www.intezer.com Open in urlscan Pro
199.16.172.82 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/'
Effective URL:
https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Submission: On April 26 via api (April 26th 2022, 3:43:38 pm UTC) from CA — Scanned from CA

Summary HTTP 145 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 34 IPs in 4 countries across 28 domains to perform 145 HTTP transactions. The main IP is 199.16.172.82, located in United States and belongs to AUTOMATTIC, US. The main domain is www.intezer.com.
TLS certificate: Issued by R3 on April 23rd 2022. Valid for: 3 months.

This is the only time www.intezer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 14	199.16.172.82 199.16.172.82	2635 (AUTOMATTIC) (AUTOMATTIC)
8	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
62	192.0.77.39 192.0.77.39	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2607:f8b0:400... 2607:f8b0:4006:808::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:816::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2607:f8b0:400... 2607:f8b0:4006:80d::2004	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	142.250.80.2 142.250.80.2	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
1	146.75.36.157 146.75.36.157	54113 (FASTLY) (FASTLY)
1	2600:141b:500... 2600:141b:5000::b81d:8f8a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	99.84.42.65 99.84.42.65	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
3	2607:f8b0:400... 2607:f8b0:4006:80a::2003	15169 (GOOGLE) (GOOGLE)
1	20.101.172.120 20.101.172.120	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.230.102.38 54.230.102.38	16509 (AMAZON-02) (AMAZON-02)
3	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::9b	15169 (GOOGLE) (GOOGLE)
2	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	104.18.100.194 104.18.100.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:edcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:823::2003	15169 (GOOGLE) (GOOGLE)
2	34.237.177.253 34.237.177.253	14618 (AMAZON-AES) (AMAZON-AES)
3	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.146.114 143.204.146.114	16509 (AMAZON-02) (AMAZON-02)
1	54.155.9.137 54.155.9.137	16509 (AMAZON-02) (AMAZON-02)
145	34

14 199.16.172.82 (United States) 1 redirects

ASN2635 (AUTOMATTIC, US)

www.intezer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 192.0.77.39 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

149520725.v2.pressablecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:808::200a (Staten Island, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:816::2008 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:80d::2004 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.2 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80d::200e (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.36.157 (Reston, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:5000::b81d:8f8a (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.42.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-42-65.ewr52.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80a::2003 (Staten Island, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.101.172.120 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

csp-prod.intezer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.102.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-102-38.ewr53.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:821::2002 (Staten Island, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::9b (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.100.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:824::2003 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:edcc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9a55 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:823::2003 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.237.177.253 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-177-253.compute-1.amazonaws.com

secure.gaug.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.146.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-146-114.ewr52.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.9.137 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-9-137.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	pressablecdn.com 149520725.v2.pressablecdn.com	2 MB
15	intezer.com 1 redirects www.intezer.com csp-prod.intezer.com	56 KB
10	wp.com c0.wp.com — Cisco Umbrella Rank: 6825 stats.wp.com — Cisco Umbrella Rank: 2453 pixel.wp.com — Cisco Umbrella Rank: 2296	38 KB
8	google.com www.google.com — Cisco Umbrella Rank: 2	40 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	359 KB
5	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 397 www.linkedin.com — Cisco Umbrella Rank: 577 px4.ads.linkedin.com — Cisco Umbrella Rank: 4570	4 KB
4	google.ca www.google.ca — Cisco Umbrella Rank: 8335	693 B
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 stats.g.doubleclick.net — Cisco Umbrella Rank: 80	4 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 591 script.hotjar.com — Cisco Umbrella Rank: 840 vars.hotjar.com — Cisco Umbrella Rank: 885 in.hotjar.com — Cisco Umbrella Rank: 1617	67 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	62 KB
3	hubspot.com api.hubspot.com — Cisco Umbrella Rank: 4430 track.hubspot.com — Cisco Umbrella Rank: 2107	2 KB
2	gaug.es secure.gaug.es — Cisco Umbrella Rank: 29169	4 KB
2	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 510	541 B
2	t.co t.co — Cisco Umbrella Rank: 486	520 B
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 498	554 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 137	113 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 103	32 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2178	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 58	125 KB
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3795	59 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2018	16 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 1999	20 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4737	22 KB
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1521	157 B
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1368	7 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 780	3 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 582	10 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39	1 KB
145	28

	Domain	Requested by
62	149520725.v2.pressablecdn.com	www.intezer.com 149520725.v2.pressablecdn.com
14	www.intezer.com	1 redirects www.intezer.com 149520725.v2.pressablecdn.com
8	www.google.com	www.intezer.com www.gstatic.com www.google.com
8	c0.wp.com	www.intezer.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.ca	www.intezer.com
4	www.google-analytics.com	www.googletagmanager.com www.intezer.com
3	px.ads.linkedin.com	3 redirects
3	googleads.g.doubleclick.net	www.googleadservices.com
3	fonts.gstatic.com	fonts.googleapis.com www.google.com
2	api.hubspot.com	js.usemessages.com
2	secure.gaug.es	www.intezer.com
2	p.adsymptotic.com	1 redirects www.intezer.com
2	t.co	www.intezer.com
2	analytics.twitter.com	www.intezer.com
2	connect.facebook.net	www.intezer.com connect.facebook.net
2	www.googleadservices.com	www.intezer.com www.googletagmanager.com
2	js.hs-scripts.com	www.intezer.com
2	www.googletagmanager.com	www.intezer.com
2	static.addtoany.com	www.intezer.com static.addtoany.com
1	track.hubspot.com
1	in.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	pixel.wp.com	www.intezer.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	px4.ads.linkedin.com	1 redirects
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	script.hotjar.com	static.hotjar.com
1	csp-prod.intezer.com	www.intezer.com
1	alb.reddit.com	www.intezer.com
1	www.redditstatic.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	stats.wp.com	www.intezer.com
1	fonts.googleapis.com	www.intezer.com
145	39

This site contains links to these domains. Also see Links.

Domain
support.intezer.com
analyze.intezer.com
www.addtoany.com
www.fortinet.com
blog.malwarebytes.com
en.wikipedia.org
github.com
www.cnbc.com
www.fireeye.com
securelist.com
quointelligence.eu
www.welivesecurity.com
vk-intel.org
www.justice.gov
attack.mitre.org
www.youtube.com
www.facebook.com
www.linkedin.com
twitter.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2022-04-23` - `2022-07-22`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.v2.pressablecdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2022-08-16`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-01` - `2022-05-02`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2022-08-16`	6 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.intezer.com Go Daddy Secure Certificate Authority - G2	`2022-01-16` - `2023-01-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.gaug.es Sectigo RSA Domain Validation Secure Server CA	`2022-02-18` - `2023-03-20`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Frame ID: CF12EA737123FFEF8103BD76D30C1E24
Requests: 136 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: 962BDB0305800826B9C6BF097CEFB23F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=QENb_qRrX0-mQMyENQjD6Fuj&size=invisible&cb=bdgm9rp6iwc8
Frame ID: F8C3B6D888EF385D0504144A81432F20
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Targeted Phishing Attack against Ukraine Government Expands to Georgia

Page URL History Show full URLs

https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-... HTTP 301
https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

145
Requests

99 %
HTTPS

54 %
IPv6

28
Domains

39
Subdomains

34
IPs

4
Countries

3362 kB
Transfer

6174 kB
Size

35
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://support.intezer.com/hc/en-us
Title: Docs & API

Search URL Search Domain Scan URL

URL: https://analyze.intezer.com/sign-in/?utm_campaign=login-btn&utm_source=intezer
Title: Log in

Search URL Search Domain Scan URL

URL: https://analyze.intezer.com/
Title: Start Analyzing Now

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

URL: https://www.fortinet.com/blog/threat-research/spearphishing-attack-uses-covid-21-lure-to-target-ukrainian-government
Title: Fortinet published a report

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/
Title: Saint Bot downloader

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Merkava
Title: Merkava

Search URL Search Domain Scan URL

URL: https://analyze.intezer.com/files/0d83c1f7d2d7ea0e7fe144933bfa9dd314dae3937af714ea9274f43641756060

Search URL Search Domain Scan URL

URL: https://github.com/intezer/community-intellignce/blob/master/AutoIt_Infostealer_GE_UA.txt
Title: AutoIt script’s

Search URL Search Domain Scan URL

URL: http://analyze.intezer.com/sign-in
Title: Intezer Analyze

Search URL Search Domain Scan URL

URL: https://www.cnbc.com/2014/10/28/russian-hackers-target-nato-military-secrets.html
Title: CNBC, Russian Hackers Target NATO, Military Secrets

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
Title: FireEye, APT28: A Window Into Russia’s Cyber Espionage Operations?

Search URL Search Domain Scan URL

URL: https://securelist.com/greyenergys-overlap-with-zebrocy/89506/
Title: Kaspersky, GreyEnergy’s Overlap with Zebrocy

Search URL Search Domain Scan URL

URL: https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/
Title: Quointelligence,

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Title: ESET, Sednit Update: Analysis of Zebrocy

Search URL Search Domain Scan URL

URL: https://vk-intel.org/2019/01/22/lets-learn-progression-of-apt28-autoit-zebrocy-downloaders-source-code-level-analysis/
Title: VK-Intel. Let’s Learn: Progression of APT28 AutoIt Zebrocy Downloaders: Source-Code Level Analysis

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/
Title: ESET, A Journey to Zebrocy Land

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/
Title: ESET, Sednit: What’s Going on with Zebrocy?

