blogs.blackberry.com Open in urlscan Pro
52.222.214.81 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Effective URL:
https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Submission: On September 16 via api (September 16th 2024, 7:23:07 am UTC) from DE — Scanned from IT

Summary HTTP 48 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 14 domains to perform 48 HTTP transactions. The main IP is 52.222.214.81, located in United States and belongs to AMAZON-02, US. The main domain is blogs.blackberry.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 24th 2024. Valid for: a year.

This is the only time blogs.blackberry.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	52.222.214.81 52.222.214.81	16509 (AMAZON-02) (AMAZON-02)
7	104.18.86.42 104.18.86.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
1	172.64.147.188 172.64.147.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.184.202 142.250.184.202	15169 (GOOGLE) (GOOGLE)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	216.58.206.35 216.58.206.35	15169 (GOOGLE) (GOOGLE)
1	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2.21.20.144 2.21.20.144	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
3	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	18.245.86.73 18.245.86.73	16509 (AMAZON-02) (AMAZON-02)
1	159.89.102.253 159.89.102.253	() ()
48	16

21 52.222.214.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-81.fra56.r.cloudfront.net

blogs.blackberry.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.86.42 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.147.188 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.155.119 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.206.35 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.20.144 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-144.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-73.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.89.102.253 (None, )

ASN- ()

geolocation-db.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	blackberry.com blogs.blackberry.com	3 MB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 326	141 KB
3	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 327	2 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 6454	62 KB
3	gstatic.com fonts.gstatic.com	55 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 td.doubleclick.net — Cisco Umbrella Rank: 189	571 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	219 KB
1	geolocation-db.com geolocation-db.com	255 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 782	14 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 491	308 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	1 KB
1	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1900
0	company-target.com Failed api.company-target.com Failed
48	14

	Domain	Requested by
21	blogs.blackberry.com	blogs.blackberry.com
7	cdn.cookielaw.org	blogs.blackberry.com cdn.cookielaw.org
3	px.ads.linkedin.com	snap.licdn.com blogs.blackberry.com
3	js.driftt.com	blogs.blackberry.com js.driftt.com
3	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagmanager.com	blogs.blackberry.com
1	geolocation-db.com	blogs.blackberry.com
1	snap.licdn.com	www.googletagmanager.com
1	td.doubleclick.net	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	www.google.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	fonts.googleapis.com	blogs.blackberry.com
1	kit.fontawesome.com	blogs.blackberry.com
0	api.company-target.com Failed	js.driftt.com
48	15

This site contains links to these domains. Also see Links.

Domain
x.com
www.facebook.com
www.linkedin.com
www.bleepingcomputer.com
www.blackberry.com
www.youtube.com
www.instagram.com
developers.blackberry.com
www.qnx.com
devblog.blackberry.com
helpblog.blackberry.com

Subject Issuer	Validity	Valid
*.blackberry.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-24` - `2025-08-24`	a year	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-01-27`	6 months	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
www.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
drift.com Amazon RSA 2048 M03	`2024-07-30` - `2025-08-27`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
geolocation-db.com R11	`2024-09-07` - `2024-12-06`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Frame ID: 4FA287EDDF0FC4E4C3938BA63C2BF75C
Requests: 45 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/944900006?random=1726471379413&cv=11&fst=1726471379413&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4990v879016845za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer&hn=www.googleadservices.com&frm=0&tiba=Threat%20Thursday%3A%20CryptBot%20Infostealer%20Masquerades%20as%20Cracked%20Software&npa=0&pscdl=noapi&auid=31207020.1726471379&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: F6997254E0653AA196247228AE6B0A89
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=gxxdrnmwti55&eId=gxxdrnmwti55&region=US&forceShow=false&skipCampaigns=false&sessionId=e417c2d7-b607-4da8-ac4f-33531f05bd61&sessionStarted=1726471381.312&campaignRefreshToken=f1ca4ee7-5282-468b-aef9-bec25630407d&hideController=false&pageLoadStartTime=1726471376879&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer
Frame ID: 166CD8715AA5D2236FEB8201ADAA4B7A
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1726471376879
Frame ID: 9E20B816995BF952E8BBFD609BB9F23F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Threat Thursday: CryptBot Infostealer Masquerades as Cracked Software

Page URL History Show full URLs

http://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer HTTP 307
https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

48
Requests

98 %
HTTPS

0 %
IPv6

14
Domains

15
Subdomains

16
IPs

3
Countries

3534 kB
Transfer

5016 kB
Size

7
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://x.com/intent/tweet?url=https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer&text=Threat%20Thursday:%20CryptBot%20Infostealer%20Masquerades%20as%20Cracked%20Software&via=BlackBerry
Title: Share on X

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer&title=Threat%20Thursday:%20CryptBot%20Infostealer%20Masquerades%20as%20Cracked%20Software&summary=&source=blogs.blackberry.com
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/revamped-cryptbot-malware-spread-by-pirated-software-sites/
Title: outbreak in early 2022

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/services/incident-response
Title: The BlackBerry Incident Response team

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment
Title: https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BlackBerry/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://x.com/blackberry
Title: X

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BlackBerry
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/blackberry/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/company
Title: Company

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/company/newsroom
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/company/investors
Title: Investors

