www.itechpost.com Open in urlscan Pro
35.190.8.4  Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

• http://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP 307
• https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

Request Chain 5

• http://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js HTTP 307
• https://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js

Request Chain 25

• http://platform.instagram.com/en_US/embeds.js HTTP 307
• https://platform.instagram.com/en_US/embeds.js HTTP 301
• https://www.instagram.com/embed.js HTTP 302
• https://www.instagram.com/static/bundles/es6/EmbedSDK.js/58b07fec4121.js

Request Chain 37

• http://a.teads.tv/page/82542/tag HTTP 301
• https://a.teads.tv/page/82542/tag

Request Chain 44

• http://rules.quantcount.com/rules-p-QzXvCmyt3qj48.js HTTP 301
• https://rules.quantcount.com/rules-p-QzXvCmyt3qj48.js

Request Chain 45

• https://sb.scorecardresearch.com/b?c1=2&c2=14401431&ns__t=1632979311455&ns_c=UTF-8&cv=3.5&c8=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You%20%7C%20iTech%20Post&c7=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&c9= HTTP 302
• https://sb.scorecardresearch.com/b2?c1=2&c2=14401431&ns__t=1632979311455&ns_c=UTF-8&cv=3.5&c8=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You%20%7C%20iTech%20Post&c7=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&c9=

Request Chain 52

• https://googleads.g.doubleclick.net/pagead/id HTTP 302
• https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 63

• http://pixel.quantserve.com/pixel;r=453145742;rf=0;a=p-QzXvCmyt3qj48;url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm;uh=1ebb899bafb5;uht=0;fpan=1;fpa=P0-986962621-1632979311749;pbc=;ns=0;ce=1;qjs=1;qv=00a3769c-20210929173447;cm=;gdpr=0;ref=;d=itechpost.com;je=0;sr=1600x1200x24;dst=0;et=1632979311749;tzo=0;ogl=type.article%2Curl.https%3A%2F%2Fwww%252Eitechpost%252Ecom%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-c%2Csite_name.iTech%20Post%2Cimage.https%3A%2F%2F1401700980%252Ersc%252Ecdn77%252Eorg%2Fdata%2Fimages%2Ffull%2F101857%2Fnew-microsoft-malware-c%2Ctitle.New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%252C%20Sensitive%20Info%3A%20How%20to%20Stop%20Fo%2Cdescription.Remember%20the%20SolarWinds%20hack%3F%20Microsoft%20recently%20discovered%20another%20piece%20of%20mal HTTP 301
• https://pixel.quantserve.com/pixel;r=453145742;rf=0;a=p-QzXvCmyt3qj48;url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm;uh=1ebb899bafb5;uht=0;fpan=1;fpa=P0-986962621-1632979311749;pbc=;ns=0;ce=1;qjs=1;qv=00a3769c-20210929173447;cm=;gdpr=0;ref=;d=itechpost.com;je=0;sr=1600x1200x24;dst=0;et=1632979311749;tzo=0;ogl=type.article%2Curl.https%3A%2F%2Fwww%252Eitechpost%252Ecom%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-c%2Csite_name.iTech%20Post%2Cimage.https%3A%2F%2F1401700980%252Ersc%252Ecdn77%252Eorg%2Fdata%2Fimages%2Ffull%2F101857%2Fnew-microsoft-malware-c%2Ctitle.New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%252C%20Sensitive%20Info%3A%20How%20to%20Stop%20Fo%2Cdescription.Remember%20the%20SolarWinds%20hack%3F%20Microsoft%20recently%20discovered%20another%20piece%20of%20mal

Request Chain 101

• https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&adnxs_id=$UID HTTP 307
• https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba%26adnxs_id%3D%24UID HTTP 302
• https://ids.ad.gt/api/v1/match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&adnxs_id=188111995801004360

Request Chain 102

• https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://ids.ad.gt/api/v1/t_match?tdid=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba

Request Chain 103

• https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://ids.ad.gt/api/v1/pbm_match?pbm=3816C3F6-FD09-4DDE-8004-77EF231003B4&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba