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/page/file/1098481/download
Title: Brady, S. Indictment – United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020

Search URL Search Domain Scan URL

URL: https://www.justice.gov/file/1080281/download
Title: Mueller, R. Indictment – United States of America vs. Viktor Borisovich Netyksho, et al. Retrieved September 13, 2018

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/groups/G0007/
Title: APT28 MITRE ATT&CK

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0251/
Title: Zebrocy MITRE ATT&CK

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCt5L5ztHh-C1NCKa6bKjXFQ?view_as=subscriber

Search URL Search Domain Scan URL

URL: https://www.facebook.com/IntezerLabs/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/intezer-labs

Search URL Search Domain Scan URL

URL: https://twitter.com/intezerlabs

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/' HTTP 301
https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 109

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1327356%26time%3D1650987812683%26url%3Dhttps%253A%252F%252Fwww.intezer.com%252Fblog%252Fmalware-analysis%252Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&cookiesTest=true&liSync=true&e_ipv6=AQKSnxOSDTjyOAAAAYBmislD_SzVfuYhp1KkoCLy-GjQT3fB39_eWUrq498KoDG_9bnBfuvUog HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=e5a8b9e9-3d78-41c9-b0ec-6c13249105f1 HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=e5a8b9e9-3d78-41c9-b0ec-6c13249105f1&_expected_cookie=6b1405f5824bf6984844f28fde6fe640

145 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Redirect Chain

https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/'
https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

134 KB
31 KB

1019ms
1019ms

Document
text/html

199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1de5176439c1a5ceb7cc46576b45cfaaf5fb756d732bb0f7a13cea7b64f6b72d

Security Headers

Name

Value

Content-Security-Policy

frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net *.hsforms.net *.js-hsforms.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.hsforms.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.hsforms.com/ https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2

Strict-Transport-Security

max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net *.hsforms.net *.js-hsforms.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.hsforms.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.hsforms.com/ https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
content-type: text/html; charset=UTF-8
date: Tue, 26 Apr 2022 15:43:32 GMT
host-header: Pressable
link: <https://www.intezer.com/wp-json/>; rel="https://api.w.org/" <https://www.intezer.com/wp-json/wp/v2/posts/20133>; rel="alternate"; type="application/json"
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 1.yyz _atomic_dca

Redirect headers

cache-control: max-age=3600
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net *.hsforms.net *.js-hsforms.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.hsforms.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.hsforms.com/ https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
content-type: text/html; charset=UTF-8
date: Tue, 26 Apr 2022 15:43:31 GMT
expires: Tue, 26 Apr 2022 16:43:30 GMT
host-header: Pressable
last-modified: Tue, 26 Apr 2022 15:43:30 GMT
location: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
server: nginx
strict-transport-security: max-age=31536000
vary: Cookie
x-ac: 1.yyz _atomic_dca
x-nananana: Batcache-Set
x-redirect-by: WordPress

GET
H2 200 style.min.css
c0.wp.com/c/5.9.3/wp-includes/css/dist/block-library/ 81 KB
11 KB 52ms
16ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 30 Mar 2022 11:30:25 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 styles-blocks.css
149520725.v2.pressablecdn.com/wp-content/plugins/prismatic/css/ 526 B
528 B 57ms
16ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/prismatic/css/styles-blocks.css?ver=69620a8ea322898ee44dac014d43fe0a

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

dc8e317c924d49916e599d91520cb5f64eb9b1ff74120e5d058ca526d0ec6266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 16 Jan 2022 06:51:34 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/prismatic/css/styles-blocks.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/ 11 KB
2 KB 52ms
16ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/ 4 KB
1 KB 52ms
16ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 styles.css
149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 57ms
16ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 14:36:18 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/contact-form-7/includes/css/styles.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.css
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/ 187 KB
24 KB 57ms
16ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/bootstrap.css?ver=69620a8ea322898ee44dac014d43fe0a

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c40a0cdd5ab5dcc4da78066f70839808bb4ee8fb2f3360dec64fde438770b099

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 13 Dec 2020 07:21:39 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/css/bootstrap.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.min.css
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/ 30 KB
7 KB 57ms
17ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/font-awesome.min.css?ver=69620a8ea322898ee44dac014d43fe0a

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 13 Dec 2020 07:21:41 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/css/font-awesome.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/ 189 KB
37 KB 186ms
146ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f0761f2a521096ebcc6b36e0d165e69a3484998ea0eff57d67f5611f8d535c31

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 20 Apr 2022 15:43:09 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/style.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.basic.css
149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/ 17 KB
4 KB 57ms
17ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/style.basic.css?ver=4.9.5

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

8e1d3542f4ea0a232b64a279e38b4cc9d666ae94a91abd25fff1a165194322cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 14 Nov 2021 10:09:58 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/ajax-search-lite/css/style.basic.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style-curvy-blue.css
149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/ 6 KB
1 KB 57ms
17ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/style-curvy-blue.css?ver=4.9.5

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2f43834f6edfa66b7a0fdc9d6e2178047a399d6e5e5caec34af8212a65973a9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 14 Nov 2021 10:09:58 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/ajax-search-lite/css/style-curvy-blue.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.css
149520725.v2.pressablecdn.com/wp-content/plugins/simple-lightbox/client/css/ 232 B
367 B 77ms
37ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/simple-lightbox/client/css/app.css?ver=2.8.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

570a4964629f982285ef5282d47767738b4ef2f75cb8bad8ccfc206683ee1d0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 06:28:43 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/plugins/simple-lightbox/client/css/app.css>; rel="canonical"
content-length: 232
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.css
149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/ 1 KB
563 B 76ms
36ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Mon, 31 Jan 2022 10:46:21 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/add-to-any/addtoany.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/ 2 KB
626 B 77ms
38ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/style.css?ver=2.1.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

dc19c2e40e42974f0416a3f4cc97e2dbb85a5b5598b76a75e9254164922e7be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:15 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/cf7-conditional-fields/style.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/css/ 84 KB
17 KB 76ms
37ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/css/jetpack.css?ver=10.9-a.7

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

86c8f0ef3d5c51e837bd0c69424d11e9e8522f834e1c18d620073db93b5c79f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Tue, 12 Apr 2022 17:20:54 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/jetpack/css/jetpack.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 81ms
35ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans&display=swap

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200a Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ce820ddde3b57db396b814b8bbd40e27edef6f5eab951b2053e934dd47e9e1c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 14:16:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 26 Apr 2022 15:43:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 26 Apr 2022 15:43:32 GMT

GET
H2 200 /
www.intezer.com/ 6 KB
3 KB 238ms
237ms Stylesheet
text/css 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/?custom-css=79c8f516d6

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

79adde0dc23cba461e09967e3ceaa077a56e717d1eb2d4f1273a2e8d0f7ccf7c

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nananana: Batcache-Hit
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 26 Apr 2022 15:41:24 GMT
server: nginx
date: Tue, 26 Apr 2022 15:43:32 GMT
vary: Accept-Encoding, Cookie
content-type: text/css;charset=utf-8
cache-control: max-age=172, must-revalidate
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net *.hsforms.net *.js-hsforms.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.hsforms.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.hsforms.com/ https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
x-ac: 1.yyz _atomic_dca
host-header: Pressable
expires: Wed, 26 Apr 2023 15:41:24 GMT

GET
H2 200 videopress-token-bridge.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/modules/videopress/js/ 1 KB
601 B 77ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/modules/videopress/js/videopress-token-bridge.js?ver=6

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b85ee094553ce0149f659a0218a9085df755924b32ca35ee5f42245ab0cd8b8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Tue, 12 Apr 2022 17:20:54 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/jetpack/modules/videopress/js/videopress-token-bridge.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 72 KB
26 KB 84ms
37ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 120382
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 08:23:25 GMT
server: cloudflare
etag: W/"11ee2-5d2116348919c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 70206f41b8c77142-YUL
cf-bgj: minify

GET
H2 200 jquery-3.2.1.min.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 85 KB
31 KB 76ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=69620a8ea322898ee44dac014d43fe0a

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 13 Dec 2020 07:21:10 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 147 KB
55 KB 87ms
39ms Script
application/javascript 2607:f8b0:4006:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-725468766

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2008 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6418a65fb714617d8ed7bceb01ce406b71c28492303729da73176b3714822b18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55927
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 26 Apr 2022 15:43:32 GMT

GET
H2 200 intezer-logo-n.png
149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/ 3 KB
4 KB 32ms
30ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/intezer-logo-n.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:09:13 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2020/05/intezer-logo-n.png>; rel="canonical"
content-length: 3525
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 logo-analize-logo-trans-ozsmvqchu4xq3efimwjdhr1x8rgjihbqxejnle9j9u.png
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/thumbs/ 3 KB
3 KB 31ms
29ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/thumbs/logo-analize-logo-trans-ozsmvqchu4xq3efimwjdhr1x8rgjihbqxejnle9j9u.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

af2e2283ffc4d9ca0e8be05032a6e2d7fe7daa868ad02fa1f61fc648e08336b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Wed, 24 Feb 2021 10:19:00 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/elementor/thumbs/logo-analize-logo-trans-ozsmvqchu4xq3efimwjdhr1x8rgjihbqxejnle9j9u.png>; rel="canonical"
content-length: 2781
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 226 KB
70 KB 121ms
74ms Script
application/javascript 2607:f8b0:4006:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2008 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5844dcc521e41b16204856d4b39a3383ef5afcc4260594e068aaea3db7b2f9be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71851
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 26 Apr 2022 15:43:32 GMT

GET
H2 200 IMG_20200610_100615-60x60.jpg
149520725.v2.pressablecdn.com/wp-content/uploads/2020/06/ 1 KB
1 KB 23ms
19ms Image
image/jpeg 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/06/IMG_20200610_100615-60x60.jpg

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5a35d508211c6bd5dac6d018cea76b31f54c2f0ea1d566959bee4e73c619812a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:13:15 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2020/06/IMG_20200610_100615-60x60.jpg>; rel="canonical"
content-length: 1218
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 shutterstock_1821454085.jpg
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 343 KB
344 KB 402ms
393ms Image
image/jpeg 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/shutterstock_1821454085.jpg

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

89e121efb560fd72f5adf01a28c1dd9531dd81c723a8c6cc8e714eb2b7587269

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Wed, 14 Jul 2021 12:13:09 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/shutterstock_1821454085.jpg>; rel="canonical"
content-length: 351683
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 intezer-cube.png
www.intezer.com/wp-content/uploads/2022/03/ 562 B
665 B 231ms
212ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/uploads/2022/03/intezer-cube.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

90fbf2b127b801f3226f7260c0440085ed2196b17dda6225df36673e46a23238

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Thu, 24 Mar 2022 15:44:02 GMT
server: nginx
etag: "623c91c2-232"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 562
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 facebook.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 510 B
625 B 134ms
116ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/facebook.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