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/company/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/company/leadership
Title: Leadership

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/company/corporate-responsibility-at-blackberry
Title: Corporate Responsibility

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/company/certifications
Title: Certifications

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/success-stories
Title: Customer Success

Search URL Search Domain Scan URL

URL: https://developers.blackberry.com/
Title: Enterprise Platform & Apps

Search URL Search Domain Scan URL

URL: https://www.qnx.com/account/login.html?returnaddress=%2Fdownload%2Fgroup.html%3Fprogramid%3D29178
Title: BlackBerry QNX Developer Network

Search URL Search Domain Scan URL

URL: https://devblog.blackberry.com/
Title: Developers Blog

Search URL Search Domain Scan URL

URL: https://helpblog.blackberry.com/
Title: Help Blog

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/legal
Title: Overview

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/legal/accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/legal/blackberry-virtual-patent-marking
Title: Patents

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/legal/trademarks
Title: Trademarks

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/legal/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.blackberry.com/us/en/legal/cookies
Title: Learn More

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer HTTP 307
https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request threat-thursday-cryptbot-infostealer Show response
blogs.blackberry.com/en/2022/03/
Redirect Chain

http://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

65 KB
18 KB

854ms
110ms

Document
text/html

52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

71117fe4bf34368700623873c336e70291755a0dca74ceb5ebfef880bd4b717f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1157
content-encoding: gzip
content-length: 17451
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
content-type: text/html;charset=utf-8
date: Mon, 16 Sep 2024 07:03:39 GMT
etag: "10346-622042409be20-gzip"
last-modified: Fri, 13 Sep 2024 18:10:40 GMT
server: Apache
strict-transport-security: max-age=63072000; includeSubdomains;
vary: Accept-Encoding
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-id: xlW-4L64BcYe0AJW9OYBht4fs1kE0Fs19Cj6y1WdxUkzcphNEeP1sw==
x-amz-cf-pop: FRA56-P3
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-dispatcher: dispatcher4uswest2-28586372
x-frame-options: SAMEORIGIN
x-vhost: publish
x-xss-protection: 1; mode=block

Redirect headers

Location: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 505ms
62ms Script
application/javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 16 Sep 2024 07:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: UfYkxNZYUi8O8CsxmalgUg==
age: 46116
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6881
x-ms-lease-status: unlocked
last-modified: Thu, 12 Sep 2024 19:28:11 GMT
server: cloudflare
etag: 0x8DCD3610A4216D7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ab14641a-f01e-0091-240d-06073b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c3f1bbc9c4759d1-MXP

GET
H2 200 clientlib-site.min.54dd5587820b16101b4a5bc26ae87194.css
blogs.blackberry.com/etc.clientlibs/blogs-bbcom/clientlibs/ 209 KB
32 KB 231ms
230ms Stylesheet
text/css 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.blackberry.com/etc.clientlibs/blogs-bbcom/clientlibs/clientlib-site.min.54dd5587820b16101b4a5bc26ae87194.css

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

2ec54e382481140e39b389d235cc35451fd7f8e286840d8dea664a9454a5373f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher4uswest2-28586372
date: Sun, 15 Sep 2024 23:45:28 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
content-encoding: gzip
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-vhost: publish
x-cache: Hit from cloudfront
age: 27448
content-length: 32351
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 18:01:33 GMT
server: Apache
etag: "3453d-619876c913940-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css;charset=utf-8
accept-ranges: bytes
x-amz-cf-id: the3dEKD4n4i9MhbEj6G34FbR4b7p0H8YXMe25i3Yp4-6YUfOCAEMw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
83 KB 1041ms
51ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-944900006

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

dc4c8b621f0ecfb020b397f59f2fe0c3e0b96c8d0a1e9511b0b083b667c4468a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 16 Sep 2024 07:22:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84829
x-xss-protection: 0
last-modified: Mon, 16 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 16 Sep 2024 07:22:59 GMT

GET
H2 403 3c243f8233.js
kit.fontawesome.com/ 0
0 595ms
177ms Script
text/plain 172.64.147.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit.fontawesome.com/3c243f8233.js
Requested by: Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.188 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://blogs.blackberry.com/
Origin: https://blogs.blackberry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 16 Sep 2024 07:22:57 GMT
cf-cache-status: MISS
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
vary: Accept-Encoding
cf-ray: 8c3f1bbc6a180e8f-MXP
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
content-length: 9
x-request-id: F_Wokg5mOm2O56x0KUMC

GET
H2 200 tt-cryptbot-875x530-ibb.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 1 MB
1 MB 239ms
239ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/tt-cryptbot-875x530-ibb.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

7adf4e26debc21eca46d0b266703acf8fb132fc0a75382c1f879f27066f9e9aa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher1uswest2-28570889
date: Mon, 16 Sep 2024 07:03:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1156
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 1059404
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 06:29:37 GMT
server: Apache
etag: "102a4c-5d9d7568f9640"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: TjeDZmjeDc1_ksea8ORYU2dEsnHORlmFy-5wQGyEzxcqBl6RL1yWrg==

GET
H2 200 cryptbot-table-001.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 6 KB
7 KB 2170ms
2170ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-table-001.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

