 kB
Transfer

10126 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

96 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/ 		67 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
0ce5e68318d24ac84633bda31282273969471179c15c23ccec56dddfb905c371
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
21481
content-type
text/html; charset=utf-8
date
Fri, 26 Aug 2022 14:39:24 GMT
etag
W/"62d06142-10c5c"
expires
Fri, 26 Aug 2022 14:49:24 GMT
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
permissions-policy
interest-cohort=()
server
GitHub.com
strict-transport-security
max-age=31556952
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-fastly-request-id
b0f5672e9b9607c063e0ebc658bb7d861bea8c90
x-github-request-id
E79E:7664:2ED297:836EA7:6308DB1C
x-proxy-cache
MISS
x-served-by
cache-yul12828-YUL
x-timer
S1661524765.597121,VS0,VE30
eureka.min.9cec6350e37e534b0338fa9a085bf06855de3b0f2dcf857e792e5e97b07ea905d4d5513db554cbc26a9c3da622bae92d.css
c3rb3ru5d3d53c.github.io/css/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c3rb3ru5d3d53c.github.io/css/eureka.min.9cec6350e37e534b0338fa9a085bf06855de3b0f2dcf857e792e5e97b07ea905d4d5513db554cbc26a9c3da622bae92d.css
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
a97044ecffd953411cfa382f02aeaa9c9538f08c42ee145251c0e863739f03c3
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
e2012b02f3c5ab95f178e96c1d68e4203f065d85
strict-transport-security
max-age=31556952
content-encoding
gzip
etag
W/"62d06142-6d4d"
age
0
x-cache
MISS
content-length
5638
x-served-by
cache-yul12828-YUL
access-control-allow-origin
*
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
3214:79EC:688ADC:C22B59:6308DB1C
x-timer
S1661524765.644290,VS0,VE22
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 varnish
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
eureka.min.fa9a6bf6d7a50bb635b4cca7d2ba5cf3dfb095ae3798773f1328f7950028b48c17d06276594e1b5f244a25a6c969a705.js
c3rb3ru5d3d53c.github.io/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c3rb3ru5d3d53c.github.io/js/eureka.min.fa9a6bf6d7a50bb635b4cca7d2ba5cf3dfb095ae3798773f1328f7950028b48c17d06276594e1b5f244a25a6c969a705.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
e3bdb8310822ac73142b96899e8a798c41446fb7490fd3568737e9e442d0239e
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
b20192d94b02d9b2288b876e2a0e4860b629d24c
strict-transport-security
max-age=31556952
content-encoding
gzip
etag
W/"62d06142-1692"
age
0
x-cache
MISS
content-length
1448
x-served-by
cache-yul12828-YUL
access-control-allow-origin
*
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
6B8C:79ED:3C10EB:9208C7:6308DB1C
x-timer
S1661524765.644352,VS0,VE26
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
css2
fonts.googleapis.com/ 		334 KB
91 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
50880e32498248a8e2344710bec9112628ea20f3be2f5175532294b596ea5d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 26 Aug 2022 14:39:24 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 26 Aug 2022 14:39:24 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 26 Aug 2022 14:39:24 GMT
highlight.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/ 		113 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1828162a4978444dfe33f4cd1f977f17cd13cf7d0f413f8eb9bab9437239736d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
13665707
x-jsd-version
11.4.0
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19143-FRA, cache-yyz4551-YYZ
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"1c30f-0mStFr3znP7CsGwgIjuH/LN60ns"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wd5PNMSCaauc2EcUmaHSxBGidMb6pzGXWC5Wq4AKsNP%2FFe66SYf6s%2FPjGx6rtrbNVYSzySW32pQ%2F59YdNdeK5cZASQLvzBcOrxY4V%2BzAmZrMIZBxEcJxO4WKlW%2F43PWkg3ugBrffKb6auS5f%2BLk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51137f4eecfa-YUL
dart.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/dart.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ee35358a7fcb0dce363209850f989fc8efd3f0672c6a3dffde121b4b955bb30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
63993
x-jsd-version
11.4.0
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19137-FRA, cache-iad-kiad7000113-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"890-cskz9SRuNni3Ow9fyw8vP4knO8U"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2V9Zn61iqQbB7CGkittY3N3DzU6Q4x9F3Ru1Tk6TbdwE8B3BkzK1IALliQ6x5%2F1kFMoT1sA%2Bpr69v3rxBq73COkYE84LwYxZgGgTGB00KGOfHypkdIbOuwWgPobWcjVKyprPYqiv9SbMrOdLL4Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51137f51ecfa-YUL
access-control-expose-headers
*
bash.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/bash.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
444724c7adb224998fce30c42371ef2142556259fd3e42426beef25ad0119556
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19121-FRA, cache-iad-kiad7000166-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"c04-6xU3ugWoiTaF7gSJpY4VUwF4QLk"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9C%2FeTiRVDVCILUtga3%2BCHuko%2FW2gIyYJQ%2BcIwGjr2TzDhwp8yEzLFvFqt5Ubb0Xlme9uACQ4MbQMdilXu9xCufP%2Boyp%2BEU7bSwGYheL7xIYGXIujjO95mTrPFw34ycGJh3c%2FQZQhxD1k%2B726tRk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51137f52ecfa-YUL
access-control-expose-headers
*
cpp.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/cpp.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81fd32ec0638c1c7fc1c6bb17ead46e78c887d23a6f2cdfecb1b647bf27b0e6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19151-FRA, cache-iad-kiad7000021-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"1656-XW6fe75Qpz/7w3Qrqs7746oe4t8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FW9%2F7pk8TPoXuCEmIFkzweD9JHrKFQLGgWggJo%2FwIIxN7iUy%2FifXC6yG6SwL11%2Fjkya6NOWuJ13W8m%2F6qxvhmwZaA%2BulYJhoGWrIvhioUwR5hUzPRQaX5NdAsGeYm8h6NbLVUaP6Az7d1X1Qi%2BM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139f7becfa-YUL
access-control-expose-headers
*
python.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/python.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fe84ce61c213843c3545ed452cb88daec97954575510bb21f2c26a91c3fa327
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19124-FRA, cache-iad-kiad7000154-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"dbd-zrm9Hj+N4kwye0DneG1TKVIUQkY"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cwHTKlmhr7ms20twAid%2Bq%2FVFdPx3KZxOPxw1OYquxPGhI0MEJVZDBhrTFKB7ARA5JF8O4qdL59NSQQJ0NoX1LFh%2BFPncDLC%2B53SKYCA2NUNFKn2AvVuNdiThpDQxCfu082EjxJIDIMVKVCxCh8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139f7cecfa-YUL
access-control-expose-headers
*
c.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/c.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61b7d470233ab5d9b583bebdbca04b53df51632ac6c058ccfd40b00476a4b2ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19136-FRA, cache-iad-kiad7000162-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"f48-AriZiv2awpH+LYofb5rMRLouJ0g"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ESvTSUHhJgyqqX6i6fhCl6ObGKWVp90PYpcVxnHAVOh0c562PcAKoTUoJlnvq7%2BZypMPaVF1w4stcR7sxAC8DeMVTa74qIsJRsKODKqqTY2aTdx%2Bn2igh6cDBmJ3y5koBxd0WlPti5U2F3EeFAE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139f7decfa-YUL
access-control-expose-headers
*
vbscript.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/vbscript.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52ae21710f041e4d869a0bbb65f55a40892df166ad81187c9e5489dc5cac00b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19150-FRA, cache-iad-kiad7000144-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"79d-pSQH+vRI8ZmuNB7xTqRjFNxOv6U"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4IcYTy%2BWxjNZDCOUsu2ug0YKacN3VC7qML%2BzgbuSIs6MN%2F7Mrsd7rrREd%2BNT0j0fGK1qun8YhY44xH0c0VDkJSB0PQITY5VN5%2B%2BMVtvKIeI5dPBRasvrgYFvI75Vpg8p%2Blr86BDdjG3ZYKgsE4Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139f7eecfa-YUL
access-control-expose-headers
*