65a52f6e516f0c632596218b193336646905690934acda722c840c621d7e56d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:23:29 GMT
server: nginx
etag: "5fd5c171-1fe"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 510
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 twitter.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 428 B
474 B 226ms
208ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/twitter.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

161dab58676b279f43addcbc3f800ac11276f20f15866ba7f7b5c60bc01b065b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:23:29 GMT
server: nginx
etag: "5fd5c171-1ac"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 428
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 linkedin.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 576 B
645 B 237ms
213ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/linkedin.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

534708b43bc02cb8910f2c21a92047c6590f02ff62fee2f2b328fbb3839e7e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:23:30 GMT
server: nginx
etag: "5fd5c172-240"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 576
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 reddit.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 647 B
693 B 238ms
215ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/reddit.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5f91fcdd36636414fcaf90595a72b03ff8ca971d81b7fdbce832d391792aef69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:23:30 GMT
server: nginx
etag: "5fd5c172-287"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 647
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 link.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 2 KB
2 KB 236ms
212ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/link.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a9e10ebb34cfcb07b2146d2988ec32893c4df73d2137d8c24531425e1857a0ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 15 Mar 2022 15:09:02 GMT
server: nginx
etag: "6230ac0e-69d"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 1693
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 owl.carousel.min.css
www.intezer.com/wp-content/themes/intezer-v2/css/ 3 KB
939 B 142ms
119ms Stylesheet
text/css 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/css/owl.carousel.min.css

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sun, 13 Dec 2020 07:21:34 GMT
server: nginx
etag: W/"5fd5c0fe-b78"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 owl.carousel.min.js Show response
www.intezer.com/wp-content/themes/intezer-v2/js/ 42 KB
11 KB 145ms
122ms Script
application/javascript 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/js/owl.carousel.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sun, 13 Dec 2020 07:21:10 GMT
server: nginx
etag: W/"5fd5c0e6-a70e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-8.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 23 KB
23 KB 191ms
166ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-8.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

464cbd4b481c3f25496ccca8a0227ab38881516e37e2f111f8570ddfe6a69977

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:52:54 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-8.png>; rel="canonical"
content-length: 23568
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-9.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 62 KB
63 KB 462ms
438ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-9.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

baaabaab03bb6647e78ff335112c5bba1af3a73872cd22e0379cdec3073109e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:33 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-9.png>; rel="canonical"
content-length: 63997
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-10.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 195 KB
195 KB 492ms
468ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-10.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

446640144b2426edbf845016f3ff4ff0ef97d89692ec4e4fe1f7eccbdac7cf13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:54:16 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-10.png>; rel="canonical"
content-length: 199326
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-11.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 17 KB
18 KB 178ms
155ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-11.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f31ae5176367d1e09855356e3a9c5b594a7a632e348eef2cfce758d41c6c571b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:54:54 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-11.png>; rel="canonical"
content-length: 17886
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-12.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 4 KB
4 KB 156ms
133ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-12.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ba4d2508109a8d3304e9e35d5332a1dce6519ef86d872265578755dbc8f33b6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:55:23 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-12.png>; rel="canonical"
content-length: 3956
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-13.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 21 KB
21 KB 254ms
233ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-13.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b27e36f434d14a15fcbb71fe2c330e65bd47a94f1abf2f6469693de58c9fa1a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:55:49 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-13.png>; rel="canonical"
content-length: 21831
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-14.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 42 KB
43 KB 437ms
417ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-14.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1ee33c51d3989c4903a4c82e3416c8d21fa0a5ad19956dc352704d0684142e5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:56:16 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-14.png>; rel="canonical"
content-length: 43479
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-15.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 194 KB
195 KB 458ms
438ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-15.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

82a64a1e16d45a21873b8329cca060029891adbd036d7da2241fa22e6481068e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:56:59 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-15.png>; rel="canonical"
content-length: 199070
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-16.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 540 KB
541 KB 286ms
266ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-16.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

742a9f36be4becc302afb2d53cfe0523f071eec3d31287d0ce393b94dc220d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:19 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-16.png>; rel="canonical"
content-length: 552791
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-17.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 31 KB
31 KB 171ms
152ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-17.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

be7f485984b0bfab6f843f1da3ff0af1d07dd3bcf97108d99a2c1d9c78edc1af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:22 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-17.png>; rel="canonical"
content-length: 31781
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-18.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 25 KB
25 KB 165ms
145ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-18.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7289df951c75c623b2fab940d7d2fe87c94cd76571cb66ccc86afb61e5ccbbce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:24 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-18.png>; rel="canonical"
content-length: 25425
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-19.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 114 KB
114 KB 457ms
438ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-19.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fabecf436bb67f054dff5c98d8227fe4c009dc2bb119c477d57eb8d87202d7e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:35 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-19.png>; rel="canonical"
content-length: 116522
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-20.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 72 KB
72 KB 285ms
266ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-20.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

be3c3c38148a1bc010ae9ccad67f9fe248128e652e6dd8c1e452901ca7e63925

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:37 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-20.png>; rel="canonical"
content-length: 73438
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-21.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 26 KB
27 KB 216ms
197ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-21.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

95390c710cf909e901b2cab8f72404407c41464623c1edf7fac07cee7f0836b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:40 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-21.png>; rel="canonical"
content-length: 27001
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 pasted-image-0-22.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/ 85 KB
85 KB 486ms
467ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/07/pasted-image-0-22.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b74ad966c274741f6c5cc0238a6989bb28e325e34e0d98f29d2cc4e7c562d93b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 13 Jul 2021 20:53:42 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/07/pasted-image-0-22.png>; rel="canonical"
content-length: 87206
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 analyze-malicious-pdf-files-253x139.png
149520725.v2.pressablecdn.com/wp-content/uploads/2022/04/ 4 KB
4 KB 50ms
31ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2022/04/analyze-malicious-pdf-files-253x139.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9a4dd8534fcf83f8869c10acf2ad5a6b186dfaf1c8f75bf388d07257e9af47db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Tue, 19 Apr 2022 14:39:59 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2022/04/analyze-malicious-pdf-files-253x139.png>; rel="canonical"
content-length: 3704
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 BlogCover_1024x475-1-253x139.png
149520725.v2.pressablecdn.com/wp-content/uploads/2022/04/ 6 KB
6 KB 50ms
31ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2022/04/BlogCover_1024x475-1-253x139.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

abe2cba1e866cbd778b323fe4ef0e4cc995d6206c6791ca99cd3dbac56fc4496

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Tue, 12 Apr 2022 13:12:45 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2022/04/BlogCover_1024x475-1-253x139.png>; rel="canonical"
content-length: 5728
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 BlogCover_1024x475-253x139.png
149520725.v2.pressablecdn.com/wp-content/uploads/2022/04/ 2 KB
2 KB 51ms
32ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2022/04/BlogCover_1024x475-253x139.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9b9bbc8e183eb1565356c03433ed6ab31258e3156c54e785c61c4c7b548e88c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Mon, 04 Apr 2022 12:52:40 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2022/04/BlogCover_1024x475-253x139.png>; rel="canonical"
content-length: 2050
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 intezer-logo-b.png
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/ 3 KB
4 KB 51ms
32ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/intezer-logo-b.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:22:31 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/images/intezer-logo-b.png>; rel="canonical"
content-length: 3525
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 custom-frontend-legacy.min.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 13 KB
960 B 37ms
18ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/custom-frontend-legacy.min.css?ver=3.6.4

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0c14887323363d6144ca0d23952ddb0b4c7a435cb3d53f6a94fa55441f472a2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:29 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/custom-frontend-legacy.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 custom-frontend-lite.min.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 105 KB
14 KB 37ms
19ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1650524789

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

04c8209dbc13302a8788e96b9dd020f4121a9b361c133c849785bd6984c36d08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:29 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/custom-frontend-lite.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-8921.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 1 KB
506 B 37ms
19ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/post-8921.css?ver=1650524790

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6222234071f97180cbf6fc84729ad3dd11013c900a489bcc8ae0757f47cccb73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:30 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/post-8921.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 custom-pro-frontend-lite.min.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 11 KB
2 KB 37ms
19ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css?ver=1650524790

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2d684b2fbed270be60563ee8ef40c1f0e4464106d08941368577a374c283d5b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:30 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 regenerator-runtime.min.js Show response
c0.wp.com/c/5.9.3/wp-includes/js/dist/vendor/ 6 KB
2 KB 33ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/js/dist/vendor/regenerator-runtime.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Mon, 15 Nov 2021 16:35:13 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/5.9.3/wp-includes/js/dist/vendor/ 19 KB
7 KB 33ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Mon, 15 Nov 2021 12:50:17 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 index.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/ 9 KB
3 KB 37ms
20ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 14:36:18 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/contact-form-7/includes/js/index.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dynamic-conditions-public.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/dynamicconditions/Public/js/ 2 KB
834 B 37ms
20ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js?ver=1.5.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 13 Apr 2022 14:01:44 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5492986.js Show response
js.hs-scripts.com/ 1 KB
647 B 198ms
135ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5492986.js?integration=WordPress&ver=8.10.25
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e62cb1c042fc1610709730700a8b8e33f84ec49cb74c2e09ddb3d591d18b009

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: eb65612c-f9fd-4120-9fec-bf74f390d829
last-modified: Tue, 26 Apr 2022 15:23:32 GMT
server: cloudflare
x-trace: 2B4A107BB96820E4DCCB4A69CFBCCE1107F1956370000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.intezer.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 70206f425af44bb8-YUL
expires: Tue, 26 Apr 2022 15:44:32 GMT

GET
H2 200 tether.min.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 24 KB
8 KB 37ms
20ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/tether.min.js?ver=69620a8ea322898ee44dac014d43fe0a

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 13 Dec 2020 07:21:07 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/tether.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.min.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 46 KB
12 KB 46ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/bootstrap.min.js?ver=69620a8ea322898ee44dac014d43fe0a

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 13 Dec 2020 07:21:11 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/bootstrap.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 13 KB
2 KB 46ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/main.js?ver=69620a8ea322898ee44dac014d43fe0a

