urlscan.io logo urlscan.io
SecurityTrails logo

malware.dontneedcoffee.com Open in urlscan Pro
2606:4700:30::6818:6e0d  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Effective URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Submission: On June 24 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 4 domains to perform 46 HTTP transactions. The main IP is 2606:4700:30::6818:6e0d, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is malware.dontneedcoffee.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on June 2nd 2019. Valid for: 6 months.
This is the only time malware.dontneedcoffee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 7 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
11 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
46 8
7    2606:4700:30::6818:6e0d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
malware.dontneedcoffee.com
1    2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
11    2a00:1450:4001:814::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
2.bp.blogspot.com
9    2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
3.bp.blogspot.com
10    2a00:1450:4001:817::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
4.bp.blogspot.com
4    2a00:1450:4001:824::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
1.bp.blogspot.com
1    2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
4    2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com
Domain Requested by
11 2.bp.blogspot.com malware.dontneedcoffee.com
10 4.bp.blogspot.com malware.dontneedcoffee.com
9 3.bp.blogspot.com malware.dontneedcoffee.com
7 malware.dontneedcoffee.com 1 redirects malware.dontneedcoffee.com
ajax.googleapis.com
4 fonts.gstatic.com malware.dontneedcoffee.com
4 1.bp.blogspot.com malware.dontneedcoffee.com
1 fonts.googleapis.com ajax.googleapis.com
1 ajax.googleapis.com malware.dontneedcoffee.com
46 8
Subject Issuer Validity Valid
sni181508.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-06-02 -
2019-12-09		 6 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-06-11 -
2019-09-03		 3 months crt.sh
*.googleusercontent.com
Google Internet Authority G3		 2019-06-11 -
2019-09-03		 3 months crt.sh
*.google.com
Google Internet Authority G3		 2019-06-11 -
2019-09-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Frame ID: 5DB10EB1BA79047BA2412B837379F045
Requests: 46 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://malware.dontneedcoffee.com/2014/09/astrum-ek.html HTTP 301
    https://malware.dontneedcoffee.com/2014/09/astrum-ek.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Overall confidence: 100%
Detected patterns
  • html /<div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
  • script /googleapis\.com\/.+webfont/i
Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Page Statistics

46
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

8
Subdomains

8
IPs

2
Countries

4300 kB
Transfer

4563 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://malware.dontneedcoffee.com/2014/09/astrum-ek.html HTTP 301
    https://malware.dontneedcoffee.com/2014/09/astrum-ek.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

46 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request astrum-ek.html
malware.dontneedcoffee.com/2014/09/
Redirect Chain
  • http://malware.dontneedcoffee.com/2014/09/astrum-ek.html
  • https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
48 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:6e0d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f979961f4dbcfc0833056d4215bdbd211a2ebe19cc1133cd54fc23c19a59db0

Request headers

:method
GET
:authority
malware.dontneedcoffee.com
:scheme
https
:path
/2014/09/astrum-ek.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 24 Jun 2019 17:18:00 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d94db12828cf57a624dfdfac50bec98ab1561396680; expires=Tue, 23-Jun-20 17:18:00 GMT; path=/; domain=.dontneedcoffee.com; HttpOnly; Secure
last-modified
Fri, 21 Jun 2019 20:23:06 GMT
access-control-allow-origin
*
expires
Mon, 24 Jun 2019 17:28:00 GMT
cache-control
max-age=600
x-proxy-cache
MISS
x-github-request-id
EA0C:6732:D7766F:117918D:5D1105C7
via
1.1 varnish
age
0
x-served-by
cache-fra19169-FRA
x-cache
MISS
x-cache-hits
0
x-timer
S1561396680.231210,VS0,VE150
vary
Accept-Encoding
x-fastly-request-id
782eff7a056fb357e83a9462945e1e6c8064c909
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4ec05bc359de638f-FRA
content-encoding
br

Redirect headers

Date
Mon, 24 Jun 2019 17:18:00 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Mon, 24 Jun 2019 18:18:00 GMT
Location
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
4ec05bc2fd86c303-FRA
styles_feeling_responsive.css
malware.dontneedcoffee.com/assets/css/ 		136 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://malware.dontneedcoffee.com/assets/css/styles_feeling_responsive.css
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:6e0d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdd1d293435a55d9fb39be75b21e0656130d5618f4bd63c7227e3de1f08ffdbd