powershell.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/powershell.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4256f7d4f171238fed1762bc91478a8daf0f47a74b0e2c21f4c50646c8c0f23b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19132-FRA, cache-iad-kiad7000093-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"115f-26Mfi+DgmZj/0IFB/O8cvQKsxOU"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6kUbSQ%2B3SJJ%2FbHvWBCILNc09tMKaR%2BdfY2ISEIa%2BEs12wc9s6qYQQzcspFdVkjClqXl%2FpRtGil1CnC6zdC7M2HeGBiRXLrmkX3FYSo4b5JHS65UB6xFoDteZSWLl0kyJkfQhIjGxlmQevGGW%2BBM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139f7fecfa-YUL
access-control-expose-headers
*
http.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		910 B
864 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/http.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b33677981223e9dc39fe05b6cdd78dc3e0c37b6d877a0be4cc9781d21002840
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19173-FRA, cache-iad-kiad7000071-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"38e-tMRhXJAvJaFkThRCPaPkaXYQ9qQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pb32S3A7jSN2we9odtzEVRegjzLeDrxrTGYW1Ab%2FDmuvv0AA53hAjcI2Ym8IF%2FMwTElvZpjD1ZNLx0fIiSj0AYTLqgW54BSuOQcv70d5dfHFnRR8XQHobL5k0BwznEjobuS6EG57DJTw0GE6Tq4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139f9aecfa-YUL
access-control-expose-headers
*
x86asm.min.js
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/x86asm.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bed4b452d5c6e2aaad155a9c901e6f78bfcc70b935c31b799fe9665f8d5f6476
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-jsd-version
11.4.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19140-FRA, cache-iad-kiad7000035-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"4ab5-oKI9JOjmoRieIyrDT3+lZV1kVAk"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lpXDdfVe06EAD3K21MzvKSaXEP7LConKAPqZPowB2RY84S0GvNwPfM305NT6%2BKdIRURMKR9hNY599Ow9qLmCaRR09cAZKHakvqEltoU0PxppW0XhaPo3LtpT%2FPI9mOaANOdgIx1nKvYWBHU2AMA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139f9fecfa-YUL
access-control-expose-headers
*
fontawesome.min.9956a9fdeeb895bcca3e646ea4f943c9dfbabb5b76757ae1c2c3b3fe2ee29f21edf15c30e1b524d558b6363569a57b12.js
c3rb3ru5d3d53c.github.io/js/ 		48 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c3rb3ru5d3d53c.github.io/js/fontawesome.min.9956a9fdeeb895bcca3e646ea4f943c9dfbabb5b76757ae1c2c3b3fe2ee29f21edf15c30e1b524d558b6363569a57b12.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
7ea0aeaf995b6da6297a63d5de19640e575487632fe7b289fed9f289b3b03519
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
f2fe35266237118fe3537f1316e95eab6c5ccfea
strict-transport-security
max-age=31556952
content-encoding
gzip
etag
W/"62d06142-be46"
age
0
x-cache
MISS
content-length
17306
x-served-by
cache-yul12828-YUL
access-control-allow-origin
*
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
6828:57FA:6927D8:C2DC64:6308DB1C
x-timer
S1661524765.686803,VS0,VE26
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
katex.min.js
cdn.jsdelivr.net/npm/katex@0.15.2/dist/ 		264 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e023d5a12ce3d25253eb7601d4837acf201dafabe0fe9989144ccdead14f1fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
fastly-original-body-size
74334
age
13658761
x-jsd-version
0.15.2
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19132-FRA, cache-yyz4526-YYZ
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"42027-8pjcb2+mNRLMTQL5qivQLQP9XU0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pp9bVbmNLL5zY2ou95tPKPmf0u%2B2uwxjxq1iADhHJ6kgdpuw0RerMsod4UdNfQ39rHK12TWrGJC%2F9WzLXUOGYOWTDpPBaX6aywwtp%2BZclO0z3hhH2kN3DT%2FBEx6cJuB%2F%2FwI0hzsauXkTZ4UmQog%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139fa1ecfa-YUL
auto-render.min.js
cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/auto-render.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb7f4ca60ed5dc3e258415f8c7a3b46d4a93578a52adf83011f18a7f190e7602
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
13658761
x-jsd-version
0.15.2
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19141-FRA, cache-yyz4537-YYZ
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"cfb-7bo1Mz7Iv0F/LgzAGUsOI1QoU08"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5gz3M5vVWR35B775VTjftztPqCOgPfO4lSoiXUkMZ0eH1F1HqIvZfmk4VZyGxdkTdjwcqExFJBpGtwM5RJeLjJURT2m%2Fdb8%2B%2FPYoGs4qeigyT1cAa2PfBiFc9myUhxObeuyYuvjsFv0RUB%2F43CM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139fa9ecfa-YUL
mermaid.min.js
cdn.jsdelivr.net/npm/mermaid@8.14.0/dist/ 		1 MB
270 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/mermaid@8.14.0/dist/mermaid.min.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef04f7e13234a4405e105a22e33faf86e49d74687abd44cc59da89d920deda38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
63993
x-jsd-version
8.14.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19144-FRA, cache-iad-kiad7000026-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"10e33a-u0UK8rma4JBKcmSwbvnZgBeo9Bc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jsGQ%2FTp%2Fi3RpAUKAUufrPUp02pt7Oa%2FIdUVIAfomIKegOmjLmj5CkE2G2bQ9huj4E6IbxHclwShaGgVWmUNaC6jMK%2FkXPy5PyZmEMJ2lzx0nLMAis85qGS%2F10w1nCPk34xGGBVcbZWBTr0lxG8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139facecfa-YUL
access-control-expose-headers
*
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D16) /
Resource Hash
33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:24 GMT
Content-Encoding
gzip
Age
1358
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
29278
x-tw-cdn
VZ
Last-Modified
Mon, 15 Aug 2022 23:23:32 GMT
Server
ECS (nyb/1D16)
Etag
"080f1472776d4d1a972a14cea4433aeb+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
0.jpg
c3rb3ru5d3d53c.github.io/images/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/0.jpg
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
0cda966a355c28be0d906c25de27b922264e84c2efa52e309ce8e2daef351c12
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
24f2390a85bce089204c85dc862908e4d9924e09
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-91b7"
age
0
x-cache
MISS
content-length
37303
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
18B0:5137:3D3475:9359D6:6308DB1C
x-timer
S1661524765.686744,VS0,VE23
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
0.png
c3rb3ru5d3d53c.github.io/images/ 		128 KB
129 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/0.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
fae89e56c01663aa682baf7a2768f2b78e56e34c8786059d319ec3773a96f307
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
17559b138bcc4e8ed36b7dc0228059643d109439
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-201af"
age
0
x-cache
MISS
content-length
131503
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
E310:2A84:404D61:9676AA:6308DB1C
x-timer
S1661524765.686393,VS0,VE44
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
1.png
c3rb3ru5d3d53c.github.io/images/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/1.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
97bbd1600995442c8a0ad41a46477044a8e31af1c254e959c3285bf958ecbd92
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
68ed23560e6dc3870b71a6b45069c46ca4af6fde
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-66c8"
age
0
x-cache
MISS
content-length
26312
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
1890:8D70:715900:CB33CC:6308DB1C
x-timer
S1661524765.686699,VS0,VE27
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
4.png
c3rb3ru5d3d53c.github.io/images/ 		71 KB
71 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/4.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
7b5b36ad32bca08a519ddc3ed4e57e5be1fc4e1d202ef16687e6825f93fd2abe
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
a96e2f6bb0be691cf29cf8728e7711ae5c79f627
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-11b8f"
age
0
x-cache
MISS
content-length
72591
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
649E:98ED:39DA8E:8FCEEC:6308DB1C
x-timer
S1661524765.686600,VS0,VE25
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