Request Chain 104

• https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&google_tc= HTTP 302
• https://ids.ad.gt/api/v1/g_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&google_error=3

Request Chain 105

• https://ids.ad.gt/api/v1/g_hosted?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzJmMjUxNWEtZWM5Yi00ZTE3LTk3OWUtMmFkMzFlYTk5Y2Jh HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzJmMjUxNWEtZWM5Yi00ZTE3LTk3OWUtMmFkMzFlYTk5Y2Jh&google_tc= HTTP 302
• https://ids.ad.gt/api/v1/g_match?google_error=3

Request Chain 106

• https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fsmart_match%3Fid%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba%26sas_uid%3D%5bsas_uid%5d HTTP 302
• https://sync.smartadserver.com/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&sas_uid=[sas_uid]&cklb=1

Request Chain 108

• https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://ids.ad.gt/api/v1/mediamath_match?user_id=c8df6155-4970-4c00-836a-627e9175fcd3&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba

Request Chain 109

• https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=eu HTTP 301
• https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu

Request Chain 112

• https://x.bidswitch.net/sync?ssp=mgid HTTP 302
• https://x.bidswitch.net/ul_cb/sync?ssp=mgid HTTP 302
• https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=mgid HTTP 302
• https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=mgid HTTP 302
• https://x.bidswitch.net/sync?dsp_id=70&user_id=3921928039039586189&ssp=mgid HTTP 302
• https://cm.mgid.com/m?cdsp=433145&c=6b42cf17-ffad-4916-9d65-6f6d5bee433c&gdpr=&gdpr_consent=&us_privacy=

Request Chain 113

• https://creativecdn.com/cm-notify?pi=mgid HTTP 302
• https://creativecdn.com/cm-notify?pi=mgid&tc=1 HTTP 302
• https://cm.mgid.com/m?cdsp=501037&c=b3QZAt8FaRCI1FWEWFJY&pi=mgid&tc=1

Request Chain 114

• https://x.bidswitch.net/sync?dsp_id=303&user_id=l8tQeG0Z_Dlm HTTP 302
• https://ad.360yield.com/match?publisher_dsp_id=191&external_user_id=6b42cf17-ffad-4916-9d65-6f6d5bee433c HTTP 302
• https://ad.360yield.com/ul_cb/match?publisher_dsp_id=191&external_user_id=6b42cf17-ffad-4916-9d65-6f6d5bee433c

Request Chain 115

• https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDh0UWVHMFpfRGxt&muidn=l8tQeG0Z_Dlm HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDh0UWVHMFpfRGxt&muidn=l8tQeG0Z_Dlm&google_tc= HTTP 302
• https://cm.mgid.com/google?muidn=l8tQeG0Z_Dlm&google_error=3

Request Chain 118

• https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
• https://cm.mgid.com/m?cdsp=371158&c=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&ttl=1635571312

Request Chain 119

• https://rtb-usw.mfadsrvr.com/sync?ssp=mgid HTTP 302
• https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid HTTP 302
• https://cm.mgid.com/m?cdsp=287839&c=d1eb906b-5df9-4662-b9fc-6458d297814e

Request Chain 127

• https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3D02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj91nelrdq1elzfjf1hl5r1i1kkc2jl%26auid%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://u.openx.net/w/1.0/cm?cc=1&id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3D02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj91nelrdq1elzfjf1hl5r1i1kkc2jl%26auid%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba HTTP 302
• https://ids.ad.gt/api/v1/openx?openx_id=f0d0a6fa-df10-42f4-b196-10fe77a6aba5&id=02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj91nelrdq1elzfjf1hl5r1i1kkc2jl&auid=72f2515a-ec9b-4e17-979e-2ad31ea99cba