46bdacc819263327f9840d86a4512111e8709e3830f18e706619c4378c5880df

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher4uswest2-28586372
date: Mon, 16 Sep 2024 07:03:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1156
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 6417
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:32 GMT
server: Apache
etag: "1911-5d9d593a6d900"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: 0gTYwf5rdpKrbdajuRVDCenO9FCl9pyi_hWwUmd93qz0ElXbXEYmAA==

GET
H2 200 cryptbot-table002.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 4 KB
5 KB 1483ms
1478ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-table002.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

297b139c52792ae8b27e5531f91d2af35451bf5e8f95bbc1960cca6717a3f1d3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher3uswest2-28586372
date: Mon, 16 Sep 2024 07:03:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1158
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 4595
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:32 GMT
server: Apache
etag: "11f3-5d9d593a6d900"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: MkJJulSqBGV1GH6UnMywyiIAAYgsm8rL7r4B8P4ci0EJmadVQsUK_A==

GET
H2 200 cryptbot-fig01.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 218 KB
219 KB 1241ms
1236ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig01.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

bb1bcfc6318ec6edbf0ef31b945798d4f0c7e02536c9b9a5de6b0f68cca00b4e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher2uswest2-28586372
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 222980
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:30 GMT
server: Apache
etag: "36704-5d9d593885480"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: BFumbOnuV7gMZCG-JSlZ05Q2lZLeH4aiMo1std3LyhYbbkL3NKbH8w==

GET
H2 200 cryptbot-fig02.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 112 KB
113 KB 1381ms
1376ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig02.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

0d6c1c4e26ad9b975c8d5a04e36ecc1ac6460ac414a880654c2810e2ce9f52c8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher2uswest2-28586372
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 114530
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:30 GMT
server: Apache
etag: "1bf62-5d9d593885480"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: j0JP5NJ95RcwXCxzsBYOthldxd47atvepqfbYB6R_cn8X9CcR83-Xw==

GET
H2 200 cryptbot-fig03.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 139 KB
140 KB 1558ms
1554ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig03.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

cae5376e018c99723dbda3ee1ca8f3a9976abf31dadfe4507fd08cc8678b63a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher1uswest2-28570889
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 142644
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:31 GMT
server: Apache
etag: "22d34-5d9d5939796c0"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: El3nXuuYKYS6xDLOgr4YD7P7Xt1h_Kp5SIHuocGFmYPGeCAiWDlVMg==

GET
H2 200 cryptbot-fig04.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 131 KB
132 KB 1482ms
1479ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig04.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

f8d8bbb5d080a816cf689ffc662b94c714238d3cc54f37f14f6162e8fa383193

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher3uswest2-28586372
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 133952
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:31 GMT
server: Apache
etag: "20b40-5d9d5939796c0"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: ujTPuqy8mgE19599BQlYpAbFw1rqFgP-hTlnLNO78dVwPo8cGe1c1w==

GET
H2 200 cryptbot-fig05.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 428 KB
429 KB 1558ms
1555ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig05.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

cd651cbad12e404ff39c334cfe63fffea31d90f502278190559d3f14f614e4f1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher3uswest2-28586372
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 438324
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:31 GMT
server: Apache
etag: "6b034-5d9d5939796c0"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: sHOhC_tCSh5_X9kPMBMyGqGX4sSHJt8RYqyc07IdpSX5eq_XuJvX1g==

GET
H2 200 cryptbot-fig06.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 70 KB
71 KB 1559ms
1556ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig06.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

14b4829a35b8e60b8b06dbe0e8ab5e958e03a65dd54d4ca3012b008da1cbf0cc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher1uswest2-28570889
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 71765
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:31 GMT
server: Apache
etag: "11855-5d9d5939796c0"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: FrEp1V3WB5r6v013ja710yeLLM0HX5zPFuA8QXnrEGRN-4rwMBDmVQ==

GET
H2 200 cryptbot-fig07.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 270 KB
270 KB 1555ms
1552ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig07.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

b212d247d6338572dae60c8b7b63d42639dfbac54d2e295b03e6684be1e5b302

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher3uswest2-28586372
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 276056
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:31 GMT
server: Apache
etag: "43658-5d9d5939796c0"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: 6PHv-ar9QeLDCED1vZz62wJ45mHiwjXe0qVy4N9AkSqjwiuolo8TXA==

GET
H2 200 cryptbot-fig08.png
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/ 264 KB
265 KB 1556ms
1553ms Image
image/png 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2022/03/cryptbot-fig08.png

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

e68e061bfcd9da8ae5f45f6bb6ed6b8f7dc51a77bd12cb168281efda1a68a03a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher2uswest2-28586372
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 270501
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Mar 2022 04:23:31 GMT
server: Apache
etag: "420a5-5d9d5939796c0"
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: lOBPRjYkFz1vRYW1vn2kD3z5JtpOCcKTjjdysPSPf0e5KjLw1ehlBg==

GET
H2 200 cobalt-strike-beacon-1200px-banner.jpg
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2021/10/ 184 KB
185 KB 1556ms
1553ms Image
image/jpeg 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2021/10/cobalt-strike-beacon-1200px-banner.jpg