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id
f14956d021c4e66ab8a3b5b75eb96dd352e66672
date
Mon, 24 Jun 2019 17:18:00 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
content-encoding
br
x-served-by
cache-fra19172-FRA
last-modified
Fri, 21 Jun 2019 20:23:06 GMT
server
cloudflare
x-github-request-id
4036:5F26:69B360:898172:5D0D40E4
x-timer
S1561149669.591795,VS0,VE120
etag
W/"5d0d3caa-220ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
expires
Mon, 24 Jun 2019 21:18:00 GMT
cache-control
public, max-age=14400
cf-ray
4ec05bc48ab8638f-FRA
x-cache-hits
0
modernizr.min.js
malware.dontneedcoffee.com/assets/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://malware.dontneedcoffee.com/assets/js/modernizr.min.js
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:6e0d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id
f4653fd493497dabe72dd94ab7a489ec4b54e00d
date
Mon, 24 Jun 2019 17:18:00 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
content-encoding
br
x-served-by
cache-hhn1536-HHN
last-modified
Fri, 21 Jun 2019 20:23:06 GMT
server
cloudflare
x-github-request-id
D16E:198C:14074A:1A2F64:5D0D5890
x-timer
S1561155728.450803,VS0,VE91
etag
W/"5d0d3caa-2b4c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Mon, 24 Jun 2019 21:18:00 GMT
cache-control
public, max-age=14400
cf-ray
4ec05bc48ab9638f-FRA
x-cache-hits
0
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 31 May 2019 20:16:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2062885
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
6490
x-xss-protection
0
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 May 2020 20:16:35 GMT
logo.png
malware.dontneedcoffee.com/assets/img/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://malware.dontneedcoffee.com/assets/img/logo.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:6e0d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
02cc3eb3252a538cdf95efcb9f2481f2d4732b60307f30b2bdd52992185e347c