3.png
c3rb3ru5d3d53c.github.io/images/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/3.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
bce8b3a06dd86b0b3532321637cd98e4bf23b60dda18f7b6beee4df1cc34b149
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
d60f89420c7e4f9224430f2f6f7a978065c45438
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-755d"
age
0
x-cache
MISS
content-length
30045
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
7A38:28FE:3F6949:955078:6308DB1C
x-timer
S1661524765.686480,VS0,VE25
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
2.png
c3rb3ru5d3d53c.github.io/images/ 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/2.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
0c01f54a2e19f5f43cac4ed95810c64aaa08c870c50418f319acc68a2e25f470
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
52ce9b230eefff030456b8c7c1ab1a6325f76b05
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-14c70"
age
0
x-cache
MISS
content-length
85104
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
699E:5137:3D3475:9359D5:6308DB1C
x-timer
S1661524765.686598,VS0,VE26
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
1.jpg
c3rb3ru5d3d53c.github.io/images/ 		125 KB
126 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/1.jpg
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
3cdc0c53e4da1e590203cb99635a6d7f1b613eb5975a4b1522af12ab63017205
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
5958f98dffb0c6c5cfa2f1c904572bc10bb8d67e
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-1f599"
age
0
x-cache
MISS
content-length
128409
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
7CBC:418A:41F421:984116:6308DB1C
x-timer
S1661524765.686342,VS0,VE29
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
5.png
c3rb3ru5d3d53c.github.io/images/ 		99 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/5.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
6e0af10a5030fa409da15edbd6750a489f14cbc2fd90b11be6abd88c2cf54793
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
57c563707831ed1c2177b51a0e4877d8dd48cc94
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-18a8f"
age
0
x-cache
MISS
content-length
101007
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
6B8C:79ED:3C10EC:9208C8:6308DB1C
x-timer
S1661524765.686331,VS0,VE27
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
6.png
c3rb3ru5d3d53c.github.io/images/ 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/6.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
8a97eaae60c7df18708323a91a1e8137088eb958336f83c25d41989064d0787e
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
3c123b2918b9a1d8fb6cc28b8eb7807d5bc4f99a
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-15f69"
age
0
x-cache
MISS
content-length
89961
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
82DC:0ABF:2D566C:81CB71:6308DB1C
x-timer
S1661524765.686320,VS0,VE30
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
7.png
c3rb3ru5d3d53c.github.io/images/ 		521 KB
522 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/7.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
e56a38ebc06a27055301baa0eee603fc8804216d3544a2a74876e08f664db388
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
c3671ec0adad4a0373c096b5224c7aa6189e616d
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-8257e"
age
0
x-cache
MISS
content-length
533886
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
4ADC:58EB:2C1C04:802E67:6308DB1C
x-timer
S1661524765.695779,VS0,VE42
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
3.jpg
c3rb3ru5d3d53c.github.io/images/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/3.jpg
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
bfd5ecd13a88b7efb2e4fc13146a10e188fffe147fe260c6a6ea34e1e5ce68fc
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
2d2d031b8e8e755e2b95c087dea05c42f5a62c6c
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-e4ef"
age
0
x-cache
MISS
content-length
58607
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
C3F0:0A86:8DC13:156EB6:6308DB1C
x-timer
S1661524765.695762,VS0,VE24
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
profile.jpg
c3rb3ru5d3d53c.github.io/images/ 		105 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3rb3ru5d3d53c.github.io/images/profile.jpg
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
c0e60097915e3168574992e234b5eb9405848ff53ca19c192e942a1e99aab7b0
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
9559c1cedb336e11c5b0ebeb0ada3eedabc0291c
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-1a4ce"
age
0
x-cache
MISS
content-length
107726
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
7A44:38F7:3DB8EE:93CED4:6308DB1C
x-timer
S1661524765.695780,VS0,VE23
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
solarized-light.min.css
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/styles/base16/ 		1 KB
977 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/styles/base16/solarized-light.min.css
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
226f93ad5a7e7506c14b5f233f141100f1cbbbb1227bf337ed5c7ca78e25275b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
63993
x-jsd-version
11.4.0
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19157-FRA, cache-iad-kiad7000119-IAD
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"584-MKvZaIHeB7ozSGhjd0U5WrXW8Io"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0M2K7Yru97N3lozNVhJL5sMD4XTdsOU%2FzQBUQK92FQX6a6I79mn4Yl0kZV75%2FEPCaEdvhukztRNYb5GwXbbyf5MxiwVhaw8vsElbsO9oLwIBzQTn68nceZhTnnnWmupJw7w5eNEEM8EbikBNfl8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139faeecfa-YUL
access-control-expose-headers
*
highlightjs.min.2958991528e43eb6fc9b8c4f2b8e052f79c4010718e1d1e888a777620e9ee63021c2c57ec7417a3108019bb8c41943e6.css
c3rb3ru5d3d53c.github.io/css/ 		108 B
380 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c3rb3ru5d3d53c.github.io/css/highlightjs.min.2958991528e43eb6fc9b8c4f2b8e052f79c4010718e1d1e888a777620e9ee63021c2c57ec7417a3108019bb8c41943e6.css
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
1daecbab7d4c1c9ebedb6d65366b732fdc740568eddb7f2365d4193705f99a61
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-fastly-request-id
ef84482aec663c2249a72ab0b3b8eec39b6934f1
strict-transport-security
max-age=31556952
via
1.1 varnish
etag
"62d06142-6c"
age
0
x-cache
MISS
content-length
108
x-served-by
cache-yul12828-YUL
last-modified
Thu, 14 Jul 2022 18:32:34 GMT
server
GitHub.com
x-github-request-id
8286:57F8:C7CAB:5E3326:6308DB1C
x-timer
S1661524765.695757,VS0,VE23
date
Fri, 26 Aug 2022 14:39:24 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 14:49:24 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
katex.min.css
cdn.jsdelivr.net/npm/katex@0.15.2/dist/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.css
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7808d67f6c9b70ac1619ad7842381be9078ad9533067bc0b22ac5bf7d53306a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
fastly-original-body-size
3476
age
13666200
x-jsd-version
0.15.2
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19183-FRA, cache-yyz4546-YYZ
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"5a48-1NxGHR48idlRyU89wPp/uk7zdec"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2DYlvQLaekw3mNaTi2AFNWgpSWzA0EJlBJ26Wb7jqNvIGEcI8Tc4xzcwAO7QBiV2Vzmu3KkJvzhx6g8pbcMuONHwekppLVvQ4tquKsUGtYded02Z2gzYJcbsJh47ykwgq0P%2FhbxBBHpUFifdhDs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
740d51139fafecfa-YUL
m3jrWoQK6sI
www.youtube.com/embed/ Frame 8012 		63 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/m3jrWoQK6sI
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
276b306315ada9e84f2edb9ee458824b1f0d9ed9984870e3b6991f116734b6f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
date
Fri, 26 Aug 2022 14:39:24 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
www.virustotal.com/graph/embed/ Frame FDF0 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
a58a8e19618fdec36a8997495820211c9f2b774292dd7b04dffab2a0964f215d