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

df5a420aa6c33fa4b4da7e4aec2ec39813a08b13230a15719df0b8e11ce7682d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 27 Mar 2022 16:44:46 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/main.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hooks.min.js Show response
c0.wp.com/c/5.9.3/wp-includes/js/dist/ 6 KB
2 KB 32ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/js/dist/hooks.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Mon, 15 Nov 2021 12:50:17 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 jquery.ajaxsearchlite.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/js/min/ 73 KB
20 KB 45ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js?ver=4.9.5

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0a1af4d6495079c1a02bbd0f55a3d04fcf7835f66495f4ff7824531e1e715ad4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Sun, 14 Nov 2021 10:09:58 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scripts.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/js/ 134 KB
32 KB 45ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js?ver=2.1.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4c76b62b0d76de307b0f6a4828fca9aaf21e73856a358b30e4927d121dd35e55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:15 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
1000 B 104ms
40ms Script
text/javascript 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&ver=3.0

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9ee43670c7089bc802b4d63d724e3f450cc0f5e38041e40064b62fdf70583868

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 587
x-xss-protection: 1; mode=block
expires: Tue, 26 Apr 2022 15:43:32 GMT

GET
H2 200 index.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/modules/recaptcha/ 999 B
593 B 43ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2648a1333fa24d383fd73a6beaac17156ae78f4267ff7407ad60e05a788df44c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 14:36:18 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack-pro.runtime.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 43ms
31ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.6.4

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5b53e811e2f70aae99b19dde4e877b98382a294a0727b2c8ab788ba030e858c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 14:36:46 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack.runtime.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 43ms
31ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.4

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e8ec042d48daa8fe4031d44c608add6e3e9ee43bb1b2843910fd0f15ebf36722

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:25 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-modules.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/ 14 KB
5 KB 43ms
31ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.4

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

eb8087edc955367c5780f4105c7ee3e7b2780f89e6790ee3ac69f35bbf00d972

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:25 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 i18n.min.js Show response
c0.wp.com/c/5.9.3/wp-includes/js/dist/ 10 KB
4 KB 27ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/js/dist/i18n.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Mon, 15 Nov 2021 12:50:17 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 frontend.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/ 20 KB
6 KB 42ms
31ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.6.4

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

20edfbbe7c60d8e3562bdcda2dfca7ce7c2f7f55b67fe478904b9fc74a8d6c7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 14:36:46 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 waypoints.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 41ms
32ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 13 Apr 2022 14:01:28 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
c0.wp.com/c/5.9.3/wp-includes/js/jquery/ui/ 20 KB
6 KB 26ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.9.3/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9d7da1b980a95ff3d31d0bb8733cbabd1d210ec601d15a1aac2b67394a33191d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 03 Feb 2022 00:04:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:43:32 GMT

GET
H2 200 frontend.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/ 37 KB
11 KB 41ms
32ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.4

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

872dffe40aa155ed1f97d68d65c6847981e8f138154536a9b5b8856133dcc6af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:25 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/js/frontend.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elements-handlers.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
6 KB 41ms
32ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.6.4

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fd319d2e96afcb9c7499d3301c77e3829c6099967341d70b7afbc00a60fcfb13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 14:36:46 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202217.js Show response
stats.wp.com/ 9 KB
3 KB 71ms
18ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202217.js
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
server: nginx
etag: W/"61beb1e6-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 17 Apr 2023 04:03:13 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 97ms
38ms Script
text/javascript 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

6674896ccb1aea47c71591bef2bc25bfac1bee813a084ebc16b821167c7e4b8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17225
x-xss-protection: 0
server: cafe
etag: 4638559076780058889
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 26 Apr 2022 15:43:32 GMT

GET
H2 200 5492986.js Show response
js.hs-scripts.com/ 1 KB
905 B 85ms
31ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5492986.js
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0765ee6a2be931cd13102559862446081895d7a174cf6a88ed71114422c46256

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 56
cf-polished: origSize=1422
x-hubspot-correlation-id: aefa64c0-b1cb-4725-a792-6b7978f5e77b
last-modified: Tue, 26 Apr 2022 15:23:32 GMT
server: cloudflare
x-trace: 2BCD058FB77A29DCEA9AECF2E8F0261FF819C7C42E000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://analyze.intezer.com
expires: Tue, 26 Apr 2022 15:44:32 GMT
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 70206f425af84bb8-YUL
cf-bgj: minify

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 119 KB
42 KB 90ms
40ms Script
application/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=OPT-PMZPF7T

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

79a121cf7c39840853f0332f84e596678a1511dd77678c9ead4229217670ab90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42424
x-xss-protection: 0
expires: Tue, 26 Apr 2022 15:43:32 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 69ms
65ms Script
text/javascript 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

4902dcbc3d3c97271a66bc136ec40b0c72422ccd05bb9946aa76382e50c5d6fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14897
x-xss-protection: 0
server: cafe
etag: 9926226332162747720
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 26 Apr 2022 15:43:32 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 28 KB
10 KB 91ms
24ms Script
application/javascript 146.75.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.36.157 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 70d4c4423dab9cf00b6e9bcf57518eeafff00e9d2499f4463498b03bef2bdc33

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: gzip
last-modified: Thu, 21 Apr 2022 18:21:30 GMT
etag: "c47a9d4becaab89e22af7ba863c58452+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 9501
x-served-by: cache-iad-kcgs7200022-IAD

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 159ms
52ms Script
application/x-javascript 2600:141b:5000::b81d:8f8a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:5000::b81d:8f8a New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:43:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=8726
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H2 200 hotjar-2053093.js Show response
static.hotjar.com/c/ 5 KB
2 KB 74ms
31ms Script
application/javascript 99.84.42.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2053093.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.42.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-42-65.ewr52.r.cloudfront.net

Software

Resource Hash

dec4a595c5e6212d8cc374f424550488cd995eaaf5135d9b254e72fef8d701ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:42:42 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 50
etag: W/7c673e77405497d9f24999772dfdafa0
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: EWR52-C4
x-amz-cf-id: 0iXEvsqNfqvUo8W_41bp26aZ0KgmkUeom7xYUZa-Zto7wuBUD5CyYQ==
via: 1.1 502d715ad2f775c7dae1f1c4bfbfc168.cloudfront.net (CloudFront)

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 62ms
21ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 3370
date: Tue, 26 Apr 2022 14:47:22 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 26 Apr 2022 16:47:22 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 24 KB
7 KB 42ms
10ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: ea011956164ed15022fb5732fd6d810bf75bb104babed05a29beb5c50302b926

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 18 Apr 2022 22:30:59 GMT
server: snooserv
etag: "5dcf2f59e7a6e0d30193fedad78db790"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 7461

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 58ms
18ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: NnmgiNes1A+hRu/mOhLvXkyKSLBxVdZPRzR07Xuy6bqSVFIbjbvw62OnSlTUWcIjxbTBf9SBTlTpDxbem6Ro7A==
x-fb-trip-id: 1512268381
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 26 Apr 2022 15:43:32 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 addtoany.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/ 129 B
315 B 17ms
16ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Mon, 31 Jan 2022 10:46:21 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/plugins/add-to-any/addtoany.min.js>; rel="canonical"
content-length: 129
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 57ms
32ms Image
image/gif 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1650987812326&id=t2_hhlhye2a&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=ac3c22c1-f268-4666-a89d-e6c8831aed9c&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_90e98f9f
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v28/ 16 KB
17 KB 69ms
18ms Font
font/woff2 2607:f8b0:4006:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.intezer.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:47:00 GMT
x-content-type-options: nosniff
age: 579392
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16692
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:06:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Apr 2023 22:47:00 GMT

GET
H2 200 fontawesome-webfont.woff2
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 75 KB
76 KB 49ms
16ms Font
application/font-woff2 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/font-awesome.min.css?ver=69620a8ea322898ee44dac014d43fe0a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/font-awesome.min.css?ver=69620a8ea322898ee44dac014d43fe0a
Origin: https://www.intezer.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:21:24 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/fontawesome-webfont.woff2>; rel="canonical"
content-length: 77160
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H/1.1 200
OK 2
csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/ 2 KB
2 KB 482ms
263ms Other
text/html 20.101.172.120
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 20.101.172.120 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.15.12 /
Resource Hash: 2c306d4d7a24679306492a1b2cefed18c768d8184d65a8316b9d172e49342c1b

Request headers

Referer: https://www.intezer.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/csp-report

Response headers

Date: Tue, 26 Apr 2022 15:43:32 GMT
Server: nginx/1.15.12
Connection: keep-alive
Content-Length: 1589
Content-Type: text/html; charset=utf-8

GET
H2 200 star.png
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/ 899 B
1 KB 19ms
19ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/star.png

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9bea4073ca8eb9ea977081e0eaa614b3be5d03b818469694825e7849bbe1cc28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Thu, 25 Feb 2021 11:18:03 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/images/star.png>; rel="canonical"
content-length: 899
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 museo-500-webfont.woff
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 55 KB
55 KB 30ms
30ms Font
application/font-woff 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/museo-500-webfont.woff

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c6c82452d4595c717df8f740c6f9ff4e6ae5bc1bb9f716584b27f457f18a1d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811
Origin: https://www.intezer.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:21:23 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-500-webfont.woff>; rel="canonical"
content-length: 56060
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 modules.0076bf93c385ddf0ff58.js Show response
script.hotjar.com/ 239 KB
63 KB 59ms
20ms Script
application/javascript 54.230.102.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2053093.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.230.102.38 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-230-102-38.ewr53.r.cloudfront.net

Software

Resource Hash

e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 10:49:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1140866
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 63817
access-control-allow-origin: *
last-modified: Wed, 13 Apr 2022 10:48:29 GMT
etag: "838915b4bc2438e3190a8320d0520962"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 ffb3cace5d647f21fdf8c68c16a8f2fa.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: EWR53-C3
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: UW6FyTTwNzieoaekfikujw68NopV7Npe7_r-CRieYTNdksSyxeMTCA==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/ 3 KB
1 KB 85ms
38ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/?random=1650987812438&cv=9&fst=1650987812438&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4p0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18d7c67b2bd45ab16b178e4cd1e936dba607229f0006543c41d0276e7afb74ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1122
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/ 2 KB
2 KB 83ms
38ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/?random=1650987812442&cv=9&fst=1650987812442&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8322f02ba922477d01af2398b88586cbef61d6a0a0dee777c5eb352dd874aa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1101
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 museo-700-webfont.woff
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 52 KB
52 KB 16ms
16ms Font
application/font-woff 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/museo-700-webfont.woff