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

f30733e0e39f5044034df46d3d8c20feaa22cf680bc21398b2359f3555ff5364

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher4uswest2-28586372
strict-transport-security: max-age=63072000; includeSubdomains;
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 23:45:29 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 27449
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 188464
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Oct 2021 03:01:17 GMT
server: Apache
etag: "2e030-5ce474ad49940"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: _97jpa25ccE5Q8dPrEhYQXurPWKnIVNMim2X_CWcnfmzAcos4v1asA==

GET
H2 200 blackberry-logo-square.jpg
blogs.blackberry.com/content/dam/blogs-blackberry-com/images/authors/ 3 KB
3 KB 1556ms
1553ms Image
image/jpeg 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/authors/blackberry-logo-square.jpg

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

7b5dbd37fcc639258ef21f839e379c044a86f7ca588cda61532446bc021f6e04

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher3uswest2-28586372
date: Mon, 16 Sep 2024 07:03:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 1157
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 2701
x-xss-protection: 1; mode=block
last-modified: Wed, 08 Jul 2020 17:55:25 GMT
server: Apache
etag: "a8d-5a9f1cff97d40"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: DltzC5492RJLuRO9pzAuYkC465GmYDiLGgFRHEu0a5-4L28HAyWP2Q==

GET
H2 200 jquery.min.96704cdeb2f89f0504fd10b631047e4f.js Show response
blogs.blackberry.com/etc.clientlibs/shared/clientlibs/ 90 KB
33 KB 1444ms
1439ms Script
application/javascript 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.blackberry.com/etc.clientlibs/shared/clientlibs/jquery.min.96704cdeb2f89f0504fd10b631047e4f.js

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

2c8fe9899a239a897bed8236e08a655a77f4092886c29d9bb417879396abe721

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher3uswest2-28586372
date: Mon, 16 Sep 2024 05:28:17 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
content-encoding: gzip
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-vhost: publish
x-cache: Hit from cloudfront
age: 6881
content-length: 33322
x-xss-protection: 1; mode=block
last-modified: Tue, 02 May 2023 16:44:09 GMT
server: Apache
etag: "1692f-5fab8a5f86840-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
accept-ranges: bytes
x-amz-cf-id: yJmRWFOjlaBsQU0SG3BvQ9ZyvW4MajogYk4Ac5ekh4K4-Y6PwCh5Mg==

GET
H2 200 clientlib-dependencies.min.d41d8cd98f00b204e9800998ecf8427e.js Show response
blogs.blackberry.com/etc.clientlibs/blogs-bbcom/clientlibs/ 0
542 B 1460ms
1456ms Script
application/javascript 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.blackberry.com/etc.clientlibs/blogs-bbcom/clientlibs/clientlib-dependencies.min.d41d8cd98f00b204e9800998ecf8427e.js

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher2uswest2-28586372
date: Mon, 16 Sep 2024 05:28:17 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 6881
x-vhost: publish
x-cache: Hit from cloudfront
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Wed, 19 Aug 2020 17:23:02 GMT
server: Apache
etag: "0-5ad3e417f6980"
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
accept-ranges: bytes
x-amz-cf-id: GVairGpIdf-ft5jBMwFke0zumwgixApeBsW7M0yPb94ZJzSi-QHoSw==

GET
H2 200 clientlib-site.min.a47cb3e62e4ccd60ab52395ad5dd97d8.js Show response
blogs.blackberry.com/etc.clientlibs/blogs-bbcom/clientlibs/ 83 KB
25 KB 1461ms
1457ms Script
application/javascript 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.blackberry.com/etc.clientlibs/blogs-bbcom/clientlibs/clientlib-site.min.a47cb3e62e4ccd60ab52395ad5dd97d8.js

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

84b49327933d0d884dab87e031e8b5245a0277b744bc771d94f652975cd5168d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher4uswest2-28586372
date: Sun, 15 Sep 2024 23:45:29 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
content-encoding: gzip
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-vhost: publish
x-cache: Hit from cloudfront
age: 27449
content-length: 24946
x-xss-protection: 1; mode=block
last-modified: Tue, 10 Sep 2024 19:30:14 GMT
server: Apache
etag: "14a8d-621c8e70f9d80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
accept-ranges: bytes
x-amz-cf-id: KxuB__3PwkYVILAkcvZaAjTCuzSd4YHHgSWYigFHpMhJATSkyZus0A==

GET
H2 200 6373c986-7725-4c54-9731-2a91bdd43107.json Show response
cdn.cookielaw.org/consent/6373c986-7725-4c54-9731-2a91bdd43107/ 4 KB
2 KB 775ms
192ms XHR
application/x-javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6373c986-7725-4c54-9731-2a91bdd43107/6373c986-7725-4c54-9731-2a91bdd43107.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d9b4b18afd07d61da40d745f3e3cad7640d50d04f65ad72d3e92477bfbd7ab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 16 Sep 2024 07:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 53340
content-md5: MmqR1NiayowGMFCIhYzUwg==
content-length: 1692
x-ms-lease-status: unlocked
last-modified: Wed, 27 Mar 2024 15:14:30 GMT
server: cloudflare
etag: 0x8DC4E7099A869D4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 7713d92d-301e-0069-0b59-8000cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c3f1bc0ef840e12-MXP
expires: Tue, 17 Sep 2024 07:22:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 777ms
188ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,900&display=swap