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache
content-encoding
gzip
content-length
1589
content-type
text/html; charset=utf-8
date
Fri, 26 Aug 2022 14:39:24 GMT
server
Google Frontend
vary
Accept-Encoding
x-cloud-trace-context
84cc24ce5179407102f3129438f29a88
0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v26/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
38da98e06ba18c4204f547d30572cd81a2dd3fd5438d306856d2617480ee8639
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 19:42:16 GMT
x-content-type-options
nosniff
age
327428
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35660
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:07:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Aug 2023 19:42:16 GMT
H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.5.woff2
fonts.gstatic.com/s/notoserifsc/v22/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notoserifsc/v22/H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.5.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c074f890908399ed70208c98a51b93708c98d1c2e76bfd417465fa8f7b64312d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 00:57:41 GMT
x-content-type-options
nosniff
age
222103
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18384
x-xss-protection
0
last-modified
Mon, 09 May 2022 19:45:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 24 Aug 2023 00:57:41 GMT
H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.4.woff2
fonts.gstatic.com/s/notoserifsc/v22/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notoserifsc/v22/H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c7b5852b08afe8684796921ba8e40b010b5b7e170c48f87387b423cc54473cfc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 19 Aug 2022 20:56:15 GMT
x-content-type-options
nosniff
age
582189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3828
x-xss-protection
0
last-modified
Mon, 09 May 2022 19:45:11 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 19 Aug 2023 20:56:15 GMT
H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.88.woff2
fonts.gstatic.com/s/notoserifsc/v22/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notoserifsc/v22/H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.88.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5f6f3096d4658af8a1420c5c4783f193f40880b24e3686bb767dc3ae280b004
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 18:28:07 GMT
x-content-type-options
nosniff
age
245477
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8500
x-xss-protection
0
last-modified
Mon, 09 May 2022 19:34:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Aug 2023 18:28:07 GMT
widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html
platform.twitter.com/widgets/ Frame 3A42 		320 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D0F) /
Resource Hash
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
848872
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105445
Content-Type
text/html; charset=utf-8
Date
Fri, 26 Aug 2022 14:39:25 GMT
Etag
"50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified
Mon, 15 Aug 2022 23:01:14 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (nyb/1D0F)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=3
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
www-player.css
www.youtube.com/s/player/dc0c6770/ Frame 8012 		343 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/dc0c6770/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c46dad97fbe6c22b941cb28882308b86fc8294511660388fa6d8f8d5ee51f799
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 15:45:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
168865
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48175
x-xss-protection
0
last-modified
Wed, 24 Aug 2022 00:15:11 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Aug 2023 15:45:00 GMT
www-embed-player.js
www.youtube.com/s/player/dc0c6770/www-embed-player.vflset/ Frame 8012 		308 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/dc0c6770/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f5f83f16ff6c285c5f586acaa48c8f986445963cfff1e7f500f95a1689a08dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 15:45:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
168865
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
97486
x-xss-protection
0
last-modified
Wed, 24 Aug 2022 00:15:11 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Aug 2023 15:45:00 GMT
base.js
www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/ Frame 8012 		2 MB
570 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b965b5ea13a1d3532ad68edbe423d83faec7deb454951b72ad1279b473840ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 08:12:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
23226
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
583708
x-xss-protection
0
last-modified
Wed, 24 Aug 2022 00:15:11 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 26 Aug 2023 08:12:19 GMT
fetch-polyfill.js
www.youtube.com/s/player/dc0c6770/fetch-polyfill.vflset/ Frame 8012 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/dc0c6770/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 15:45:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
168865
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2786
x-xss-protection
0
last-modified
Wed, 24 Aug 2022 00:15:11 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Aug 2023 15:45:00 GMT
H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.91.woff2
fonts.gstatic.com/s/notoserifsc/v22/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notoserifsc/v22/H4chBXePl9DZ0Xe7gG9cyOj7oqP0dTpxZbB9E9gjjmzKvaeKHUTtJDWv3z-us4bxD8F5og.91.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cd7157a5dcf0e46d3181e90883b35243fdd178923cbcd0b4d5ebcf3ad4de9308
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://c3rb3ru5d3d53c.github.io
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:51:06 GMT
x-content-type-options
nosniff
age
236899
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8812
x-xss-protection
0
last-modified
Mon, 09 May 2022 19:34:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Aug 2023 20:51:06 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8012 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 15:59:51 GMT
x-content-type-options
nosniff
age
254374
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Aug 2023 15:59:51 GMT
webcomponent-polyfill.js
www.virustotal.com/graph/assets/js/ Frame FDF0 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/js/webcomponent-polyfill.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
078441b8767fe10f5817e9d15f7d72a0b5960e8f243fb4b87713275e8f30a530