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6bebe6bf7abf43624ab1ed62cabc6a1e1d9d5f1cea38042e516439b5391c1621

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811
Origin: https://www.intezer.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 1.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:21:20 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-700-webfont.woff>; rel="canonical"
content-length: 53376
expires: Tue, 03 May 2022 15:43:32 GMT

GET
H2 200 museo-300-webfont.woff
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 54 KB
54 KB 17ms
16ms Font
application/font-woff 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/museo-300-webfont.woff

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c38df4a2300e1acd22e8547908f1c0815e4232522aed59fd2d45942480b56f4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1650987811
Origin: https://www.intezer.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
x-ac: 2.yyz _atomic_dca
last-modified: Sun, 13 Dec 2020 07:21:22 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-300-webfont.woff>; rel="canonical"
content-length: 55444
expires: Tue, 03 May 2022 15:43:32 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 83ms
33ms XHR
text/plain 2607:f8b0:4004:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-97741055-8&cid=679025965.1650987812&jid=1513126102&gjid=75579499&_gid=1456353395.1650987812&_u=aGBAgEABQAAAAE~&z=1846439521

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 26 Apr 2022 15:43:32 GMT
content-type: text/plain
access-control-allow-origin: https://www.intezer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 57ms
18ms Image
image/gif 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1798007850&t=pageview&_s=1&dl=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&ul=en-us&de=UTF-8&dt=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&exp=KQoZdq3vSTyQ-uJcAX-9sQ.1&_u=aGBAgEABQ~&jid=1513126102&gjid=75579499&cid=679025965.1650987812&tid=UA-97741055-8&_gid=1456353395.1650987812&gtm=2wg4p0KC95766&z=1259155152

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 10:58:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17094
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 128260767783916 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 110ms
90ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/128260767783916?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a58424245091ff944f5eea1e136ca279a168b89dad0f78f00f3f3fe70e3be085

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: IUOR5ABUctP33TJ4r6MJK0HVSUODmsAtz3v/RlYGPwkwM3liwu//QkD/gDJ67aFTedHgEtykjHM6wgLPxUAMXw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 26 Apr 2022 15:43:32 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1650987812625
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
199 B 135ms
50ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.2&p_id=Twitter&p_user_id=0&txn_id=nzi1c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=81d60182-3f4d-4cd8-afdf-4a8117797b01&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-response-time: 7
date: Tue, 26 Apr 2022 15:43:32 GMT
server: tsa_b
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 508ffdb1abbe1657046449da9e8d9e77dc8419f046bc660f6d3c5b3c26096056
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
336 B 136ms
50ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.3.2&p_id=Twitter&p_user_id=0&txn_id=nzi1c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=81d60182-3f4d-4cd8-afdf-4a8117797b01&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-response-time: 6
date: Tue, 26 Apr 2022 15:43:32 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 91da0b6b0105934ac939d3c1582f12c00dbd1ee53bc15930f6700feacd6205f7
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
355 B 133ms
48ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.2&p_id=Twitter&p_user_id=0&txn_id=nzh93&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=9af0f008-0a4a-4a44-9f0c-e28180ce11b2&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-response-time: 6
date: Tue, 26 Apr 2022 15:43:32 GMT
server: tsa_b
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 508ffdb1abbe1657046449da9e8d9e77dc8419f046bc660f6d3c5b3c26096056
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
184 B 137ms
51ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.3.2&p_id=Twitter&p_user_id=0&txn_id=nzh93&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=9af0f008-0a4a-4a44-9f0c-e28180ce11b2&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-response-time: 6
date: Tue, 26 Apr 2022 15:43:32 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 91da0b6b0105934ac939d3c1582f12c00dbd1ee53bc15930f6700feacd6205f7
content-length: 43

GET
H2 200 post-16929.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 6 KB
1 KB 17ms
17ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/post-16929.css?ver=1650524789

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

973daf25415f50d1226c86f3eef025e194182eb4147addc05c5777b6162139e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:29 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 2.yyz _atomic_dca
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/post-16929.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-exp...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-exp...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1327356%26time%3D1650987812683%26url%3Dhttps%253A%252F%252Fwww.intezer.com%252Fbl...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-exp...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1650987812683&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-ex...
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=e5a8b9e9-3d78-41c9-b0ec-6c13249105f1
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=e5a8b9e9-3d78-41c9-b0ec-6c13249105f1&_expected_cookie=6b1405f5824bf6984844f28f...

43 B
142 B

49ms
48ms

Image
image/gif

104.18.100.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=e5a8b9e9-3d78-41c9-b0ec-6c13249105f1&_expected_cookie=6b1405f5824bf6984844f28fde6fe640
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: H2
Server: 104.18.100.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 70206f4a2d6e5497-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=e5a8b9e9-3d78-41c9-b0ec-6c13249105f1&_expected_cookie=6b1405f5824bf6984844f28fde6fe640
date: Tue, 26 Apr 2022 15:43:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 70206f49cd0d5497-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
18ms Image
image/gif 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1798007850&t=data&qt=306&_s=2&dl=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&ul=en-us&de=UTF-8&dt=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&exp=uInQNsVrReuGAQSKVBqgXg.0&_u=aHBAgEABQAAAAE~&jid=&gjid=&cid=679025965.1650987812&tid=UA-97741055-8&_gid=1456353395.1650987812&gtm=2wg4p0KC95766&z=1725896740

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 10:58:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17094
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 86ms
40ms Image
image/gif 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-97741055-8&cid=679025965.1650987812&jid=1513126102&_u=aGBAgEABQAAAAE~&z=725776003

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
501 B 87ms
38ms Image
image/gif 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-97741055-8&cid=679025965.1650987812&jid=1513126102&_u=aGBAgEABQAAAAE~&z=725776003

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 80 KB
22 KB 65ms
28ms Script
application/javascript 2606:4700::6811:edcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5492986.js?integration=WordPress&ver=8.10.25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:edcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b3a1764e990a57a6429e799393fc06d84415b0715a2f34597168a2e12c329c8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
via: 1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 199
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.9984/bundles/project.js&cfRay=701a4802bd404bc5-YYZ
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Mon, 25 Apr 2022 09:37:59 UTC
server: cloudflare
etag: W/"22060c208bed1f1d18fbd5ef88142aca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: VAMx_lqR82Jj9w8D7H.8ZMTVh12ufi_y
cache-control: max-age=600
x-hs-cache-status: EXPIRED
x-amz-cf-pop: IAD89-P1
cf-ray: 70206f45ac3f7151-YUL
x-amz-cf-id: 480-UuUgwTzkjq03sY5s_4ntKPI2tahwn7oZJLMgB-fuQLrmFUEO_A==
x-hs-target-asset: conversations-embed/static-1.9984/bundles/project.js

GET
H2 200 5492986.js Show response
js.hs-analytics.net/analytics/1650987600000/ 62 KB
20 KB 65ms
36ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1650987600000/5492986.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5492986.js?integration=WordPress&ver=8.10.25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66cef53868258788da0dce6275872f799c8ad7182766c9c5e6283c49ec82e117

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: V61R2Q9NR1YJXKHK
x-amz-server-side-encryption: AES256
cf-ray: 70206f4599e0ece6-YUL
x-amz-id-2: QVgNLuJtMVWxVzUIBDrEchaNWCpjCfymdKJd8FbnRC5A77jfGfGNQHWL3BCslILYOVED8adM4wo=
last-modified: Thu, 14 Apr 2022 15:26:37 GMT
server: cloudflare
etag: W/"740144cfde4ba0fbdbb4a12c9eacf50d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Tue, 26 Apr 2022 15:47:02 GMT

GET
H2 200 5492986.js Show response
js.hs-banner.com/ 62 KB
16 KB 63ms
34ms Script
text/javascript 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5492986.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5492986.js?integration=WordPress&ver=8.10.25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50ca4e04cee0a74bace6695ea4fef1a284da203e027b605ba3956e9b1db4d2c3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: RBV8HX09GA3VJ57A
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: 1EvyaNlw12zmHDlH4x1LL8gQpbfh1/1nRoM3G4QXt3i7H0tTOI0aMbzptibmTphx3N/5fFY0lns=
timing-allow-origin: *
last-modified: Thu, 17 Feb 2022 21:24:08 GMT
server: cloudflare
etag: W/"a3dab094488f024a59772a9c42cee893"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: rz5kXAgpjZHBU0KB598BlXZfbiuwWbfj
access-control-allow-origin: https://www.intezer.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 70206f459e24713e-YUL
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Tue, 26 Apr 2022 15:47:02 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/ 361 KB
143 KB 68ms
20ms Script
text/javascript 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31a5016412f7921a8b08225560d181af8f4a8dc8c762c2709782a1af56b3e984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
Origin: https://www.intezer.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 05:39:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36261
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145969
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 04:06:57 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Apr 2023 05:39:11 GMT

GET
H/1.1 200
OK track.js Show response
secure.gaug.es/ 4 KB
4 KB 116ms
24ms Script
application/javascript 34.237.177.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gaug.es/track.js
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.237.177.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-177-253.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:43:32 GMT
Last-Modified: Wed, 15 Dec 2021 05:45:49 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "61b9810d-ef5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3829

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/842858921/ 2 KB
1 KB 83ms
42ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842858921/?random=1650987812832&cv=9&fst=1650987812832&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

391f90d20170a52f2ecc3539e2db0deb8645a728750a72c7bae987d43a8a0968

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 16ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.9-a.7&blog=186808338&post=20133&tz=-4&srv=www.intezer.com&hp=atomic&ac=3&amp=0&host=www.intezer.com&ref=&fcp=2183&rand=0.7170082382309371
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 26 Apr 2022 15:43:32 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 /
www.google.com/pagead/1p-user-list/725468766/ 42 B
64 B 40ms
40ms Image
image/gif 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/725468766/?random=1650987812442&cv=9&fst=1650985200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg4p0&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&async=1&fmt=3&is_vtc=1&random=1335998093&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/725468766/ 42 B
64 B 82ms
40ms Image
image/gif 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/725468766/?random=1650987812442&cv=9&fst=1650985200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg4p0&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&async=1&fmt=3&is_vtc=1&random=1335998093&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/725468766/ 42 B
64 B 40ms
40ms Image
image/gif 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/725468766/?random=1650987812438&cv=9&fst=1650985200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4p0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&async=1&fmt=3&is_vtc=1&random=4164357704&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/725468766/ 42 B
64 B 78ms
36ms Image
image/gif 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/725468766/?random=1650987812438&cv=9&fst=1650985200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4p0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&async=1&fmt=3&is_vtc=1&random=4164357704&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 44ms
30ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:32 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14459383
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 70206f470857ecfa-YUL
cf-bgj: minify