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Show response www.itechpost.com/articles/107166/20210929/	52 KB 13 KB	225ms 191ms	Document text/html	35.190.8.4 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 35.190.8.4 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 4.8.190.35.bc.googleusercontent.com Software nginx / PHP/7.2.34 Resource Hash 9fc641d2b8e878c9b90d0536748fb1ce719aee780afc18c2a1801b524ac1accb Request headers Host www.itechpost.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx Date Thu, 30 Sep 2021 05:21:51 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked X-Powered-By PHP/7.2.34 P3P CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC" Content-Encoding gzip Vary Accept-Encoding Via 1.1 google
GET H2	200	main.css 1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/	31 KB 6 KB	53ms 9ms	Stylesheet text/css	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 61707bd20733daf3ce465ae24cd5250d334fdf29c193a598c4c103a71c928170 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1rywlidbvwi0FAA== x-accel-expires @1633676717 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9c5b-7bad" last-modified Wed, 22 Sep 2021 03:00:43 GMT server CDN77-Turbo x-77-nzt-ray Het25zpqNXo= x-77-cache HIT content-type text/css x-cache HIT x-age 339394 content-encoding br x-77-pop frankfurtDE
GET H2	200	common_v056.js Show response 1126564489.rsc.cdn77.org/common/js/common/	7 KB 3 KB	54ms 10ms	Script application/javascript	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/common/common_v056.js?5xwc2g Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 564909ae57a774bce3a438e2df0cbe3f8794d33acf6715625e87cb06bfa31908 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryxYo+7vwi0FAA== x-accel-expires @1633676717 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9d09-1aeb" last-modified Wed, 22 Sep 2021 03:03:37 GMT server CDN77-Turbo x-77-nzt-ray bQAHhpiMRAo= x-77-cache HIT content-type application/javascript x-cache HIT x-age 339394 content-encoding br x-77-pop frankfurtDE
GET H/1.1	200 OK	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.0/	87 KB 88 KB	35ms 12ms	Script text/javascript	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL http://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Wed, 29 Sep 2021 00:54:43 GMT X-Content-Type-Options nosniff Age 102428 Content-Security-Policy-Report-Only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers Cross-Origin-Resource-Policy cross-origin Content-Length 89501 X-XSS-Protection 0 Last-Modified Wed, 10 Mar 2021 14:28:09 GMT Server sffe Vary Accept-Encoding Report-To {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control public, max-age=31536000, stale-while-revalidate=2592000 Accept-Ranges bytes Timing-Allow-Origin * Cross-Origin-Opener-Policy-Report-Only same-origin; report-to="hosted-libraries-pushers" Expires Thu, 29 Sep 2022 00:54:43 GMT
GET H2	200	jquery.bxslider.min.js Show response 1126564489.rsc.cdn77.org/common/js/bxslider/	19 KB 5 KB	55ms 12ms	Script application/javascript	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/bxslider/jquery.bxslider.min.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash bb9e7dc822c6b7b95a6329932885c72ff2caf74b243fc1c40aca0e858123b83e Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryy0Bdnvwi0FAA== x-accel-expires @1633676717 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9caf-4b9f" last-modified Wed, 22 Sep 2021 03:02:07 GMT server CDN77-Turbo x-77-nzt-ray Ye7CCWsNv9Q= x-77-cache HIT content-type application/javascript x-cache HIT x-age 339394 content-encoding br x-77-pop frankfurtDE
GET H2	200	jquery.cookie.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/ Redirect Chain http://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1 KB 931 B	35ms 16ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1851289 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 591 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:45 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec1-514" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNAufnZjE4%2BnIUkNgfGcHd1k07l9VmmohrSQeGXTKOjtHrjOT72UijyipWTUG%2BCzYHYFcULqbLjeHbmPR8jN7GR7LJ3Hp2BfU1hAic%2Fhx8Gxo91n2eW4V8OG1gwxdaxMs4xELxlbpz6MS%2BGAkeYHxC7E"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 696b02974c0fdfc7-FRA expires Tue, 20 Sep 2022 05:21:51 GMT Redirect headers Location https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js Non-Authoritative-Reason HSTS