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/etc.clientlibs/blogs-bbcom/clientlibs/clientlib-site.min.54dd5587820b16101b4a5bc26ae87194.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

649d98ea82ac9214aea5d6e18ec9497e6ec40bb0d323c4d702703747d9326943

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 16 Sep 2024 07:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 16 Sep 2024 07:22:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 16 Sep 2024 07:22:58 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
308 B 1087ms
92ms XHR
application/json 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6964d03a8ab5896300c3dd5cb3fc6fa302ef3d1b5453d2021282038af12e5679

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 16 Sep 2024 07:22:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8c3f1bc81d6383bb-MXP
access-control-allow-headers: Content-Type

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 509 KB
136 KB 1094ms
106ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXGFP23

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

82add7bbf3971c9d86d1aee9bd285c91f9df41e739723870aec31a9665ac5051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 16 Sep 2024 07:22:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138767
x-xss-protection: 0
last-modified: Mon, 16 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 16 Sep 2024 07:22:59 GMT

GET
H2 200 bnr-blue-gradient-crop.jpg
blogs.blackberry.com/content/dam/blackberry-com/Images/support/bgs/ 48 KB
49 KB 1551ms
1550ms Image
image/jpeg 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.blackberry.com/content/dam/blackberry-com/Images/support/bgs/bnr-blue-gradient-crop.jpg

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

d104b74bae6e524bb21bfede62a270ff318122d005772d94e6d7cebbc53017fc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher2uswest2-28586372
date: Mon, 16 Sep 2024 05:28:17 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 6881
x-vhost: publish
x-cache: Hit from cloudfront
content-disposition: attachment
content-length: 49272
x-xss-protection: 1; mode=block
last-modified: Fri, 02 Nov 2018 16:55:27 GMT
server: Apache
etag: "c078-579b166f41dc0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: OgUJUOBTikLT1KzzVT2dB-Gf_Mz258LdCBiIlqkuUqb7hcBPtmigSQ==

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 1139ms
73ms Font
font/woff2 216.58.206.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f3.1e100.net

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blogs.blackberry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 12 Sep 2024 14:09:53 GMT
x-content-type-options: nosniff
age: 321186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18536
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Sep 2025 14:09:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 1143ms
78ms Font
font/woff2 216.58.206.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f3.1e100.net

Software

sffe /

Resource Hash

1b150c409df2cca1e55ffc6e55b649980f9a282bb6b25da6186d5ed55741141b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blogs.blackberry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 10:53:59 GMT
x-content-type-options: nosniff
age: 160140
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18436
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Sep 2025 10:53:59 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
19 KB 1105ms
40ms Font
font/woff2 216.58.206.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f3.1e100.net

Software

sffe /

Resource Hash

4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blogs.blackberry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 01:09:23 GMT
x-content-type-options: nosniff
age: 195216
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18492
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Sep 2025 01:09:23 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/ 442 KB
107 KB 78ms
65ms Script
application/javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 16 Sep 2024 07:22:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: kUodklFyKXDEOUEPkRF3YA==
age: 34574
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 109667
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:19 GMT
server: cloudflare
etag: 0x8DCA5DFBFFA9F82
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 0edf8d45-001e-008f-6dc9-d7ddd6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c3f1bc8e9f959d1-MXP

POST
H2 200 collect
www.google.com/ccm/ 0
0 486ms
55ms Ping
text/html 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer&frm=0&rnd=1167950641.1726471379&auid=31207020.1726471379&npa=0&gtm=45be4990v879016845za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&tft=1726471379424&tfd=3442&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-944900006
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/944900006/ 43 B
571 B 792ms
226ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/944900006/?random=1726471379413&cv=11&fst=1726471379413&bg=ffffff&guid=ON&async=1&gtm=45be4990v879016845za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer&hn=www.googleadservices.com&frm=0&tiba=Threat%20Thursday%3A%20CryptBot%20Infostealer%20Masquerades%20as%20Cracked%20Software&npa=0&pscdl=noapi&auid=31207020.1726471379&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-944900006

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Sep 2024 07:23:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 944900006
td.doubleclick.net/td/rul/ Frame F699 0
0 781ms
177ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/944900006?random=1726471379413&cv=11&fst=1726471379413&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4990v879016845za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer&hn=www.googleadservices.com&frm=0&tiba=Threat%20Thursday%3A%20CryptBot%20Infostealer%20Masquerades%20as%20Cracked%20Software&npa=0&pscdl=noapi&auid=31207020.1726471379&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-944900006

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.blackberry.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Sep 2024 07:23:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 758ms
56ms Script
application/javascript 2.21.20.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGFP23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.20.144 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-20-144.deploy.static.akamaitechnologies.com

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 16 Sep 2024 07:23:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=32862
accept-ranges: bytes
content-length: 14628

GET
H2 200 gxxdrnmwti55.js Show response
js.driftt.com/include/1726471500000/ 221 KB
62 KB 378ms
198ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1726471500000/gxxdrnmwti55.js