GET
H2 200 text-editor.289ae80d76f0c5abea44.bundle.min.js Show response
www.intezer.com/wp-content/plugins/elementor/assets/js/ 1 KB
767 B 125ms
125ms Script
application/javascript 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5c9a3c46d13cda847a391df63f9682ab531be301e12b6b64d191797c8c6fb054

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 21 Apr 2022 07:06:25 GMT
server: nginx
etag: W/"62610271-54b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Tue, 26 Apr 2022 15:43:33 GMT
x-ac: 1.yyz _atomic_dca
expires: Tue, 03 May 2022 15:43:33 GMT

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 130ms
91ms Preflight
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=5492986&conversations-embed=static-1.9984&mobile=false&messagesUtk=2d5d21f74d5943c29aa4a95fc9bd0100&traceId=2d5d21f74d5943c29aa4a95fc9bd0100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://www.intezer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.intezer.com
allow: HEAD,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 70206f47ad9e713f-YUL
content-length: 18
content-type: text/plain; charset=utf-8
date: Tue, 26 Apr 2022 15:43:33 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNr8e3k%2Fqb%2FBdrb6N5fAE6iBNAPTVGunzr%2BJ48LUNkZLDAXsYrob6QdmN0BfsHr%2BQDikSiUT7xIsbrUqIkJv1LyYbdIKwfuTm4XS4ncLXT2Bq3TqILh0PvMwXURNotYGMvDFsp8ip1zFFWgZEg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-hubspot-correlation-id: 39687b7b-b5d9-4546-993b-73ac49334c30
x-trace: 2B9C9F7AE2509D49C27AB4A081584E8EFA673EAC36000000000000000000

GET
H3 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 353 B
1 KB 91ms
77ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9350faa5165ac4b8e790c410cbbf085a8c328693a50786cddd778bf9afe1e2a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Referer: https://www.intezer.com/
accept-language: en-CA,en;q=0.9
X-HubSpot-Messages-Uri: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Response headers

date: Tue, 26 Apr 2022 15:43:33 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 36002184-2c57-4acf-9cdf-119d87c0bef8
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 269
server: cloudflare
x-trace: 2BFD071F0D280D3EE73F5012AC2310D00DE2B88528000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZ%2B2ecFX%2FQ17K9PRqTKNAwkAyTOTuHcI7DNQ3qdJWbCFY8PrC4WLHa0oiWraWo%2F56Vr8PKX%2BNM2NG8HHjZ2rQOYoG6b2i5XKPs%2FwvA3H9iQznt1TP4AUruD19yTNbQ8IH1gnQeuZYHnABW4nFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.intezer.com
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 70206f484a8d713c-YUL
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 box-4924254a9ce4dc9b959b6e4a9b662d60.html Show response
vars.hotjar.com/ Frame 962B 2 KB
1 KB 58ms
17ms Document
text/html 143.204.146.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2053093.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.146.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-146-114.ewr52.r.cloudfront.net
Software: /
Resource Hash: 67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer: https://www.intezer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1140867
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 13 Apr 2022 10:49:06 GMT
etag: "1635635016e428baa170305e9282c34a"
last-modified: Wed, 13 Apr 2022 10:48:29 GMT
vary: Accept-Encoding
via: 1.1 72e01c53ea1f597217a963cf6671454c.cloudfront.net (CloudFront)
x-amz-cf-id: cHBuANK4h0zgnV-ZidwraA8yiEPKxafqCAQXiwMR7Z89utkHq52Qsg==
x-amz-cf-pop: EWR52-C2
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H3 200 /
www.google.com/pagead/1p-user-list/842858921/ 42 B
64 B 40ms
40ms Image
image/gif 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/842858921/?random=1650987812832&cv=9&fst=1650985200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&fmt=3&is_vtc=1&random=91093059&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/842858921/ 42 B
64 B 39ms
39ms Image
image/gif 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/842858921/?random=1650987812832&cv=9&fst=1650985200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&tiba=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&fmt=3&is_vtc=1&random=91093059&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:43:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK track.gif
secure.gaug.es/ 35 B
389 B 32ms
32ms Image
image/gif 34.237.177.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.gaug.es/track.gif?h[site_id]=5fd5ade352684d3c97554910&h[resource]=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&h[referrer]=&h[title]=Targeted%20Phishing%20Attack%20against%20Ukraine%20Government%20Expands%20to%20Georgia&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.127%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1600&h[browserx]=1600&h[browsery]=1200&timestamp=1650987813052

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.237.177.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-237-177-253.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 26 Apr 2022 15:43:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 26 Apr 2022 15:43:33 GMT
Server: nginx/1.10.3 (Ubuntu)
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, private
Connection: keep-alive
Content-Length: 35
Expires: Sat, 25 Nov 2000 05:00:00 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame F8C3 41 KB
21 KB 51ms
51ms Document
text/html 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=QENb_qRrX0-mQMyENQjD6Fuj&size=invisible&cb=bdgm9rp6iwc8

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fdfd826c7057d16a934a73145ee53da3453b6e0b3404efb5b3718011b23dd61c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Vv8oFugmJWORWftF3az/WA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.intezer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 21606
content-security-policy: script-src 'report-sample' 'nonce-Vv8oFugmJWORWftF3az/WA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 26 Apr 2022 15:43:33 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2053093/ 148 B
322 B 301ms
101ms XHR
application/json 54.155.9.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2053093/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.9.137 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-9-137.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 17d660e4afd11fc5cea781a3b1ea5653d6f784dd4337c4425deff5640fcffdea

Request headers

Referer: https://www.intezer.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Tue, 26 Apr 2022 15:43:33 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/ Frame F8C3 51 KB
24 KB 61ms
19ms Stylesheet
text/css 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=QENb_qRrX0-mQMyENQjD6Fuj&size=invisible&cb=bdgm9rp6iwc8

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 05:38:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 04:06:57 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Apr 2023 05:38:06 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/ Frame F8C3 361 KB
143 KB 70ms
28ms Script
text/javascript 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31a5016412f7921a8b08225560d181af8f4a8dc8c762c2709782a1af56b3e984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 05:39:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36262
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145969
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 04:06:57 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Apr 2023 05:39:11 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame F8C3 2 KB
2 KB 20ms
19ms Image
image/png 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 17:24:45 GMT
x-content-type-options: nosniff
age: 425928
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Thu, 28 Apr 2022 17:24:45 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F8C3 15 KB
15 KB 61ms
20ms Font
font/woff2 2607:f8b0:4006:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 15:59:51 GMT
x-content-type-options: nosniff
age: 603822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 19 Apr 2023 15:59:51 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F8C3 15 KB
15 KB 64ms
24ms Font
font/woff2 2607:f8b0:4006:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 07:04:51 GMT
x-content-type-options: nosniff
age: 31122
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 07:04:51 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame F8C3 102 B
134 B 39ms
39ms Other
text/javascript 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=QENb_qRrX0-mQMyENQjD6Fuj

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ab7a109d14237f73ec66836579662feb032f6b77457d8013eed6af880d722100

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=QENb_qRrX0-mQMyENQjD6Fuj&size=invisible&cb=bdgm9rp6iwc8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 26 Apr 2022 15:43:33 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame F8C3 31 KB
18 KB 68ms
68ms XHR
application/json 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d77999f2bab62ee4d895db1c7ced839192ef3cb5b3eb449f0b889209da8adcb9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=QENb_qRrX0-mQMyENQjD6Fuj&size=invisible&cb=bdgm9rp6iwc8
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Tue, 26 Apr 2022 15:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18141
x-xss-protection: 1; mode=block
expires: Tue, 26 Apr 2022 15:43:33 GMT

GET
H2 200 refill Show response
www.intezer.com/wp-json/contact-form-7/v1/contact-forms/468/ 2 B
1 KB 138ms
137ms Fetch
application/json 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-json/contact-form-7/v1/contact-forms/468/refill

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: .google.com .googleapis.com .intezer.com .youtube.com googletagmanager.com .opendns.com .hsappstatic.net .hsforms.net .js-hsforms.net twitter.com .cloudflare.com .comeet.co .twitter.com .gaug.es .wp.com .hsleadflows.net .gstatic.com .usemessages.com .hs-banner.com .licdn.com .hs-analytics.net .ads-twitter.com .hs-scripts.com .googleadservices.com .hotjar.com .googletagmanager.com .doubleclick.net .addtoany.com .facebook.net .google-analytics.com .pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' .hsappstatic.net .usemessages.com .recaptcha.net .intezer.com .hubspot.com .pressablecdn.com .hotjar.com .hsforms.com .googletagmanager.com .wp.com .google.com .twitter.com .comeet.com .comeet.co .doubleclick.net .youtube.com; child-src 'self' .intezer.com; base-uri 'self' .intezer.com; form-action 'self' https://.hsforms.com/ https://.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, */*;q=0.1
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nananana: Batcache-Hit
strict-transport-security: max-age=31536000
content-encoding: br
x-content-type-options: nosniff
host-header: Pressable
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
last-modified: Tue, 26 Apr 2022 15:38:55 GMT
server: nginx
date: Tue, 26 Apr 2022 15:43:33 GMT
vary: Accept-Encoding, Cookie, Origin
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=22, must-revalidate
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net *.hsforms.net *.js-hsforms.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.hsforms.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.hsforms.com/ https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
x-ac: 1.yyz _atomic_dca
x-robots-tag: noindex
link: <https://www.intezer.com/wp-json/>; rel="https://api.w.org/"