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id
7b310fd31adabea8b1ca42361dc29cdd470e121d
date
Mon, 24 Jun 2019 17:18:00 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
content-length
29737
x-served-by
cache-fra19153-FRA
last-modified
Fri, 21 Jun 2019 20:23:06 GMT
server
cloudflare
x-github-request-id
E4A6:7252:6CBECE:8CD52C:5D0D8E7C
x-timer
S1561169533.643481,VS0,VE92
etag
"5d0d3caa-7429"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Mon, 24 Jun 2019 21:18:00 GMT
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4ec05bc48aba638f-FRA
x-cache-hits
0
eso1339g.jpg
2.bp.blogspot.com/-EEOw4VVOrQU/VAu-tWpG3NI/AAAAAAAADtg/0MdQLKXeJ5Y/s1600/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-EEOw4VVOrQU/VAu-tWpG3NI/AAAAAAAADtg/0MdQLKXeJ5Y/s1600/eso1339g.jpg
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
b0eba975f9290301e18d5133c16a5b0902e4548b3a7e3b7a9e5786dfcddcbdac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="eso1339g.jpg"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
19391
x-xss-protection
0
server
fife
etag
"ved9"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-07_002.png
2.bp.blogspot.com/-86nlvhXCp6o/VAvMisJJ6zI/AAAAAAAADtw/PQgmUXnD0cE/s1600/ 		130 KB
131 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-86nlvhXCp6o/VAvMisJJ6zI/AAAAAAAADtw/PQgmUXnD0cE/s1600/screenshot_2014-09-07_002.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
25191cb93849a05f7c1880b385c3609790e08e267590cc1e00bf6ada1c9dd8cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_002.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
133445
x-xss-protection
0
server
fife
etag
"vedd"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-07_004.png
2.bp.blogspot.com/-1q8JPyuqzj4/VAxQzYdEN9I/AAAAAAAADuQ/uTL5_unyjdk/s1600/ 		108 KB
108 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-1q8JPyuqzj4/VAxQzYdEN9I/AAAAAAAADuQ/uTL5_unyjdk/s1600/screenshot_2014-09-07_004.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
a313467b78afe4562eb6c94bd3e2e61934bd59ef3a449aad622d4cba4cc6e4c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_004.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
110885
x-xss-protection
0
server
fife
etag
"vee5"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-07_005.png
3.bp.blogspot.com/-YLRoiLrCxxY/VAwXAenGHrI/AAAAAAAADuA/6Xna2jpAWpA/s1600/ 		321 KB
322 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-YLRoiLrCxxY/VAwXAenGHrI/AAAAAAAADuA/6Xna2jpAWpA/s1600/screenshot_2014-09-07_005.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
e4f32b5f4e6c6dae340d6337154d6df9538cf1253d5d702927bf7364b437deaa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_005.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
328931
x-xss-protection
0
server
fife
etag
"vee1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-07_014.png
3.bp.blogspot.com/-JeRZ2PkmJvg/VAy4JvZbd5I/AAAAAAAADvA/Jdiz9_vLzXQ/s1600/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-JeRZ2PkmJvg/VAy4JvZbd5I/AAAAAAAADvA/Jdiz9_vLzXQ/s1600/screenshot_2014-09-07_014.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
847ec31a5731c6db74daf6b7426a26a51e678baac7d9b64bb7c5a3b355c5b6a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_014.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
30752
x-xss-protection
0
server
fife
etag
"vef1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-07_012.png
4.bp.blogspot.com/-Uv05OL61Hqo/VAy3bR3u9WI/AAAAAAAADuw/BpIVMo2lI-o/s1600/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-Uv05OL61Hqo/VAy3bR3u9WI/AAAAAAAADuw/BpIVMo2lI-o/s1600/screenshot_2014-09-07_012.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
e98e73aee90a747fe154bf705db78ed520843d1fe75583ca57e229bb326c33a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_012.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
19752
x-xss-protection
0
server
fife
etag
"veed"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-07_015.png
2.bp.blogspot.com/-zAwbw5UTn8c/VAy5aDPFyoI/AAAAAAAADvM/obowlwNPSgc/s1600/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-zAwbw5UTn8c/VAy5aDPFyoI/AAAAAAAADvM/obowlwNPSgc/s1600/screenshot_2014-09-07_015.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
d7659de832b2599865b7a272ef53d209a68718430f0c18ea4b60e8c007b375a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_015.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
4988
x-xss-protection
0
server
fife
etag
"vef4"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-07_018.png
1.bp.blogspot.com/-EAE92M6sNVw/VAzb8UTIq-I/AAAAAAAADvk/52R6clgzQZE/s1600/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-EAE92M6sNVw/VAzb8UTIq-I/AAAAAAAADvk/52R6clgzQZE/s1600/screenshot_2014-09-07_018.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
5b0fe3239a52d6cbe5ef81fc5dcde9264354ef233769707f0d045428a8cc6e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_018.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
19594
x-xss-protection
0
server
fife
etag
"vefa"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-08_001.png
2.bp.blogspot.com/-YC5LFIjwq8g/VAzdQ2KbsVI/AAAAAAAADvw/b8i_FR5fm8Y/s1600/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-YC5LFIjwq8g/VAzdQ2KbsVI/AAAAAAAADvw/b8i_FR5fm8Y/s1600/screenshot_2014-09-08_001.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
943e411bab8b15a76214567996d43b0eb133cf36a7a21d7734c405245da9bb8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-08_001.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
15084
x-xss-protection
0
server
fife
etag
"vefd"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-08_003.png
3.bp.blogspot.com/-S3Kcx6gVRik/VAzg6VuSodI/AAAAAAAADwI/S8Vj_O2L9Nw/s1600/ 		434 KB
434 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-S3Kcx6gVRik/VAzg6VuSodI/AAAAAAAADwI/S8Vj_O2L9Nw/s1600/screenshot_2014-09-08_003.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
cab339ce9c7813e25d1440875074c532e2173414f77ebc3672f6307f48189751
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-08_003.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
444295
x-xss-protection
0
server
fife
etag
"vf03"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-08_002.png
3.bp.blogspot.com/-81vXo2amvkU/VAzeOHMHMKI/AAAAAAAADv4/nf3A7J_Mtzc/s1600/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-81vXo2amvkU/VAzeOHMHMKI/AAAAAAAADv4/nf3A7J_Mtzc/s1600/screenshot_2014-09-08_002.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
71c9a19e846f409120bb529301dd7bbb8cf312f941deb96b408d01efc813d409
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-08_002.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
92526
x-xss-protection
0
server
fife
etag
"veff"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_007.png