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a9c06804242819b18af434dfa96d939ba88510b3982da0e1691a23c48db42a7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: a4k69WVWquQ1jW2_kBtTfxPdsnon1ibv
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Mon, 16 Sep 2024 07:22:59 GMT
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 39
last-modified: Tue, 10 Sep 2024 16:08:07 GMT
server: istio-envoy
etag: W/"7cbd84669081c065085f24294606507a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xlr3coa15yOgWpGpdVhlz50Af71N3R6ETARAwsVM0x581Y2e75bbsQ==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6373c986-7725-4c54-9731-2a91bdd43107/9e208558-f566-473d-a508-55094f18fb7b/ 61 KB
15 KB 77ms
77ms Fetch
application/x-javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6373c986-7725-4c54-9731-2a91bdd43107/9e208558-f566-473d-a508-55094f18fb7b/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8024354650d113450ed53ddc61ba90afc651aa78e9d4cede6fd60d4198a656bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 16 Sep 2024 07:22:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 63657
content-md5: GziNDv8n0lfXzlWb+o3MQQ==
content-length: 14975
x-ms-lease-status: unlocked
last-modified: Wed, 27 Mar 2024 15:14:30 GMT
server: cloudflare
etag: 0x8DC4E709A2DD9D2
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 8f925347-601e-0076-5549-acc5d5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c3f1bca0c3b0e12-MXP
expires: Tue, 17 Sep 2024 07:22:59 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 13 KB
3 KB 74ms
74ms Fetch
application/json 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 16 Sep 2024 07:22:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: gWbZdVb/GsEUTnv/p/InTg==
age: 53340
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:12 GMT
server: cloudflare
etag: 0x8DCA5DFBBC2C661
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0db07250-301e-004b-0f7d-d8a210000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c3f1bcafd710e12-MXP

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 5 KB
2 KB 90ms
88ms Fetch
application/json 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 16 Sep 2024 07:22:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: yb3U5LP1G8IlMRT4O3b4PA==
age: 53340
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1738
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:14 GMT
server: cloudflare
etag: 0x8DCA5DFBCCCC97D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: d12b2599-501e-003d-64e7-d726ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c3f1bcb0d8b0e12-MXP

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 24 KB
4 KB 87ms
86ms Fetch
text/css 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 16 Sep 2024 07:22:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: 4ErYmXXFNbMLrnc9DrDTsg==
age: 53340
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 788f0754-401e-00e5-76d0-d7817d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8c3f1bcb0d8c0e12-MXP

GET
H2 200 jquery.touchSwipe.min.js Show response
blogs.blackberry.com/etc.clientlibs/bbcom/clientlibs/clientlib-etc-legacy/resources/bbcom-aem-project/scripts/plugins/touchswipe/ 20 KB
6 KB 459ms
440ms XHR
application/javascript 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.blackberry.com/etc.clientlibs/bbcom/clientlibs/clientlib-etc-legacy/resources/bbcom-aem-project/scripts/plugins/touchswipe/jquery.touchSwipe.min.js?_=1726471379695

Requested by

Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/etc.clientlibs/shared/clientlibs/jquery.min.96704cdeb2f89f0504fd10b631047e4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

9167cb37ed21405ef9556646b83789a2099c15398f5cea867470df1e81752e17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher4uswest2-28586372
strict-transport-security: max-age=63072000; includeSubdomains;
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
date: Mon, 16 Sep 2024 07:02:12 GMT
x-amz-cf-pop: FRA56-P3
age: 1247
x-vhost: publish
x-cache: Hit from cloudfront
content-length: 5051
x-xss-protection: 1; mode=block
last-modified: Wed, 19 Aug 2020 17:22:50 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: mxbZLbQRGcO7L3cbrXGvrjY_9vLAn06vuLqjO6gBUI07tIkzbQGUhQ==

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
816 B 1033ms
239ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=5079393&time=1726471380306&url=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 16 Sep 2024 07:23:00 GMT
content-encoding: gzip
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 5A09A6E48335477D924AD7A0246F37F5 Ref B: MRS20EDGE0118 Ref C: 2024-09-16T07:23:01Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lor1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYiN3FkWsVD6rVGICKGcQ==
x-fs-uuid: 0006223771645ac543eab54620228671

GET
H2 200 collect
px.ads.linkedin.com/ 0
670 B 984ms
191ms Image
application/javascript 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5079393&time=1726471380306&url=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer
Requested by: Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 16 Sep 2024 07:23:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F1D4BEEE3C8C4EA2B5017EA373B7232A Ref B: MRS20EDGE0118 Ref C: 2024-09-16T07:23:01Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYiN3FkC4b687vr+nc0Gw==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
200 B 194ms
193ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 16 Sep 2024 07:23:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: FC2567E04A204B9C8A57563CE3BAE139 Ref B: MRS20EDGE0118 Ref C: 2024-09-16T07:23:01Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://blogs.blackberry.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYiN3FnSGxJmYklGdS7eg==