GET
H2 200 refill Show response
www.intezer.com/wp-json/contact-form-7/v1/contact-forms/15120/ 2 B
981 B 136ms
136ms Fetch
application/json 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-json/contact-form-7/v1/contact-forms/15120/refill

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: .google.com .googleapis.com .intezer.com .youtube.com googletagmanager.com .opendns.com .hsappstatic.net .hsforms.net .js-hsforms.net twitter.com .cloudflare.com .comeet.co .twitter.com .gaug.es .wp.com .hsleadflows.net .gstatic.com .usemessages.com .hs-banner.com .licdn.com .hs-analytics.net .ads-twitter.com .hs-scripts.com .googleadservices.com .hotjar.com .googletagmanager.com .doubleclick.net .addtoany.com .facebook.net .google-analytics.com .pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' .hsappstatic.net .usemessages.com .recaptcha.net .intezer.com .hubspot.com .pressablecdn.com .hotjar.com .hsforms.com .googletagmanager.com .wp.com .google.com .twitter.com .comeet.com .comeet.co .doubleclick.net .youtube.com; child-src 'self' .intezer.com; base-uri 'self' .intezer.com; form-action 'self' https://.hsforms.com/ https://.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, */*;q=0.1
Referer: https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nananana: Batcache-Hit
strict-transport-security: max-age=31536000
content-encoding: br
x-content-type-options: nosniff
host-header: Pressable
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
last-modified: Tue, 26 Apr 2022 15:40:18 GMT
server: nginx
date: Tue, 26 Apr 2022 15:43:33 GMT
vary: Accept-Encoding, Cookie, Origin
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=105, must-revalidate
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net *.hsforms.net *.js-hsforms.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com https://www.redditstatic.com/ads/pixel.js; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.hsforms.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.hsforms.com/ https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://csp-prod.intezer.com/cspgate/445999af-dcf0-42b8-a4bc-655be2e8ffbf/2
x-ac: 1.yyz _atomic_dca
x-robots-tag: noindex
link: <https://www.intezer.com/wp-json/>; rel="https://api.w.org/"

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
960 B 99ms
66ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4179873168&v=1.1&a=5492986&rcu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&pu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fmalware-analysis%2Ftargeted-phishing-attack-against-ukrainian-government-expands-to-georgia%2F&t=Targeted+Phishing+Attack+against+Ukraine+Government+Expands+to+Georgia&cts=1650987813525&vi=0637e3682d697543930b2da6e8aac091&nc=true&u=193884914.0637e3682d697543930b2da6e8aac091.1650987813520.1650987813520.1650987813520.1&b=193884914.1.1650987813520&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:43:33 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 7ed98a3e-86af-44cf-a342-30580610464c
cf-ray: 70206f4acfc5ecee-YUL
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rrpg0a6pZgobSRJKQMaXq6Kl917cZeFsi6B3khegNM4OQdsPlXOtZ3EH%2B%2Fj6XfwMfH7Hp4BRsYGMut0mKrRTC73064JuI0PdNZNtv8%2BTl6GU4qJdLpoCRZaBH1gOJ6ETyB%2FoaCg8YipVlDBo0SPc"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

Verdicts & Comments Add Verdict or Comment

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 06:55:39	Name: _GRECAPTCHA Value: 09ACztih7urH0WkH9PnxzPFHPoIdM4bhoEKLcF2hLihfY4-TjypH92irU6Dymyv4MxXBAy3CR5AkdI0EM51BIB52Y
.intezer.com/	1970-01-20 04:46:03	Name: _gcl_au Value: 1.1.636348063.1650987812
.intezer.com/	1970-01-20 04:46:03	Name: _rdt_uuid Value: 1650987812325.ac3c22c1-f268-4666-a89d-e6c8831aed9c
.intezer.com/	1970-01-20 20:07:39	Name: _ga Value: GA1.2.679025965.1650987812
.intezer.com/	1970-01-20 02:37:54	Name: _gid Value: GA1.2.1456353395.1650987812
.intezer.com/	1970-01-20 02:36:27	Name: _dc_gtm_UA-97741055-8 Value: 1
.intezer.com/	1970-01-20 04:40:48	Name: _gaexp Value: GAX1.2.KQoZdq3vSTyQ-uJcAX-9sQ.19195.1!uInQNsVrReuGAQSKVBqgXg.19182.0
.twitter.com/	1970-01-20 20:07:39	Name: personalization_id Value: "v1_4K3rvCztmKcrM+MS/YyoEw=="
.t.co/	1970-01-20 20:07:39	Name: muc_ads Value: 899c1d79-2781-4138-851e-6540d587e37a
.linkedin.com/	1970-01-20 04:46:03	Name: li_sugr Value: e5a8b9e9-3d78-41c9-b0ec-6c13249105f1
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 20:08:21	Name: bcookie Value: "v=2&b7e723ea-bc60-4cb0-8b96-16eb1d33bb30"
.linkedin.com/	1970-01-20 02:37:54	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2770:u=1:x=1:i=1650987812:t=1651074212:v=2:sig=AQGPkE1ua1Wk4X20MOKRayAApoxUMKl5"
.doubleclick.net/	1970-01-20 20:07:39	Name: IDE Value: AHWqTUnxdzQSGuHAmo4TpLf9Rxyd-WcDN21QBDitaM96huFmYSp8oLdcOP4JOO8B
.linkedin.com/	1970-01-20 03:19:39	Name: UserMatchHistory Value: AQLlLrTDpvOYWAAAAYBmishGUAJKWJx1b4boXkesDiYSudHxOE2hJ-BzesWe8H2qn2ceckSamsOFzQ
.linkedin.com/	1970-01-20 03:19:39	Name: AnalyticsSyncHistory Value: AQL37A7f9qFzDAAAAYBmishGVcAmucD19cNyvcgFTlVqQ9xLcLVnEXXiIQHz1F2BIRn6Kcwt6i50xn9hGvEY1w
www.intezer.com/	1970-01-20 02:36:31	Name: _gauges_unique_hour Value: 1
www.intezer.com/	1970-01-20 02:37:54	Name: _gauges_unique_day Value: 1
www.intezer.com/	1970-01-20 03:21:06	Name: _gauges_unique_month Value: 1
www.intezer.com/	1970-01-20 11:22:03	Name: _gauges_unique_year Value: 1
www.intezer.com/	1970-01-20 11:22:03	Name: _gauges_unique Value: 1
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 20:08:21	Name: bscookie Value: "v=1&2022042615433323fd4a00-05c0-4804-8a7b-67faf2e53f9bAQFvxZDF7r-7E4ni-4OFthzbsrisyKo6"
.intezer.com/	1970-01-20 11:22:03	Name: _hjSessionUser_2053093 Value: eyJpZCI6ImE5ZWNkM2I0LTFlM2ItNWI3NS1hZmJkLTc4MjcyOTllNmExZiIsImNyZWF0ZWQiOjE2NTA5ODc4MTI4NjUsImV4aXN0aW5nIjpmYWxzZX0=
.intezer.com/	1970-01-20 02:36:29	Name: _hjFirstSeen Value: 1
www.intezer.com/	1970-01-20 02:36:27	Name: _hjIncludedInSessionSample Value: 0
.intezer.com/	1970-01-20 02:36:29	Name: _hjSession_2053093 Value: eyJpZCI6ImNkYzIxOWRhLWY3Y2ItNDZkOS1iZmIzLWNmODBjYTY1Mzc3YiIsImNyZWF0ZWQiOjE2NTA5ODc4MTMxNDQsImluU2FtcGxlIjpmYWxzZX0=
www.intezer.com/	1970-01-20 02:36:27	Name: _hjIncludedInPageviewSample Value: 1
.intezer.com/	1970-01-20 02:36:29	Name: _hjAbsoluteSessionInProgress Value: 0
.adsymptotic.com/	1970-01-20 04:46:03	Name: U Value: 6b1405f5824bf6984844f28fde6fe640
.intezer.com/	1970-01-20 06:55:39	Name: __hstc Value: 193884914.0637e3682d697543930b2da6e8aac091.1650987813520.1650987813520.1650987813520.1
.intezer.com/	1970-01-20 06:55:39	Name: hubspotutk Value: 0637e3682d697543930b2da6e8aac091
.intezer.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.intezer.com/	1970-01-20 02:36:29	Name: __hssc Value: 193884914.1.1650987813520
.hubspot.com/	1970-01-20 02:36:29	Name: __cf_bm Value: 9y.wAdrK.X_ttgaW6ZnZ71oCaDZUaweHYp0I.9okdhU-1650987813-0-AVfZF3IDvvJ7RJKOuWwC9epV2hwMB0WOHmphC/ibcmyygyo2xCFmDi43jZ2jLH94a6E2Vlr6KuzBbE1BmsbUIYs=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://static.addtoany.com/ Message: Refused to frame 'https://static.addtoany.com/' because it violates the following Content Security Policy directive: "frame-src 'self' .hsappstatic.net .usemessages.com .recaptcha.net .intezer.com .hubspot.com .pressablecdn.com .hotjar.com .hsforms.com .googletagmanager.com .wp.com .google.com .twitter.com .comeet.com .comeet.co .doubleclick.net .youtube.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