2.bp.blogspot.com/-ncyAD5JQTCU/VBR4rwJ81mI/AAAAAAAADxU/AXohlrE-z4A/s1600/ 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-ncyAD5JQTCU/VBR4rwJ81mI/AAAAAAAADxU/AXohlrE-z4A/s1600/screenshot_2014-09-13_007.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
7a533f653303e74f997613f82103520ea74ddacd0b78da45a36c21c5c2778fa4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_007.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
67814
x-xss-protection
0
server
fife
etag
"vf16"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_001.png
3.bp.blogspot.com/-6JZwA5MpQjM/VBQwBtVA0QI/AAAAAAAADwY/Bkz1qL6UPgw/s1600/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-6JZwA5MpQjM/VBQwBtVA0QI/AAAAAAAADwY/Bkz1qL6UPgw/s1600/screenshot_2014-09-13_001.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
81c9fa941203b153308cc56c1f7475d1abd5c0c65b6d8bd872ebab683ecb073f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_001.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
108026
x-xss-protection
0
server
fife
etag
"vf07"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_002.png
3.bp.blogspot.com/-3s1OPlP63vs/VBQx_UO9AuI/AAAAAAAADwg/q5X4ITl98cQ/s1600/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-3s1OPlP63vs/VBQx_UO9AuI/AAAAAAAADwg/q5X4ITl98cQ/s1600/screenshot_2014-09-13_002.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
9ed429be606771d550317a731d992623bba95ed68917d28787e9a1f4d213e9ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_002.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
15626
x-xss-protection
0
server
fife
etag
"vf09"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_003.png
2.bp.blogspot.com/-o7LFCmpHRMY/VBQ0yXDABMI/AAAAAAAADwo/MAC93FWPe0A/s1600/ 		435 KB
435 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-o7LFCmpHRMY/VBQ0yXDABMI/AAAAAAAADwo/MAC93FWPe0A/s1600/screenshot_2014-09-13_003.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
2c2bdf9fb0599dc05e50f65d3ce028c07cab95d54e5a35b0a031635d622d4add
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_003.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
445488
x-xss-protection
0
server
fife
etag
"vf0b"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_004.png
4.bp.blogspot.com/-YhphA4cY9e0/VBRUwp1nCKI/AAAAAAAADw0/vWb3orCRx8Y/s1600/ 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-YhphA4cY9e0/VBRUwp1nCKI/AAAAAAAADw0/vWb3orCRx8Y/s1600/screenshot_2014-09-13_004.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
28a64a541e0ad434a3fc0c62ed7c73f68164df27598ac6b58e7224e0635ad54b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_004.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
98285
x-xss-protection
0
server
fife
etag
"vf0e"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-07_008.png
2.bp.blogspot.com/-FxuqZO7vbAs/VAyNlXrUQgI/AAAAAAAADug/OaPb8X1u2tA/s1600/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-FxuqZO7vbAs/VAyNlXrUQgI/AAAAAAAADug/OaPb8X1u2tA/s1600/screenshot_2014-09-07_008.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
0f112539c07e303831313a4078fa68b714376df2f815b04a374acadc731d15f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-07_008.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
5921
x-xss-protection
0
server
fife
etag
"vee9"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_005.png
3.bp.blogspot.com/-c7D34Z6eSFE/VBRWwHExGoI/AAAAAAAADw8/CdsESoEBR14/s1600/ 		97 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-c7D34Z6eSFE/VBRWwHExGoI/AAAAAAAADw8/CdsESoEBR14/s1600/screenshot_2014-09-13_005.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
5444c2ab268dd40ba35d782f6db2e4c735820d9b623ca9c11a014db3a08814ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_005.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
99789
x-xss-protection
0
server
fife
etag
"vf10"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_008.png
4.bp.blogspot.com/-QPf0sAu3jwE/VBR8gSOVWZI/AAAAAAAADxc/MIdDXk3U13k/s1600/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-QPf0sAu3jwE/VBR8gSOVWZI/AAAAAAAADxc/MIdDXk3U13k/s1600/screenshot_2014-09-13_008.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
75067cb1af16a1358ab2956a368e9d139558bf2dc40f9bca5e3aa88471b98532
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_008.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
56987
x-xss-protection
0
server
fife
etag
"vf18"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-11_001.png
1.bp.blogspot.com/-6htOqb4uZeg/VBSD76BJWwI/AAAAAAAADyE/a3qhN35KHTI/s1600/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-6htOqb4uZeg/VBSD76BJWwI/AAAAAAAADyE/a3qhN35KHTI/s1600/screenshot_2014-09-11_001.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
ff18f5bac214727b43e03152406bd7bcea8bee84d94d867ff438076a0c5973e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-11_001.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
18733
x-xss-protection
0
server
fife
etag
"vf22"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
CVE-2013-2551_Payload_Screenshot.png
2.bp.blogspot.com/-xWhC5gBOc0s/VBRhdl9yHFI/AAAAAAAADxI/3heTZICRkuM/s1600/ 		847 KB
847 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-xWhC5gBOc0s/VBRhdl9yHFI/AAAAAAAADxI/3heTZICRkuM/s1600/CVE-2013-2551_Payload_Screenshot.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
4618b9e574c85536081c5f9c994f2641d66d3c4fd0f93b9a34d79a8fa8a99ace
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="CVE-2013-2551_Payload_Screenshot.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
866950
x-xss-protection
0
server
fife
etag
"vf13"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_009.png
2.bp.blogspot.com/--khbWraxdpo/VBR-tYO0DqI/AAAAAAAADxk/UZkAipr8uq0/s1600/ 		103 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/--khbWraxdpo/VBR-tYO0DqI/AAAAAAAADxk/UZkAipr8uq0/s1600/screenshot_2014-09-13_009.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
402c08f146dd0d584e1a3ee47cbda973389fd1cb71c53041cf1bdb5f84e8934b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_009.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
105706
x-xss-protection
0
server
fife
etag
"vf1a"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-11_004.png
4.bp.blogspot.com/-TqHI28a3EqM/VBSAFHKaI8I/AAAAAAAADxs/lGwDRS3U-Jc/s1600/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-TqHI28a3EqM/VBSAFHKaI8I/AAAAAAAADxs/lGwDRS3U-Jc/s1600/screenshot_2014-09-11_004.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
e2342963c8825518dc28c3a9b20658a3a1d4a7739bd40baf49aed160150e033b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-11_004.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
13707
x-xss-protection
0
server
fife
etag
"vf1c"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_010.png