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:36:27 GMT
content-encoding
gzip
server
Google Frontend
age
178
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
bfded39f5fe32b6600c7805a9f1699ba
cache-control
public, max-age=2592000
content-length
39000
expires
Sun, 25 Sep 2022 14:36:27 GMT
reset.css
www.virustotal.com/graph/assets/ Frame FDF0 		1 KB
843 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/reset.css
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
87a12aa8f8e1def0dfbb8ed4af019d0766bcf5b493111d43c58e09ae71156e5b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:33:32 GMT
content-encoding
gzip
server
Google Frontend
age
353
etag
"VVKjBg"
content-type
text/css
x-cloud-trace-context
2711ee596e31e7ea37b8ec2ff05b75ec
cache-control
public, max-age=2592000
content-length
720
expires
Sun, 25 Sep 2022 14:33:32 GMT
logo.png
www.virustotal.com/graph/assets/images/ Frame FDF0 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.virustotal.com/graph/assets/images/logo.png
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
6b0d602ed2ec4e1c8a077bb04f56772c2dd68a41591aa84b3166dc3133b52213

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:25 GMT
server
Google Frontend
etag
"VVKjBg"
x-cloud-trace-context
081de0965a478d48c1ac9bbfecb3786a
content-type
image/png
11.main.bundle.ff0067bb23a88d7b2b85.js
www.virustotal.com/graph/assets/ Frame FDF0 		142 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/11.main.bundle.ff0067bb23a88d7b2b85.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
6e873db6b09aad8980750e5ba1af66d0d2b8a48be42dc2e08828419095e5254b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
server
Google Frontend
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
4d898912f6ac1e83194cb27b977d7386
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:25 GMT
main.bundle.5904cc127624c422fbd1.js
www.virustotal.com/graph/assets/ Frame FDF0 		73 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
d6bfa1795990e3d67994e031ed2fb978a9e14bad95fdb7792f1013bf0a98e04e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:27:14 GMT
content-encoding
gzip
server
Google Frontend
age
731
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
72f185f0cd4d7e38851842054b3eb3b2
cache-control
public, max-age=2592000
content-length
18459
expires
Sun, 25 Sep 2022 14:27:14 GMT
settings
syndication.twitter.com/ Frame 3A42 		710 B
589 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
aca4ff92368d1e601edc0cb3590be251d5af55460e57f9a61b3d8caffcd27f17
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-response-time
81
date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
last-modified
Fri, 26 Aug 2022 14:39:25 GMT
server
tsa_b
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
2ce479750797120861a9d775c47eafbc550c04c774a697032a7c24676938e7ba
content-length
308
id
googleads.g.doubleclick.net/pagead/ Frame 8012
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H3
Server
2607:f8b0:4006:820::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
259d78b06cbdb5c34f3f2b563300514486ac88eefe7876b46b007499cb3338ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 26 Aug 2022 14:39:25 GMT
x-content-type-options
nosniff
access-control-allow-origin
https://www.youtube.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 8012 		29 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:25:40 GMT
x-content-type-options
nosniff
age
825
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 26 Aug 2022 14:40:40 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 26 Aug 2022 14:39:25 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 8012 		66 KB
30 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
974399a1f1daf3cf519b60e68382f8f97c1e5e605e2dbd95dca6a9dd3070e749
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
30917
x-xss-protection
0
remote.js
www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/ Frame 8012 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d11456b63b5c38068e361ec84ff64d333bc98578a4ce087aa7d247c375225db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 15:46:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
168804
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37632
x-xss-protection
0
last-modified
Wed, 24 Aug 2022 00:15:11 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Aug 2023 15:46:01 GMT
H7nvYvOfHnKCxYWMHscKykYq8uwe1E_aCBXglESdy34.js
www.google.com/js/th/ Frame 8012 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/H7nvYvOfHnKCxYWMHscKykYq8uwe1E_aCBXglESdy34.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1fb9ef62f39f1e7282c5858c1ec70aca462af2ec1ed44fda0815e094449dcb7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 23:20:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
141538
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14250
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 09:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Aug 2023 23:20:27 GMT
embed.js
www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/ Frame 8012 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6213757206887834644a01f9241c38380896447b81c3215e1a1681b59201060c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 15:45:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
168865
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8224
x-xss-protection
0
last-modified
Wed, 24 Aug 2022 00:15:11 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Aug 2023 15:45:00 GMT
truncated
/ Frame 8012 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png
fwNeDcpVjHzqkt8xvF_3ZSVHOJwun39lNqG6ocQi1Xm7X1aaMOurm42-MMLW5eGwXq5Tsz1p=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 8012 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yt3.ggpht.com/fwNeDcpVjHzqkt8xvF_3ZSVHOJwun39lNqG6ocQi1Xm7X1aaMOurm42-MMLW5eGwXq5Tsz1p=s68-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
0381898ea99e8bc92a05275ee5f79f5e694d6ec6806c6dcadc7873267ce79b7f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 12:43:13 GMT
x-content-type-options
nosniff
age
6972
content-disposition
inline;filename="channels4_profile.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3970
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 11 Jul 2022 23:58:35 GMT
sddefault.jpg
i.ytimg.com/vi/m3jrWoQK6sI/ Frame 8012 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/m3jrWoQK6sI/sddefault.jpg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2016 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
729cffe5abe28a53d2aaa4dcf3ad2e00af20471da555abb5224709840a37bbcd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33860
x-xss-protection
0
server
sffe
etag
"1656945562"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 26 Aug 2022 16:39:25 GMT
signin
www.virustotal.com/ui/ Frame FDF0 		113 B
396 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/ui/signin
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
cd65bb5700e28845e01bf3997019c23f532ab8f0e239dd4674a1e44591e38285

Request headers

X-Tool
graph-ui
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
content-type
application/json
accept
application/json
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
accept-Ianguage
en-US,en;q=0.9,es;q=0.8
X-VT-Anti-Abuse-Header
MTM2NDMyMjQ5MTctWkc5dWRDQmlaU0JsZG1scy0xNjYxNTI0NzY1LjY1Mw==

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-cloud-trace-context
30e4791f85d7f59c45c0cef9d0df9c2c
cache-control
no-cache
content-length
106
49c38ca80a36de91a194.worker.js
www.virustotal.com/graph/assets/ Frame FDF0 		509 KB
142 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/49c38ca80a36de91a194.worker.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
8fcd2971fad5a09b3fc5f4c3dff98d05db36250958d2a2c69a1bcc4083882f92

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
server
Google Frontend
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
4d898912f6ac1e83194cb27b977d7386
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:25 GMT
tweet.5b94507822be1b77b58bef86fc7cd9f7.js
platform.twitter.com/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/tweet.5b94507822be1b77b58bef86fc7cd9f7.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D16) /
Resource Hash
543f1e90e16b91657384920db11d373b377d4e152e1b9081099f7c6ed7de5765

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c3rb3ru5d3d53c.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:25 GMT
Content-Encoding
gzip
Age
848872
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
2620
x-tw-cdn
VZ
Last-Modified
Mon, 15 Aug 2022 23:01:06 GMT
Server
ECS (nyb/1D16)
Etag
"de945abf31c14b2f81f9f499871cbe47+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
generate_204
www.youtube.com/ Frame 8012 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?v8U-RQ
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/m3jrWoQK6sI
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 8012 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 26 Aug 2022 14:39:28 GMT
Tweet.html
platform.twitter.com/embed/ Frame ECF2 		406 B
983 B 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1DD2) /
Resource Hash
b64c04792edbe427b98b645d32df75732e5424d3a6d1e840173584dc211aa034

Request headers

Referer
https://c3rb3ru5d3d53c.github.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Age
1372
Cache-Control
public, max-age=1800
Content-Length
406
Content-Type
text/html; charset=utf-8
Date
Fri, 26 Aug 2022 14:39:25 GMT
Etag
"dd452c08b92523224f8e8cea00e3831c"
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (nyb/1DD2)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
X-Cache
HIT
x-tw-cdn
VZ
embed.runtime.77551932feacdf3e1432.js
platform.twitter.com/embed/ Frame ECF2 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D0F) /
Resource Hash
bd12d05fdd69aa3f07360894560e0bc1be44fdce5be16d0636616d5734ae2109

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:25 GMT
Content-Encoding
gzip
Age
848872
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
3368
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D0F)
Etag
"c48f684e35b58d9d8912347c92ede7e2+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.modules.22436ce161b8a1362ef3.js
platform.twitter.com/embed/ Frame ECF2 		497 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.modules.22436ce161b8a1362ef3.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D1A) /
Resource Hash
955ce104740b084bf508227d36801bb475235b7de0191428e7053df2311865bc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:25 GMT
Content-Encoding
gzip
Age
848872
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
165822
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D1A)
Etag
"2b6c114de2ad3be0593f59454c05064f+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.Tweet.37db06d48778970271d7.js
platform.twitter.com/embed/ Frame ECF2 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.Tweet.37db06d48778970271d7.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D08) /
Resource Hash
4a00637aa353e2f5120dff7d29ab6b2997f2edee0ac7b80792a82ef03a804548

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:25 GMT
Content-Encoding
gzip
Age
848872
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
6310
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D08)
Etag
"e57abd0dbfb15102e9ba7c6f51cbc53f+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
12.main.bundle.53eebdfbac253654a285.js
www.virustotal.com/graph/assets/ Frame FDF0 		437 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/12.main.bundle.53eebdfbac253654a285.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
eab884aaf357109c5ae8fbf6302af0669d3cab0c9fe658686eed13c30554e4be

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
server
Google Frontend
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
ecf1e2935ea27f56bc3de541ed2563b0
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:25 GMT
8.main.bundle.2055e311f0e698d6f7d1.js
www.virustotal.com/graph/assets/ Frame FDF0 		225 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/8.main.bundle.2055e311f0e698d6f7d1.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
c4a0e30a1e0278ed02911b8227ce1af4d9f34aa210a5af9ce95d4912bcdffeb5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:25 GMT
content-encoding
gzip
server
Google Frontend
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
86d9d913524dbd495103714411280461
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:25 GMT
embed.vendors~ondemand.horizon-web.i18n.ar-js~ondemand.horizon-web.i18n.ar-x-fm-js~ondemand.horizon-web.i1~98d47477.022b10081a82154299a6.js
platform.twitter.com/embed/ Frame ECF2 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.i18n.ar-js~ondemand.horizon-web.i18n.ar-x-fm-js~ondemand.horizon-web.i1~98d47477.022b10081a82154299a6.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D12) /
Resource Hash
ba29b730d69c2353e3a3d6347b2da26d0a6ef9eff2a4bb2e7c99f470af05831a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:25 GMT
Content-Encoding
gzip
Age
848872
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
6794
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D12)
Etag
"f2b43f31a678952bb606698c2510fadc+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.ondemand.i18n.en-js.26aa117248996d58e1bc.js
platform.twitter.com/embed/ Frame ECF2 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.26aa117248996d58e1bc.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D2B) /
Resource Hash
04d805cf6b74dbc28de8c916eb53f9d7d84e36ae2efdb0b04c7a8e321b2bf0c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:26 GMT
Content-Encoding
gzip
Age
848873
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=3
Content-Length
1395
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D2B)
Etag
"47d31d660d06d314ae8d4664808594e6+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.vendors~ondemand.horizon-web.i18n.en-js.1c97cb46d8f406ddd7b9.js
platform.twitter.com/embed/ Frame ECF2 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.i18n.en-js.1c97cb46d8f406ddd7b9.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D35) /
Resource Hash
00f42fa843b0f3ddc9f8028adfe75a3223a3810de9aad23fba78f9f61d09ac28