149520725.v2.pressablecdn.com
alb.reddit.com
analytics.twitter.com
api.hubspot.com
c0.wp.com
connect.facebook.net
csp-prod.intezer.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.usemessages.com
p.adsymptotic.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
secure.gaug.es
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
stats.wp.com
t.co
track.hubspot.com
vars.hotjar.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.intezer.com
www.linkedin.com
www.redditstatic.com
104.18.100.194
104.244.42.197
104.244.42.67
13.107.42.14
142.250.80.2
143.204.146.114
146.75.36.157
192.0.76.3
192.0.77.37
192.0.77.39
199.16.172.82
20.101.172.120
2600:141b:5000::b81d:8f8a
2606:4700:10::6816:46c5
2606:4700:4400::ac40:9a55
2606:4700::6811:45b0
2606:4700::6811:d4cc
2606:4700::6811:edcc
2606:4700::6813:9a53
2607:f8b0:4004:c06::9b
2607:f8b0:4006:808::200a
2607:f8b0:4006:80a::2003
2607:f8b0:4006:80d::2004
2607:f8b0:4006:80d::200e
2607:f8b0:4006:816::2008
2607:f8b0:4006:821::2002
2607:f8b0:4006:823::2003
2607:f8b0:4006:824::2003
2620:1ec:21::14
2a03:2880:f012:8:face:b00c:0:1
2a04:4e42:600::396
34.237.177.253
54.155.9.137
54.230.102.38
99.84.42.65
016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d
04c8209dbc13302a8788e96b9dd020f4121a9b361c133c849785bd6984c36d08
0765ee6a2be931cd13102559862446081895d7a174cf6a88ed71114422c46256
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0a1af4d6495079c1a02bbd0f55a3d04fcf7835f66495f4ff7824531e1e715ad4
0c14887323363d6144ca0d23952ddb0b4c7a435cb3d53f6a94fa55441f472a2b
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
161dab58676b279f43addcbc3f800ac11276f20f15866ba7f7b5c60bc01b065b
17d660e4afd11fc5cea781a3b1ea5653d6f784dd4337c4425deff5640fcffdea
18d7c67b2bd45ab16b178e4cd1e936dba607229f0006543c41d0276e7afb74ff
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1de5176439c1a5ceb7cc46576b45cfaaf5fb756d732bb0f7a13cea7b64f6b72d
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ee33c51d3989c4903a4c82e3416c8d21fa0a5ad19956dc352704d0684142e5b
20edfbbe7c60d8e3562bdcda2dfca7ce7c2f7f55b67fe478904b9fc74a8d6c7d
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
2648a1333fa24d383fd73a6beaac17156ae78f4267ff7407ad60e05a788df44c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c306d4d7a24679306492a1b2cefed18c768d8184d65a8316b9d172e49342c1b
2d684b2fbed270be60563ee8ef40c1f0e4464106d08941368577a374c283d5b8
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2f43834f6edfa66b7a0fdc9d6e2178047a399d6e5e5caec34af8212a65973a9a
31a5016412f7921a8b08225560d181af8f4a8dc8c762c2709782a1af56b3e984
391f90d20170a52f2ecc3539e2db0deb8645a728750a72c7bae987d43a8a0968
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
446640144b2426edbf845016f3ff4ff0ef97d89692ec4e4fe1f7eccbdac7cf13
464cbd4b481c3f25496ccca8a0227ab38881516e37e2f111f8570ddfe6a69977
4902dcbc3d3c97271a66bc136ec40b0c72422ccd05bb9946aa76382e50c5d6fc
4b3a1764e990a57a6429e799393fc06d84415b0715a2f34597168a2e12c329c8
4c76b62b0d76de307b0f6a4828fca9aaf21e73856a358b30e4927d121dd35e55
4e62cb1c042fc1610709730700a8b8e33f84ec49cb74c2e09ddb3d591d18b009
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50ca4e04cee0a74bace6695ea4fef1a284da203e027b605ba3956e9b1db4d2c3
534708b43bc02cb8910f2c21a92047c6590f02ff62fee2f2b328fbb3839e7e6b
570a4964629f982285ef5282d47767738b4ef2f75cb8bad8ccfc206683ee1d0d
5844dcc521e41b16204856d4b39a3383ef5afcc4260594e068aaea3db7b2f9be
5a35d508211c6bd5dac6d018cea76b31f54c2f0ea1d566959bee4e73c619812a
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b53e811e2f70aae99b19dde4e877b98382a294a0727b2c8ab788ba030e858c9
5c9a3c46d13cda847a391df63f9682ab531be301e12b6b64d191797c8c6fb054
5f91fcdd36636414fcaf90595a72b03ff8ca971d81b7fdbce832d391792aef69
6222234071f97180cbf6fc84729ad3dd11013c900a489bcc8ae0757f47cccb73
6418a65fb714617d8ed7bceb01ce406b71c28492303729da73176b3714822b18
65a52f6e516f0c632596218b193336646905690934acda722c840c621d7e56d4
6674896ccb1aea47c71591bef2bc25bfac1bee813a084ebc16b821167c7e4b8c
66cef53868258788da0dce6275872f799c8ad7182766c9c5e6283c49ec82e117
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9
6bebe6bf7abf43624ab1ed62cabc6a1e1d9d5f1cea38042e516439b5391c1621
70d4c4423dab9cf00b6e9bcf57518eeafff00e9d2499f4463498b03bef2bdc33
7289df951c75c623b2fab940d7d2fe87c94cd76571cb66ccc86afb61e5ccbbce
742a9f36be4becc302afb2d53cfe0523f071eec3d31287d0ce393b94dc220d92
751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79a121cf7c39840853f0332f84e596678a1511dd77678c9ead4229217670ab90
79adde0dc23cba461e09967e3ceaa077a56e717d1eb2d4f1273a2e8d0f7ccf7c
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
82a64a1e16d45a21873b8329cca060029891adbd036d7da2241fa22e6481068e
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
86c8f0ef3d5c51e837bd0c69424d11e9e8522f834e1c18d620073db93b5c79f7
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
872dffe40aa155ed1f97d68d65c6847981e8f138154536a9b5b8856133dcc6af
89e121efb560fd72f5adf01a28c1dd9531dd81c723a8c6cc8e714eb2b7587269
8e1d3542f4ea0a232b64a279e38b4cc9d666ae94a91abd25fff1a165194322cb
90fbf2b127b801f3226f7260c0440085ed2196b17dda6225df36673e46a23238
9350faa5165ac4b8e790c410cbbf085a8c328693a50786cddd778bf9afe1e2a8
95390c710cf909e901b2cab8f72404407c41464623c1edf7fac07cee7f0836b6
973daf25415f50d1226c86f3eef025e194182eb4147addc05c5777b6162139e7
9a4dd8534fcf83f8869c10acf2ad5a6b186dfaf1c8f75bf388d07257e9af47db
9b9bbc8e183eb1565356c03433ed6ab31258e3156c54e785c61c4c7b548e88c3
9bea4073ca8eb9ea977081e0eaa614b3be5d03b818469694825e7849bbe1cc28
9d7da1b980a95ff3d31d0bb8733cbabd1d210ec601d15a1aac2b67394a33191d
9ee43670c7089bc802b4d63d724e3f450cc0f5e38041e40064b62fdf70583868
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a58424245091ff944f5eea1e136ca279a168b89dad0f78f00f3f3fe70e3be085
a9e10ebb34cfcb07b2146d2988ec32893c4df73d2137d8c24531425e1857a0ba
ab7a109d14237f73ec66836579662feb032f6b77457d8013eed6af880d722100
abe2cba1e866cbd778b323fe4ef0e4cc995d6206c6791ca99cd3dbac56fc4496
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af2e2283ffc4d9ca0e8be05032a6e2d7fe7daa868ad02fa1f61fc648e08336b8
b27e36f434d14a15fcbb71fe2c330e65bd47a94f1abf2f6469693de58c9fa1a2
b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43
b74ad966c274741f6c5cc0238a6989bb28e325e34e0d98f29d2cc4e7c562d93b
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b85ee094553ce0149f659a0218a9085df755924b32ca35ee5f42245ab0cd8b8f
ba4d2508109a8d3304e9e35d5332a1dce6519ef86d872265578755dbc8f33b6a
baaabaab03bb6647e78ff335112c5bba1af3a73872cd22e0379cdec3073109e2
be3c3c38148a1bc010ae9ccad67f9fe248128e652e6dd8c1e452901ca7e63925
be7f485984b0bfab6f843f1da3ff0af1d07dd3bcf97108d99a2c1d9c78edc1af
c38df4a2300e1acd22e8547908f1c0815e4232522aed59fd2d45942480b56f4c
c40a0cdd5ab5dcc4da78066f70839808bb4ee8fb2f3360dec64fde438770b099
c6c82452d4595c717df8f740c6f9ff4e6ae5bc1bb9f716584b27f457f18a1d04
c8322f02ba922477d01af2398b88586cbef61d6a0a0dee777c5eb352dd874aa6
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
ce820ddde3b57db396b814b8bbd40e27edef6f5eab951b2053e934dd47e9e1c2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d77999f2bab62ee4d895db1c7ced839192ef3cb5b3eb449f0b889209da8adcb9
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc19c2e40e42974f0416a3f4cc97e2dbb85a5b5598b76a75e9254164922e7be0
dc8e317c924d49916e599d91520cb5f64eb9b1ff74120e5d058ca526d0ec6266
dec4a595c5e6212d8cc374f424550488cd995eaaf5135d9b254e72fef8d701ec
df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c
df5a420aa6c33fa4b4da7e4aec2ec39813a08b13230a15719df0b8e11ce7682d
e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745
e8ec042d48daa8fe4031d44c608add6e3e9ee43bb1b2843910fd0f15ebf36722
ea011956164ed15022fb5732fd6d810bf75bb104babed05a29beb5c50302b926
eb8087edc955367c5780f4105c7ee3e7b2780f89e6790ee3ac69f35bbf00d972
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0761f2a521096ebcc6b36e0d165e69a3484998ea0eff57d67f5611f8d535c31
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
f31ae5176367d1e09855356e3a9c5b594a7a632e348eef2cfce758d41c6c571b
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9
fabecf436bb67f054dff5c98d8227fe4c009dc2bb119c477d57eb8d87202d7e0
fd319d2e96afcb9c7499d3301c77e3829c6099967341d70b7afbc00a60fcfb13
fdfd826c7057d16a934a73145ee53da3453b6e0b3404efb5b3718011b23dd61c

www.intezer.com Open in urlscan Pro 199.16.172.82 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

145 Requests

99 %HTTPS

54 %IPv6

28 Domains

39 Subdomains

34 IPs

4 Countries

3362 kBTransfer

6174 kBSize

35 Cookies

26 Outgoing links

Page URL History

Redirected requests

145 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.intezer.com Open in urlscan Pro
199.16.172.82 Public Scan

Screenshot
Live screenshot

Full Image

145
Requests

99 %
HTTPS

54 %
IPv6

28
Domains

39
Subdomains

34
IPs

4
Countries

3362 kB
Transfer

6174 kB
Size

35
Cookies

145 HTTP transactions
1 data transactions