4.bp.blogspot.com/-LndxAjk5B3Q/VBSAg-8PTRI/AAAAAAAADx0/vNe0yyidWHY/s1600/ 		201 KB
201 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-LndxAjk5B3Q/VBSAg-8PTRI/AAAAAAAADx0/vNe0yyidWHY/s1600/screenshot_2014-09-13_010.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
20bf1cabfb912355c33c0f5ad1f92b1b49f5edb3a70fa14d4f86f49c8fe6913e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_010.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
205333
x-xss-protection
0
server
fife
etag
"vf1e"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_012.png
1.bp.blogspot.com/-8Dz4lHzl3D4/VBSDbzIeKwI/AAAAAAAADx8/0jo0qrwKjFc/s1600/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-8Dz4lHzl3D4/VBSDbzIeKwI/AAAAAAAADx8/0jo0qrwKjFc/s1600/screenshot_2014-09-13_012.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
eb9bc1454111d8fd5c635ecd27ec17eb87db54ad785bfdc8489be597bb4f87f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_012.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
6684
x-xss-protection
0
server
fife
etag
"vf20"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_013.png
4.bp.blogspot.com/-fkCOR6vzMAs/VBSrRzN4UGI/AAAAAAAADzY/qpAHPMp8L_E/s1600/ 		314 KB
315 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-fkCOR6vzMAs/VBSrRzN4UGI/AAAAAAAADzY/qpAHPMp8L_E/s1600/screenshot_2014-09-13_013.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
e3f8da1a03cfa668d367ccc3946b2d80bb03bfcb8eb61b615268699ede6fb6ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_013.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
321919
x-xss-protection
0
server
fife
etag
"vf37"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-11_006.png
1.bp.blogspot.com/-BHoicPDUmh4/VBSOo4fjJ1I/AAAAAAAADy4/_6_5ZrpAcqQ/s1600/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-BHoicPDUmh4/VBSOo4fjJ1I/AAAAAAAADy4/_6_5ZrpAcqQ/s1600/screenshot_2014-09-11_006.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
b54afc4bdb31d4cab9294605de34c4405c153e151fc8fafe9a7634891abe4d1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-11_006.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
7760
x-xss-protection
0
server
fife
etag
"vf2f"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_016.png
4.bp.blogspot.com/--8knKT2Gxl4/VBSGh1I4h-I/AAAAAAAADyM/5lnyRt7l5A8/s1600/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/--8knKT2Gxl4/VBSGh1I4h-I/AAAAAAAADyM/5lnyRt7l5A8/s1600/screenshot_2014-09-13_016.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
49f9c2f939b765d17bc3ef67162aedfebc9577f8753205a85f3246b4110904e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_016.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
41130
x-xss-protection
0
server
fife
etag
"vf24"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_017.png
2.bp.blogspot.com/-1f9iz06BY_k/VBSHVKtfS-I/AAAAAAAADyU/lNl7o1_4708/s1600/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-1f9iz06BY_k/VBSHVKtfS-I/AAAAAAAADyU/lNl7o1_4708/s1600/screenshot_2014-09-13_017.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
72db9ff87539d9d9014522eabe4b95a919fe0cf212ce424f65da1d6d0296e5ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_017.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
8593
x-xss-protection
0
server
fife
etag
"vf26"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_018.png
3.bp.blogspot.com/-ILtkcNlJkes/VBSH-siFu9I/AAAAAAAADyk/Vtc2qyyxKWs/s1600/ 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-ILtkcNlJkes/VBSH-siFu9I/AAAAAAAADyk/Vtc2qyyxKWs/s1600/screenshot_2014-09-13_018.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
fbdd7a134c2272d67ca595c8893e647506d03848a0914b1f36b75e54e27dd288
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_018.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
67780
x-xss-protection
0
server
fife
etag
"vf2a"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_019.png
4.bp.blogspot.com/-pIu4R_KZB1o/VBSJRNcG2ZI/AAAAAAAADys/bH6BxF9CAQQ/s1600/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-pIu4R_KZB1o/VBSJRNcG2ZI/AAAAAAAADys/bH6BxF9CAQQ/s1600/screenshot_2014-09-13_019.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
fd886288dd185d3b145a1417518b97f8d9c2f242343f60a0935bc0965f9d15c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:00 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_019.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
8104
x-xss-protection
0
server
fife
etag
"vf2c"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:00 GMT
screenshot_2014-09-13_021.png
4.bp.blogspot.com/-g6xbY0x_SCg/VBSZDHkj7mI/AAAAAAAADzE/HFdaWS7Mpmc/s1600/ 		105 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-g6xbY0x_SCg/VBSZDHkj7mI/AAAAAAAADzE/HFdaWS7Mpmc/s1600/screenshot_2014-09-13_021.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
de4aa6145bed1cbea4368ed6b0aea6c23501f33c87bcddba68d7095f980391ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_021.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
107294
x-xss-protection
0
server
fife
etag
"vf32"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-13_022.png
4.bp.blogspot.com/-5w8jPINZ2B4/VBSZMXUYMlI/AAAAAAAADzM/abEoKN74FK8/s1600/ 		60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-5w8jPINZ2B4/VBSZMXUYMlI/AAAAAAAADzM/abEoKN74FK8/s1600/screenshot_2014-09-13_022.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
46293e6ebfa1f2a2824d56ef7931bacc3f004e7c7ecde2c68e380ed8a545b64b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-13_022.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
61431
x-xss-protection
0
server
fife
etag
"vf34"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
screenshot_2014-09-14_001.png
3.bp.blogspot.com/-tLahOHXhHCg/VBVgYM64xdI/AAAAAAAAD0I/ifd5c6z61mU/s1600/ 		249 KB
250 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-tLahOHXhHCg/VBVgYM64xdI/AAAAAAAAD0I/ifd5c6z61mU/s1600/screenshot_2014-09-14_001.png
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
fife /
Resource Hash
6d25cbd59cd3013048e091d8d09fd723e9cc15aeffd191f0ea772ca40e62c404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 17:18:01 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="screenshot_2014-09-14_001.png"
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
255338
x-xss-protection
0
server
fife
etag
"vf43"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Jun 2019 17:18:01 GMT
javascript.min.js
malware.dontneedcoffee.com/assets/js/ 		139 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://malware.dontneedcoffee.com/assets/js/javascript.min.js
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:6e0d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
66dcce30a04c85fcf10d511f783fd1bd72a15b9097c6f3d48a35fd1196cb805e