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:25 GMT
Content-Encoding
gzip
Age
848872
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
11303
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D35)
Etag
"1bce9aa204be77ae1eb8a5af6214f3bc+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
analytics.js
www.google-analytics.com/ Frame FDF0 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5825
date
Fri, 26 Aug 2022 13:02:21 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 26 Aug 2022 15:02:21 GMT
1.main.bundle.9a6bd8c7357f185408ae.js
www.virustotal.com/graph/assets/ Frame FDF0 		223 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/1.main.bundle.9a6bd8c7357f185408ae.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
cb00ac0a83ca81eba1279ab63008d584f6cab02e8b303aef5c35fd7ab11d49c1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:26 GMT
content-encoding
gzip
server
Google Frontend
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
32f1826bcf80702f3f93bc41dce4a033
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:26 GMT
2.main.bundle.9a92fbe8cc285ee648ca.js
www.virustotal.com/graph/assets/ Frame FDF0 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/2.main.bundle.9a92fbe8cc285ee648ca.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
0fdd47fc4feaeda738afb387e6555343fbf8ad8350a92e07cbab109c6dd187a4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:26 GMT
content-encoding
gzip
server
Google Frontend
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
af0a27020470d0f084b257794d6b1c28
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:26 GMT
17.main.bundle.d481e7896e9409eff36b.js
www.virustotal.com/graph/assets/ Frame FDF0 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.virustotal.com/graph/assets/17.main.bundle.d481e7896e9409eff36b.js
Requested by
Host: www.virustotal.com
URL: https://www.virustotal.com/graph/assets/main.bundle.5904cc127624c422fbd1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
c26cd913b5b2099f3c837b35d306e0400adef7d6acd3b59f77bd02f9b710d509

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:26 GMT
content-encoding
gzip
server
Google Frontend
etag
"VVKjBg"
content-type
application/javascript
x-cloud-trace-context
163a7b6a235bf21834d13ac32a983fb4
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:26 GMT
embed.vendors~ondemand.Tweet.e54d69b39047ba47eee9.js
platform.twitter.com/embed/ Frame ECF2 		666 KB
183 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.e54d69b39047ba47eee9.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D0D) /
Resource Hash
23ca344f4c79cfe310d2126ea0ddf6c46a75c0fd0a9f6226ea12f2aad3247b18

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:26 GMT
Content-Encoding
gzip
Age
848873
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
186983
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D0D)
Etag
"f2eb48291075cf219654edd01a6ab7c8+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.ondemand.Tweet.5fc7d13e1d7da5819eef.js
platform.twitter.com/embed/ Frame ECF2 		82 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.ondemand.Tweet.5fc7d13e1d7da5819eef.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1DCD) /
Resource Hash
94d6cf2810716bc417e93ea855cd83622b7ca1e2fd96fdf8c36154ac493a84e2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:26 GMT
Content-Encoding
gzip
Age
848873
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
18346
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1DCD)
Etag
"8c0d595e288c949c0441b06ac24bea02+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 8012 		98 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
eec57d270e4dfba5e7ed32e31363ca24631b2d73703565ba30ccf958f421632a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Fri, 26 Aug 2022 14:39:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
118
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 26 Aug 2022 14:39:26 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
embed.ondemand.Dropdown.5c1c610935c86ba65697.js
platform.twitter.com/embed/ Frame ECF2 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.ondemand.Dropdown.5c1c610935c86ba65697.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D08) /
Resource Hash
b086dc80b7682d9c831f918566694d9ea4f078c382efaf6a4b2509b7236365f9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1478259210110775297&lang=en&origin=https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F&sessionId=b155aa93c45684c6ddf9634f0f4314e0c0c4c44c&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Fri, 26 Aug 2022 14:39:26 GMT
Content-Encoding
gzip
Age
848873
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
2216
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (nyb/1D08)
Etag
"6efa12a2c28064b9fd1f5f96db8b3fbb+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
tweet-result
cdn.syndication.twimg.com/ Frame ECF2 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.syndication.twimg.com/tweet-result?features=tfw_timeline_list%3Alinktr.ee%2Ctr.ee%3Btfw_horizon_timeline_12034%3Atreatment%3Btfw_tweet_edit_backend%3Aon%3Btfw_refsrc_session%3Aon%3Btfw_chin_pills_14741%3Acolor_icons%3Btfw_tweet_result_migration_13979%3Atweet_result%3Btfw_sensitive_media_interstitial_13963%3Ainterstitial%3Btfw_experiments_cookie_expiration%3A1209600%3Btfw_duplicate_scribes_to_settings%3Aon%3Btfw_tweet_edit_frontend%3Aoff&id=1478259210110775297&lang=en
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.22436ce161b8a1362ef3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:1410:489:141e:20bb:12f6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_b / Express
Resource Hash
bcb6c239cd273a41bfdc7548c5f56f2e5e980738208caa5738933fc41ca8ff95
Security Headers
Name Value
Content-Security-Policy connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding
gzip
etag
W/"439-vEaL9eB0JpYC/sc+9TZ7BlPMh7Q"
x-powered-by
Express
access-control-allow-methods
GET
server-timing
x-cache;desc= ,x-tw-cdn;desc=VZ,edge;dur=133
strict-transport-security
max-age=631138519
x-xss-protection
0
x-response-time
112
server
tsa_b
x-frame-options
SAMEORIGIN
date
Fri, 26 Aug 2022 14:39:26 GMT
vary
Origin, Accept-Encoding
x-tw-cdn
VZ, VZ
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=60
access-control-allow-credentials
true
x-connection-hash
7d9c9a6e18f1c731a4d5f496c3719cc4dc8a6cb15bd5f31bc40a54e9865c7250
x-content-type-options
nosniff
access-contol-allow-origin
platform.twitter.com
domain_icon.png
www.virustotal.com/graph/assets/images/ Frame FDF0 		492 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.virustotal.com/graph/assets/images/domain_icon.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947