GET H2	200	jquery.lazyload.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/ Redirect Chain http://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js	3 KB 2 KB	33ms 14ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 36005 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 1120 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:47 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec3-d35" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VBMFawQ%2FyufuaLbfg2nL0%2F1azEfBJxX4J%2BdfigOTrW6jpuALwoCJdm%2BHwIpT021GzIKMzdG7oHSPMmowfz8o1JJMpikiZGTj%2Fv%2BmS3PEziSFCLp%2FYeG4uqM1wrc5c4bqJ7klQRylfndTO6%2BUHQi5PAZ0"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 696b02974c12dfc7-FRA expires Tue, 20 Sep 2022 05:21:51 GMT Redirect headers Location https://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js Non-Authoritative-Reason HSTS
GET H2	200	prebid_sb_2019.js Show response 1126564489.rsc.cdn77.org/common/js/common/	150 KB 45 KB	66ms 23ms	Script application/javascript	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/common/prebid_sb_2019.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash aa8f4aadaeeedb243de069b890bd59864e538f28f58967ff9fe9754358131105 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1rywDwbHvdh8FAA== x-accel-expires @1633680377 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9caf-25708" last-modified Wed, 22 Sep 2021 03:02:07 GMT server CDN77-Turbo x-77-nzt-ray tcAynytYwVM= x-77-cache HIT content-type application/javascript x-cache HIT x-age 335734 content-encoding br x-77-pop frankfurtDE
GET H/1.1	200 OK	script.js Show response powerad.ai/	170 KB 35 KB	415ms 198ms	Script application/javascript	18.211.226.152 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://powerad.ai/script.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 18.211.226.152 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-211-226-152.compute-1.amazonaws.com Software nginx/1.10.3 (Ubuntu) / Express Resource Hash 63721156438c4a8fad96c6cb93099d8a59e94706abc4bf0c391b393cff33aa9e Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:51 GMT Content-Encoding gzip Last-Modified Thu, 02 Sep 2021 15:19:09 GMT Server nginx/1.10.3 (Ubuntu) Transfer-Encoding chunked X-Powered-By Express ETag W/"2a930-17ba717a506" Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control public, max-age=3600 Access-Control-Allow-Credentials true Connection close Access-Control-Allow-Headers *
GET H2	200	logo-bg.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/	988 B 782 B	11ms 8ms	Image image/svg+xml	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/logo-bg.svg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 557032a003faee6bcbed4da18246e63a5075872a858ac1362f699d80e225027f Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1rywpjsPvvy0FAA== x-accel-expires @1633676720 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9c59-3dc" last-modified Wed, 22 Sep 2021 03:00:41 GMT server CDN77-Turbo x-77-nzt-ray HRHY7pEuQZ8= x-77-cache HIT content-type image/svg+xml x-cache HIT x-age 339391 content-encoding br x-77-pop frankfurtDE
GET H2	200	new-microsoft-malware-can-steal-your-credentials-sensitive-info-how-to-stop-foggyweb-from-attacking-you.jpg 1401700980.rsc.cdn77.org/data/images/full/101857/	100 KB 100 KB	153ms 127ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/images/full/101857/new-microsoft-malware-can-steal-your-credentials-sensitive-info-how-to-stop-foggyweb-from-attacking-you.jpg?w=983 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 4430058176d040ec83a642633ed87c6be347577c7f0029664baf81bca1864ade Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryyJO2Kx x-accel-expires @1633065711 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag 1e461b1997f4abf3bd0954ee885a08be server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray p+xhe4oFt6A= x-77-cache MISS content-type image/jpeg cache-control max-age=86400, public x-cache MISS x-77-pop frankfurtDE
GET H2	200	itechpost.com.1119397.js Show response jsc.mgid.com/i/t/	2 KB 1 KB	66ms 21ms	Script text/javascript	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jsc.mgid.com/i/t/itechpost.com.1119397.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b82ce24b315d7ae1bcb8c984f826080ed0ebb629d59c17c4faf56c2e67302715 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding br cf-cache-status HIT age 3284 last-modified Wed, 08 Sep 2021 08:26:12 GMT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id 15MPAQ2JQCCRP6D6 x-amz-id-2 tXXlUidrCpUvEWt8qflOTyV9ZjHPik32o2nxLBoFnLbHpCXn60TP3QE5qCUUdcgTA32dfaUBBY4= cf-bgj minify server cloudflare etag W/"deb0feb1c843b8d576a9b09d82b3bd2a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript cache-control public, max-age=10800 cf-ray 696b0297fdebbea6-FRA expires Thu, 30 Sep 2021 08:21:51 GMT