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id
b168102fa833773abff2afbb358c4ec9fc10f0ae
date
Mon, 24 Jun 2019 17:18:00 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
content-encoding
br
x-served-by
cache-fra19148-FRA
last-modified
Fri, 21 Jun 2019 20:23:06 GMT
server
cloudflare
x-github-request-id
3664:223C:674AA0:860D6F:5D0D4578
x-timer
S1561150841.016282,VS0,VE113
etag
W/"5d0d3caa-22dbe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Mon, 24 Jun 2019 21:18:00 GMT
cache-control
public, max-age=14400
cf-ray
4ec05bc56bf2638f-FRA
x-cache-hits
0
css
fonts.googleapis.com/ 		3 KB
587 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700,400italic%7CVolkhov&subset=latin,latin
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
110b1d7b9ecdad32001beec146092cf36f0c440b947f0377fa04877cf1cd835f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 24 Jun 2019 17:18:00 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 24 Jun 2019 17:18:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 24 Jun 2019 17:18:00 GMT
iconfont.woff
malware.dontneedcoffee.com/assets/fonts/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://malware.dontneedcoffee.com/assets/fonts/iconfont.woff
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:6e0d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
61405347983337437e990852beb51bc4f7bc28385fdd23fd2687c81d5867d063

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://malware.dontneedcoffee.com/assets/css/styles_feeling_responsive.css
Origin
https://malware.dontneedcoffee.com