Request headers

Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
Origin
https://www.virustotal.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:26 GMT
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:26 GMT
server
Google Frontend
etag
"VVKjBg"
x-cloud-trace-context
9a9751f533bd6d9af914991b39c3c60d
content-type
image/png
domain_icon.png
www.virustotal.com/graph/assets/images/ Frame FDF0 		492 B
576 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.virustotal.com/graph/assets/images/domain_icon.png
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
Google Frontend /
Resource Hash
2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.virustotal.com/graph/embed/gca09a155495b4964a06b646bd6f44968497a6599a6a44c239db66e0410c5a9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 14:39:26 GMT
cache-control
public, max-age=2592000
expires
Sun, 25 Sep 2022 14:39:26 GMT
server
Google Frontend
etag
"VVKjBg"
x-cloud-trace-context
5877bd63cd546c36fb471f25e98b5169
content-type
image/png
embeds
syndication.twitter.com/i/jot/ Frame ECF2 		43 B
134 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661524766539%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22rufous-eol%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2ce14a46402b%3A1660602685002%22%2C%22item_ids%22%3A%5B%221478259210110775297%22%5D%2C%22item_details%22%3A%7B%221478259210110775297%22%3A%7B%22item_type%22%3A0%7D%7D%7D
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-response-time
72
date
Fri, 26 Aug 2022 14:39:26 GMT
last-modified
Fri, 26 Aug 2022 14:39:26 GMT
server
tsa_b
vary
Origin
content-type
image/gif
cache-control
must-revalidate, max-age=600
x-connection-hash
2ce479750797120861a9d775c47eafbc550c04c774a697032a7c24676938e7ba
strict-transport-security
max-age=631138519
content-length
43
yOy5xDjU_normal.jpg
pbs.twimg.com/profile_images/1248419170187792389/ Frame ECF2 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/1248419170187792389/yOy5xDjU_normal.jpg
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:46::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
338c7f19ffe39e54e28a71b9c4675a5c744135188f5afe31b1a11e8d5b941b4d
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Fri, 10 Apr 2020 01:12:59 GMT
date
Fri, 26 Aug 2022 14:39:26 GMT
x-tw-cdn
FT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
HIT, HIT
server-timing
x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
2111
x-served-by
cache-fty21336-FTY, cache-lga21930-LGA, cache-tw-ZZZ1
embeds
syndication.twitter.com/i/jot/ Frame ECF2 		43 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661524766749%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22seen%22%2C%22section%22%3A%22main%22%2C%22component%22%3A%22privacy-notice%22%7D%2C%22context%22%3A%22rufous-eol%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2ce14a46402b%3A1660602685002%22%2C%22item_ids%22%3A%5B%221478259210110775297%22%5D%2C%22item_details%22%3A%7B%221478259210110775297%22%3A%7B%22item_type%22%3A0%7D%7D%7D
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-response-time
78
date
Fri, 26 Aug 2022 14:39:25 GMT
last-modified
Fri, 26 Aug 2022 14:39:26 GMT
server
tsa_b
vary
Origin
content-type
image/gif
cache-control
must-revalidate, max-age=600
x-connection-hash
2ce479750797120861a9d775c47eafbc550c04c774a697032a7c24676938e7ba
strict-transport-security
max-age=631138519
content-length
43
embeds
syndication.twitter.com/i/jot/ Frame ECF2 		43 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661524766759%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22rufous-eol%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2ce14a46402b%3A1660602685002%22%2C%22item_ids%22%3A%5B%221478259210110775297%22%5D%2C%22item_details%22%3A%7B%221478259210110775297%22%3A%7B%22item_type%22%3A0%7D%7D%7D
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-response-time
69
date
Fri, 26 Aug 2022 14:39:26 GMT
last-modified
Fri, 26 Aug 2022 14:39:26 GMT
server
tsa_b
vary
Origin
content-type
image/gif
cache-control
must-revalidate, max-age=600
x-connection-hash
2ce479750797120861a9d775c47eafbc550c04c774a697032a7c24676938e7ba
strict-transport-security
max-age=631138519
content-length
43
embeds
syndication.twitter.com/i/jot/ Frame ECF2 		43 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661524766772%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22rufous-eol%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fc3rb3ru5d3d53c.github.io%2Fmalware-blog%2F2022-07-04-bitter-apt-zxxz-backdoor%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2ce14a46402b%3A1660602685002%22%2C%22item_ids%22%3A%5B%221478259210110775297%22%5D%2C%22item_details%22%3A%7B%221478259210110775297%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A932.5%7D
Requested by
Host: c3rb3ru5d3d53c.github.io
URL: https://c3rb3ru5d3d53c.github.io/malware-blog/2022-07-04-bitter-apt-zxxz-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-response-time
75
date
Fri, 26 Aug 2022 14:39:26 GMT
last-modified
Fri, 26 Aug 2022 14:39:26 GMT
server
tsa_b
vary
Origin
content-type
image/gif
cache-control
must-revalidate, max-age=600
x-connection-hash
2ce479750797120861a9d775c47eafbc550c04c774a697032a7c24676938e7ba
strict-transport-security
max-age=631138519
content-length
43
log_event
www.youtube.com/youtubei/v1/ Frame 8012 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
X-Goog-Request-Time
1661524767507
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
X-YouTube-Client-Version
1.20220823.01.00
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
CgtQc0JvYXA4Qk1KMCictqOYBg%3D%3D
X-YouTube-Ad-Signals
dt=1661524765395&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image

Response headers

date
Fri, 26 Aug 2022 14:39:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0
cast_sender.js
www.gstatic.com/eureka/clank/104/ Frame 8012 		52 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/104/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a35a51e32439cce8b4dd6734f65c18debec94ca81a30640b2ccaba988ce1639e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 11:36:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10971
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15107
x-xss-protection
0
last-modified
Mon, 30 May 2022 15:03:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Sat, 27 Aug 2022 11:36:37 GMT
log_event
www.youtube.com/youtubei/v1/ Frame 8012 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/dc0c6770/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
X-Goog-Request-Time
1661524770388
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/m3jrWoQK6sI
X-YouTube-Client-Version
1.20220823.01.00
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
CgtQc0JvYXA4Qk1KMCictqOYBg%3D%3D
X-YouTube-Ad-Signals
dt=1661524765448&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image

Response headers

date
Fri, 26 Aug 2022 14:39:30 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| enableStickyToc function| enableMasonry function| imgLoad function| resizeGridItem function| resizeAllGridItems function| resizeInstance function| getcolorscheme function| switchMode function| switchDarkMode function| switchBurger function| switchLanguage function| switchDocToc function| changeSidebarHeight function| switchDocVersion object| hljs object| __twttrll object| twttr object| __twttr object| FontAwesomeConfig object| ___FONT_AWESOME___ object| katex function| renderMathInElement object| mermaid

2 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: o52C5FUYPbY
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: PsBoap8BMJ0

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://www.virustotal.com/ui/signin
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556952