GET
H2 200 core
js.driftt.com/ Frame 166C 0
0 514ms
356ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=gxxdrnmwti55&eId=gxxdrnmwti55&region=US&forceShow=false&skipCampaigns=false&sessionId=e417c2d7-b607-4da8-ac4f-33531f05bd61&sessionStarted=1726471381.312&campaignRefreshToken=f1ca4ee7-5282-468b-aef9-bec25630407d&hideController=false&pageLoadStartTime=1726471376879&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1726471500000/gxxdrnmwti55.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.blackberry.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 16 Sep 2024 07:23:01 GMT
etag: W/"7fa6273776a10e1cff36c7df5a64a35b"
last-modified: Tue, 10 Sep 2024 16:07:57 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b4f72de8ce5f3b4b4240eccfbd3d12a6.cloudfront.net (CloudFront)
x-amz-cf-id: EqUbzc1Zq2HF2d5fPfkUE9jxJXnOOYVKrEAM3MOPlNQVKwFapixD-g==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: Y5ufFSgiGhxIMl_WU.GqRDbmBkzut3.t
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

GET
H2 200 chat
js.driftt.com/core/ Frame 9E20 0
0 514ms
357ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1726471376879

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1726471500000/gxxdrnmwti55.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.blackberry.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 16 Sep 2024 07:23:01 GMT
etag: W/"7fa6273776a10e1cff36c7df5a64a35b"
last-modified: Tue, 10 Sep 2024 16:07:57 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b4f72de8ce5f3b4b4240eccfbd3d12a6.cloudfront.net (CloudFront)
x-amz-cf-id: HIn0ADUGGTdW0ks7FSGMtoaNPrTtTt2G71MA9PPlT9IaYU3mLMjWig==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: Y5ufFSgiGhxIMl_WU.GqRDbmBkzut3.t
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 23

GET
H2 200 favicon.ico
blogs.blackberry.com/etc.clientlibs/bbcom/clientlibs/clientlib-etc-legacy/resources/bbcom-aem-project/images/ 5 KB
2 KB 59ms
58ms Other
image/vnd.microsoft.icon 52.222.214.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.blackberry.com/etc.clientlibs/bbcom/clientlibs/clientlib-etc-legacy/resources/bbcom-aem-project/images/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-81.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

751fd9b76bb578dbafce1e6d416f2861b5b87d0f16fe84dc7705d9ad67bda0b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher4uswest2-28586372
date: Sun, 15 Sep 2024 23:20:52 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
content-encoding: gzip
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-vhost: publish
x-cache: Hit from cloudfront
age: 28931
content-length: 1183
x-xss-protection: 1; mode=block
last-modified: Wed, 19 Aug 2020 17:22:50 GMT
server: Apache
etag: "1536-5ad3e40c84e80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
cache-control: max-age=86400, public
accept-ranges: bytes
x-amz-cf-id: lBJgaEm9MzFl_y01rv8IpvdY7qhFzPr1Fu6a7N-K-zG5Ag2UGytldw==

GET ip.json
api.company-target.com/api/v3/ 0
0

GET
H2 200 / Show response
geolocation-db.com/json/ 145 B
255 B 253ms
57ms XHR
text/html 159.89.102.253

General

Check archive.org

Show headers Download Go to

Full URL: https://geolocation-db.com/json/
Requested by: Host: blogs.blackberry.com
URL: https://blogs.blackberry.com/en/2022/03/threat-thursday-cryptbot-infostealer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.89.102.253 -, , ASN (),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e210b23f25389ad37136460f5a9472f86aa1d4a445f3d96ee0feddb58f94b9a6

Request headers

Referer: https://blogs.blackberry.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 16 Sep 2024 07:23:06 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.company-target.com
URL: https://api.company-target.com/api/v3/ip.json?auth=2OwrhQcQTUj3DLXEdboWdpNQmQrvYHDIFiDhYjst&page=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer&page_title=Threat%20Thursday%3A%20CryptBot%20Infostealer%20Masquerades%20as%20Cracked%20Software&referrer=

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blackberry.com/	1970-01-21 01:44:07	Name: _gcl_au Value: 1.1.31207020.1726471379
.blogs.blackberry.com/	1970-01-21 03:53:43	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Sep+16+2024+09%3A22%3A59+GMT%2B0200+(Ora+legale+dell%E2%80%99Europa+centrale)&version=202403.1.0&browserGpcFlag=0&isIABGlobal=false&landingPath=https%3A%2F%2Fblogs.blackberry.com%2Fen%2F2022%2F03%2Fthreat-thursday-cryptbot-infostealer&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H5%3A0%2CH124%3A0%2CH231%3A0%2CH197%3A0%2CH171%3A0%2CH360%3A0%2CH215%3A0%2CH6%3A0%2CH7%3A0%2CH15%3A0%2CH363%3A0%2CH434%3A0%2CH233%3A0%2CH364%3A0%2CH314%3A0%2CH326%3A0%2CH25%3A0%2CH435%3A0%2CH452%3A0%2CH31%3A0%2CH42%3A0%2CH283%3A0%2CH44%3A0%2CH458%3A0%2CH368%3A0%2CH47%3A0%2CH50%3A0%2CH52%3A0%2CH337%3A0%2CH60%3A0%2CH395%3A0%2CH375%3A0%2CH449%3A0%2CH69%3A0%2CH73%3A0%2CH463%3A0%2CH441%3A0&genVendors=
.doubleclick.net/	1970-01-20 23:34:32	Name: test_cookie Value: CheckForPermission
.linkedin.com/	1970-01-21 08:20:07	Name: bcookie Value: "v=2&d8e18ac9-792f-4342-81ae-b5487d80cb16"
.linkedin.com/	1970-01-21 03:53:43	Name: li_gc Value: MTswOzE3MjY0NzEzODE7MjswMjEk36g3G7WNACUx5Dxce/Ml+E9LZTQj+UqMDeMSomoEmA==
.linkedin.com/	1970-01-20 23:35:57	Name: lidc Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3497:u=1:x=1:i=1726471381:t=1726557781:v=2:sig=AQE8aA_LdGOExB78lm7ZF1Ol90Kljo1Q"
blogs.blackberry.com/	1970-01-20 23:34:33	Name: drift_campaign_refresh Value: f1ca4ee7-5282-468b-aef9-bec25630407d