Response headers

x-fastly-request-id
2b3898f8355314add42389a47b38633b2f9dae23
date
Mon, 24 Jun 2019 17:18:00 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
content-length
10092
x-served-by
cache-hhn1524-HHN
last-modified
Fri, 21 Jun 2019 20:23:06 GMT
server
cloudflare
x-github-request-id
0FF8:452B:F6FC04:13F4578:5D0EBE33
x-timer
S1561247284.066733,VS0,VE90
etag
"5d0d3caa-276c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
expires
Mon, 24 Jun 2019 21:18:00 GMT
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4ec05bc58c15638f-FRA
x-cache-hits
0
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v15/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v15/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700,400italic%7CVolkhov&subset=latin,latin
Origin
https://malware.dontneedcoffee.com

Response headers

date
Thu, 13 Jun 2019 23:28:52 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:13:00 GMT
server
sffe
age
928148
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14044
x-xss-protection
0
expires
Fri, 12 Jun 2020 23:28:52 GMT
SlGQmQieoJcKemNecTUEhV5wYDw.woff2
fonts.gstatic.com/s/volkhov/v10/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/volkhov/v10/SlGQmQieoJcKemNecTUEhV5wYDw.woff2
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7984ed8e0f51de45627b30d67f0df09def637b43af9030d7305e575426348f86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700,400italic%7CVolkhov&subset=latin,latin
Origin
https://malware.dontneedcoffee.com

Response headers

date
Thu, 13 Jun 2019 21:22:08 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Jan 2019 19:59:16 GMT
server
sffe
age
935752
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14324
x-xss-protection
0
expires
Fri, 12 Jun 2020 21:22:08 GMT
S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v15/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v15/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700,400italic%7CVolkhov&subset=latin,latin
Origin
https://malware.dontneedcoffee.com

Response headers

date
Fri, 14 Jun 2019 03:42:26 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:13:31 GMT
server
sffe
age
912934
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14864
x-xss-protection
0
expires
Sat, 13 Jun 2020 03:42:26 GMT
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v15/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v15/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: malware.dontneedcoffee.com
URL: https://malware.dontneedcoffee.com/2014/09/astrum-ek.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700,400italic%7CVolkhov&subset=latin,latin
Origin
https://malware.dontneedcoffee.com

Response headers

date
Sun, 02 Jun 2019 04:38:41 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:12:18 GMT
server
sffe
age
1946359
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14176
x-xss-protection
0
expires
Mon, 01 Jun 2020 04:38:41 GMT

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| html5 object| Modernizr object| WebFont function| FastClick boolean| deviceIsAndroid boolean| deviceIsIOS boolean| deviceIsIOS4 boolean| deviceIsIOSWithBadTarget boolean| deviceIsBlackBerry10 function| $ function| jQuery object| Foundation

1 Cookies

Domain/Path Name / Value
.dontneedcoffee.com/ Name: __cfduid
Value: d94db12828cf57a624dfdfac50bec98ab1561396680