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c3rb3ru5d3d53c.github.io
cdn.jsdelivr.net
cdn.syndication.twimg.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
jnn-pa.googleapis.com
pbs.twimg.com
platform.twitter.com
static.doubleclick.net
syndication.twitter.com
www.google-analytics.com
www.google.com
www.gstatic.com
www.virustotal.com
www.youtube.com
yt3.ggpht.com
104.244.42.8
2606:2800:220:131d:1d30:1f1d:238b:1e56
2606:2800:220:1410:489:141e:20bb:12f6
2606:4700::6810:5514
2606:50c0:8002::153
2607:f8b0:4006:807::2004
2607:f8b0:4006:80b::2003
2607:f8b0:4006:80c::2001
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80c::200e
2607:f8b0:4006:80d::200a
2607:f8b0:4006:80d::200e
2607:f8b0:4006:817::2006
2607:f8b0:4006:81c::2016
2607:f8b0:4006:820::2002
2607:f8b0:4006:823::200a
2a04:4e42:46::159
74.125.34.46
00f42fa843b0f3ddc9f8028adfe75a3223a3810de9aad23fba78f9f61d09ac28
0381898ea99e8bc92a05275ee5f79f5e694d6ec6806c6dcadc7873267ce79b7f
04d805cf6b74dbc28de8c916eb53f9d7d84e36ae2efdb0b04c7a8e321b2bf0c6
078441b8767fe10f5817e9d15f7d72a0b5960e8f243fb4b87713275e8f30a530
0c01f54a2e19f5f43cac4ed95810c64aaa08c870c50418f319acc68a2e25f470
0cda966a355c28be0d906c25de27b922264e84c2efa52e309ce8e2daef351c12
0ce5e68318d24ac84633bda31282273969471179c15c23ccec56dddfb905c371
0fdd47fc4feaeda738afb387e6555343fbf8ad8350a92e07cbab109c6dd187a4
1828162a4978444dfe33f4cd1f977f17cd13cf7d0f413f8eb9bab9437239736d
1b33677981223e9dc39fe05b6cdd78dc3e0c37b6d877a0be4cc9781d21002840
1daecbab7d4c1c9ebedb6d65366b732fdc740568eddb7f2365d4193705f99a61
1fb9ef62f39f1e7282c5858c1ec70aca462af2ec1ed44fda0815e094449dcb7e
226f93ad5a7e7506c14b5f233f141100f1cbbbb1227bf337ed5c7ca78e25275b
23ca344f4c79cfe310d2126ea0ddf6c46a75c0fd0a9f6226ea12f2aad3247b18
259d78b06cbdb5c34f3f2b563300514486ac88eefe7876b46b007499cb3338ff
276b306315ada9e84f2edb9ee458824b1f0d9ed9984870e3b6991f116734b6f2
2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947
33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d
338c7f19ffe39e54e28a71b9c4675a5c744135188f5afe31b1a11e8d5b941b4d
38da98e06ba18c4204f547d30572cd81a2dd3fd5438d306856d2617480ee8639
3cdc0c53e4da1e590203cb99635a6d7f1b613eb5975a4b1522af12ab63017205
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4256f7d4f171238fed1762bc91478a8daf0f47a74b0e2c21f4c50646c8c0f23b
444724c7adb224998fce30c42371ef2142556259fd3e42426beef25ad0119556
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4a00637aa353e2f5120dff7d29ab6b2997f2edee0ac7b80792a82ef03a804548
4b965b5ea13a1d3532ad68edbe423d83faec7deb454951b72ad1279b473840ec
4f5f83f16ff6c285c5f586acaa48c8f986445963cfff1e7f500f95a1689a08dc
50880e32498248a8e2344710bec9112628ea20f3be2f5175532294b596ea5d96
52ae21710f041e4d869a0bbb65f55a40892df166ad81187c9e5489dc5cac00b3
543f1e90e16b91657384920db11d373b377d4e152e1b9081099f7c6ed7de5765
5d11456b63b5c38068e361ec84ff64d333bc98578a4ce087aa7d247c375225db
61b7d470233ab5d9b583bebdbca04b53df51632ac6c058ccfd40b00476a4b2ec
6213757206887834644a01f9241c38380896447b81c3215e1a1681b59201060c
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6b0d602ed2ec4e1c8a077bb04f56772c2dd68a41591aa84b3166dc3133b52213
6e023d5a12ce3d25253eb7601d4837acf201dafabe0fe9989144ccdead14f1fc
6e0af10a5030fa409da15edbd6750a489f14cbc2fd90b11be6abd88c2cf54793
6e873db6b09aad8980750e5ba1af66d0d2b8a48be42dc2e08828419095e5254b
6ee35358a7fcb0dce363209850f989fc8efd3f0672c6a3dffde121b4b955bb30
6fe84ce61c213843c3545ed452cb88daec97954575510bb21f2c26a91c3fa327
729cffe5abe28a53d2aaa4dcf3ad2e00af20471da555abb5224709840a37bbcd
7b5b36ad32bca08a519ddc3ed4e57e5be1fc4e1d202ef16687e6825f93fd2abe
7ea0aeaf995b6da6297a63d5de19640e575487632fe7b289fed9f289b3b03519
81fd32ec0638c1c7fc1c6bb17ead46e78c887d23a6f2cdfecb1b647bf27b0e6f
87a12aa8f8e1def0dfbb8ed4af019d0766bcf5b493111d43c58e09ae71156e5b
8a97eaae60c7df18708323a91a1e8137088eb958336f83c25d41989064d0787e
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8fcd2971fad5a09b3fc5f4c3dff98d05db36250958d2a2c69a1bcc4083882f92
94d6cf2810716bc417e93ea855cd83622b7ca1e2fd96fdf8c36154ac493a84e2
955ce104740b084bf508227d36801bb475235b7de0191428e7053df2311865bc
974399a1f1daf3cf519b60e68382f8f97c1e5e605e2dbd95dca6a9dd3070e749
97bbd1600995442c8a0ad41a46477044a8e31af1c254e959c3285bf958ecbd92
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a35a51e32439cce8b4dd6734f65c18debec94ca81a30640b2ccaba988ce1639e
a58a8e19618fdec36a8997495820211c9f2b774292dd7b04dffab2a0964f215d
a5f6f3096d4658af8a1420c5c4783f193f40880b24e3686bb767dc3ae280b004
a97044ecffd953411cfa382f02aeaa9c9538f08c42ee145251c0e863739f03c3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca4ff92368d1e601edc0cb3590be251d5af55460e57f9a61b3d8caffcd27f17
b086dc80b7682d9c831f918566694d9ea4f078c382efaf6a4b2509b7236365f9
b64c04792edbe427b98b645d32df75732e5424d3a6d1e840173584dc211aa034
ba29b730d69c2353e3a3d6347b2da26d0a6ef9eff2a4bb2e7c99f470af05831a
bcb6c239cd273a41bfdc7548c5f56f2e5e980738208caa5738933fc41ca8ff95
bce8b3a06dd86b0b3532321637cd98e4bf23b60dda18f7b6beee4df1cc34b149
bd12d05fdd69aa3f07360894560e0bc1be44fdce5be16d0636616d5734ae2109
bed4b452d5c6e2aaad155a9c901e6f78bfcc70b935c31b799fe9665f8d5f6476
bfd5ecd13a88b7efb2e4fc13146a10e188fffe147fe260c6a6ea34e1e5ce68fc
c074f890908399ed70208c98a51b93708c98d1c2e76bfd417465fa8f7b64312d
c0e60097915e3168574992e234b5eb9405848ff53ca19c192e942a1e99aab7b0
c26cd913b5b2099f3c837b35d306e0400adef7d6acd3b59f77bd02f9b710d509
c46dad97fbe6c22b941cb28882308b86fc8294511660388fa6d8f8d5ee51f799
c4a0e30a1e0278ed02911b8227ce1af4d9f34aa210a5af9ce95d4912bcdffeb5
c7b5852b08afe8684796921ba8e40b010b5b7e170c48f87387b423cc54473cfc
cb00ac0a83ca81eba1279ab63008d584f6cab02e8b303aef5c35fd7ab11d49c1
cb7f4ca60ed5dc3e258415f8c7a3b46d4a93578a52adf83011f18a7f190e7602
cd65bb5700e28845e01bf3997019c23f532ab8f0e239dd4674a1e44591e38285
cd7157a5dcf0e46d3181e90883b35243fdd178923cbcd0b4d5ebcf3ad4de9308
d6bfa1795990e3d67994e031ed2fb978a9e14bad95fdb7792f1013bf0a98e04e
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3bdb8310822ac73142b96899e8a798c41446fb7490fd3568737e9e442d0239e
e56a38ebc06a27055301baa0eee603fc8804216d3544a2a74876e08f664db388
eab884aaf357109c5ae8fbf6302af0669d3cab0c9fe658686eed13c30554e4be
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eec57d270e4dfba5e7ed32e31363ca24631b2d73703565ba30ccf958f421632a
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef04f7e13234a4405e105a22e33faf86e49d74687abd44cc59da89d920deda38
f7808d67f6c9b70ac1619ad7842381be9078ad9533067bc0b22ac5bf7d53306a
fae89e56c01663aa682baf7a2768f2b78e56e34c8786059d319ec3773a96f307