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://kit.fontawesome.com/3c243f8233.js Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
blogs.blackberry.com
cdn.cookielaw.org
fonts.googleapis.com
fonts.gstatic.com
geolocation-db.com
geolocation.onetrust.com
googleads.g.doubleclick.net
js.driftt.com
kit.fontawesome.com
px.ads.linkedin.com
snap.licdn.com
td.doubleclick.net
www.google.com
www.googletagmanager.com
api.company-target.com
104.18.86.42
13.107.42.14
142.250.184.194
142.250.184.202
142.250.185.68
142.250.186.40
142.250.186.98
159.89.102.253
172.64.147.188
172.64.155.119
18.245.86.73
18.245.86.77
2.21.20.144
216.58.206.35
52.222.214.81
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
0d6c1c4e26ad9b975c8d5a04e36ecc1ac6460ac414a880654c2810e2ce9f52c8
14b4829a35b8e60b8b06dbe0e8ab5e958e03a65dd54d4ca3012b008da1cbf0cc
1b150c409df2cca1e55ffc6e55b649980f9a282bb6b25da6186d5ed55741141b
1d9b4b18afd07d61da40d745f3e3cad7640d50d04f65ad72d3e92477bfbd7ab1
297b139c52792ae8b27e5531f91d2af35451bf5e8f95bbc1960cca6717a3f1d3
2c8fe9899a239a897bed8236e08a655a77f4092886c29d9bb417879396abe721
2ec54e382481140e39b389d235cc35451fd7f8e286840d8dea664a9454a5373f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46bdacc819263327f9840d86a4512111e8709e3830f18e706619c4378c5880df
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
649d98ea82ac9214aea5d6e18ec9497e6ec40bb0d323c4d702703747d9326943
6964d03a8ab5896300c3dd5cb3fc6fa302ef3d1b5453d2021282038af12e5679
6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6
71117fe4bf34368700623873c336e70291755a0dca74ceb5ebfef880bd4b717f
751fd9b76bb578dbafce1e6d416f2861b5b87d0f16fe84dc7705d9ad67bda0b1
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
7adf4e26debc21eca46d0b266703acf8fb132fc0a75382c1f879f27066f9e9aa
7b5dbd37fcc639258ef21f839e379c044a86f7ca588cda61532446bc021f6e04
8024354650d113450ed53ddc61ba90afc651aa78e9d4cede6fd60d4198a656bc
82add7bbf3971c9d86d1aee9bd285c91f9df41e739723870aec31a9665ac5051
84b49327933d0d884dab87e031e8b5245a0277b744bc771d94f652975cd5168d
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
9167cb37ed21405ef9556646b83789a2099c15398f5cea867470df1e81752e17
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
a9c06804242819b18af434dfa96d939ba88510b3982da0e1691a23c48db42a7a
b212d247d6338572dae60c8b7b63d42639dfbac54d2e295b03e6684be1e5b302
bb1bcfc6318ec6edbf0ef31b945798d4f0c7e02536c9b9a5de6b0f68cca00b4e
cae5376e018c99723dbda3ee1ca8f3a9976abf31dadfe4507fd08cc8678b63a2
cd651cbad12e404ff39c334cfe63fffea31d90f502278190559d3f14f614e4f1
d104b74bae6e524bb21bfede62a270ff318122d005772d94e6d7cebbc53017fc
dc4c8b621f0ecfb020b397f59f2fe0c3e0b96c8d0a1e9511b0b083b667c4468a
e210b23f25389ad37136460f5a9472f86aa1d4a445f3d96ee0feddb58f94b9a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68e061bfcd9da8ae5f45f6bb6ed6b8f7dc51a77bd12cb168281efda1a68a03a
f30733e0e39f5044034df46d3d8c20feaa22cf680bc21398b2359f3555ff5364
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f8d8bbb5d080a816cf689ffc662b94c714238d3cc54f37f14f6162e8fa383193

blogs.blackberry.com Open in urlscan Pro 52.222.214.81 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

48 Requests

98 %HTTPS

0 %IPv6

14 Domains

15 Subdomains

16 IPs

3 Countries

3534 kBTransfer

5016 kBSize

7 Cookies

28 Outgoing links

Page URL History

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blogs.blackberry.com Open in urlscan Pro
52.222.214.81 Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

98 %
HTTPS

0 %
IPv6

14
Domains

15
Subdomains

16
IPs

3
Countries

3534 kB
Transfer

5016 kB
Size

7
Cookies

48 HTTP transactions
0 data transactions