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
2.bp.blogspot.com
3.bp.blogspot.com
4.bp.blogspot.com
ajax.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
malware.dontneedcoffee.com
2606:4700:30::6818:6e0d
2a00:1450:4001:814::2001
2a00:1450:4001:817::2001
2a00:1450:4001:81a::200a
2a00:1450:4001:81b::2001
2a00:1450:4001:81f::200a
2a00:1450:4001:820::2003
2a00:1450:4001:824::2001
02cc3eb3252a538cdf95efcb9f2481f2d4732b60307f30b2bdd52992185e347c
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0f112539c07e303831313a4078fa68b714376df2f815b04a374acadc731d15f5
110b1d7b9ecdad32001beec146092cf36f0c440b947f0377fa04877cf1cd835f
20bf1cabfb912355c33c0f5ad1f92b1b49f5edb3a70fa14d4f86f49c8fe6913e
25191cb93849a05f7c1880b385c3609790e08e267590cc1e00bf6ada1c9dd8cb
28a64a541e0ad434a3fc0c62ed7c73f68164df27598ac6b58e7224e0635ad54b
2c2bdf9fb0599dc05e50f65d3ce028c07cab95d54e5a35b0a031635d622d4add
3f979961f4dbcfc0833056d4215bdbd211a2ebe19cc1133cd54fc23c19a59db0
402c08f146dd0d584e1a3ee47cbda973389fd1cb71c53041cf1bdb5f84e8934b
4618b9e574c85536081c5f9c994f2641d66d3c4fd0f93b9a34d79a8fa8a99ace
46293e6ebfa1f2a2824d56ef7931bacc3f004e7c7ecde2c68e380ed8a545b64b
49f9c2f939b765d17bc3ef67162aedfebc9577f8753205a85f3246b4110904e2
5444c2ab268dd40ba35d782f6db2e4c735820d9b623ca9c11a014db3a08814ab
5b0fe3239a52d6cbe5ef81fc5dcde9264354ef233769707f0d045428a8cc6e1e
61405347983337437e990852beb51bc4f7bc28385fdd23fd2687c81d5867d063
66dcce30a04c85fcf10d511f783fd1bd72a15b9097c6f3d48a35fd1196cb805e
6d25cbd59cd3013048e091d8d09fd723e9cc15aeffd191f0ea772ca40e62c404
71c9a19e846f409120bb529301dd7bbb8cf312f941deb96b408d01efc813d409
72db9ff87539d9d9014522eabe4b95a919fe0cf212ce424f65da1d6d0296e5ce
75067cb1af16a1358ab2956a368e9d139558bf2dc40f9bca5e3aa88471b98532
7984ed8e0f51de45627b30d67f0df09def637b43af9030d7305e575426348f86
7a533f653303e74f997613f82103520ea74ddacd0b78da45a36c21c5c2778fa4
81c9fa941203b153308cc56c1f7475d1abd5c0c65b6d8bd872ebab683ecb073f
847ec31a5731c6db74daf6b7426a26a51e678baac7d9b64bb7c5a3b355c5b6a5
943e411bab8b15a76214567996d43b0eb133cf36a7a21d7734c405245da9bb8c
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9ed429be606771d550317a731d992623bba95ed68917d28787e9a1f4d213e9ae
a313467b78afe4562eb6c94bd3e2e61934bd59ef3a449aad622d4cba4cc6e4c3
b0eba975f9290301e18d5133c16a5b0902e4548b3a7e3b7a9e5786dfcddcbdac
b54afc4bdb31d4cab9294605de34c4405c153e151fc8fafe9a7634891abe4d1b
cab339ce9c7813e25d1440875074c532e2173414f77ebc3672f6307f48189751
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d7659de832b2599865b7a272ef53d209a68718430f0c18ea4b60e8c007b375a5
de4aa6145bed1cbea4368ed6b0aea6c23501f33c87bcddba68d7095f980391ed
e2342963c8825518dc28c3a9b20658a3a1d4a7739bd40baf49aed160150e033b
e3f8da1a03cfa668d367ccc3946b2d80bb03bfcb8eb61b615268699ede6fb6ad
e4f32b5f4e6c6dae340d6337154d6df9538cf1253d5d702927bf7364b437deaa
e98e73aee90a747fe154bf705db78ed520843d1fe75583ca57e229bb326c33a4
eb9bc1454111d8fd5c635ecd27ec17eb87db54ad785bfdc8489be597bb4f87f4
fbdd7a134c2272d67ca595c8893e647506d03848a0914b1f36b75e54e27dd288
fd886288dd185d3b145a1417518b97f8d9c2f242343f60a0935bc0965f9d15c1
fdd1d293435a55d9fb39be75b21e0656130d5618f4bd63c7227e3de1f08ffdbd
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
ff18f5bac214727b43e03152406bd7bcea8bee84d94d867ff438076a0c5973e1