GET H2	200	fourth-stimulus-check-update-2000-online-petition-takes-big-step-new-600-grant-for-food-workers-revealed.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101837/90/77/50/40/	4 KB 5 KB	39ms 13ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101837/90/77/50/40/fourth-stimulus-check-update-2000-online-petition-takes-big-step-new-600-grant-for-food-workers-revealed.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash f2370560e398afccf6234b3fdfb1e8503e1e4cc30ac99718f5223d46ecbe8289 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1rywWDazvSqgAAA== x-accel-expires @1633022629 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag bca8a9d9bcfbfcfa9172e9ccb6850847 server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray sQlJXnumua0= x-77-cache HIT content-type image/jpeg cache-control max-age=86400, public x-cache HIT x-age 43082 x-77-pop frankfurtDE
GET H2	200	new-android-malware-lets-hackers-use-your-device-remotely-steal-data-9-ways-to-prevent-tanglebot.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101805/90/77/50/40/	3 KB 3 KB	40ms 13ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101805/90/77/50/40/new-android-malware-lets-hackers-use-your-device-remotely-steal-data-9-ways-to-prevent-tanglebot.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash de278a8f09ea9667ec38d46c0f82db05eafa0bb4effa2a71452c0ba606378f0b Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryxOZSjvobMAAA== x-accel-expires @1633019726 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag 42276c741c31d1835c168ee8f223c51e server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray AmJ1h/xz63s= x-77-cache HIT content-type image/jpeg cache-control max-age=86400, public x-cache HIT x-age 45985 x-77-pop frankfurtDE
GET H2	200	iphone-14-leaks-reveal-new-design-2022-iphone-will-have-no-notch-under-display-touch-id-possible.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101830/90/77/50/40/	4 KB 4 KB	34ms 8ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101830/90/77/50/40/iphone-14-leaks-reveal-new-design-2022-iphone-will-have-no-notch-under-display-touch-id-possible.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 1ff968fe58ac7e9bcb98ae378927dffa216a9fc25ee549695b82eb0e66d54f90 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryyXWAXvSqgAAA== x-accel-expires @1633022629 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag 0eeb30886b646098d532a6ea527a02ad server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray 3NvRC6h/meI= x-77-cache HIT content-type image/jpeg cache-control max-age=86400, public x-cache HIT x-age 43082 x-77-pop frankfurtDE
GET H2	200	nasa-hubble-telescope-found-heaven-milky-way-star-cluster-captured-in-enchanting-images.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101821/90/77/50/40/	3 KB 3 KB	39ms 13ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101821/90/77/50/40/nasa-hubble-telescope-found-heaven-milky-way-star-cluster-captured-in-enchanting-images.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash ff8f76bc6db34d7046fcdada4d43bbfa522059a8de830e4ddfadefa0d8e9446f Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryx9M1HvuzEAAA== x-accel-expires @1633052980 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag e7e27cebba091bcceb3cbb6fd651d7bd server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray C1es+uPQc7I= x-77-cache HIT content-type image/jpeg cache-control max-age=86400, public x-cache HIT x-age 12731 x-77-pop frankfurtDE
GET H2	200	iphone-13-price-in-india-requires-90-days-of-work-6-days-for-us.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101794/90/77/50/40/	4 KB 5 KB	40ms 14ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101794/90/77/50/40/iphone-13-price-in-india-requires-90-days-of-work-6-days-for-us.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 2ecd4ced7c9b71fce2ae47fa7185613f144a2f7e80213324e1fe73a46f7095ae Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryyygD/vuzEAAA== x-accel-expires @1633052980 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag 297a4ee33bd79f250095843d6a76f1e6 server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray N4lNYZjroIM= x-77-cache HIT content-type image/jpeg cache-control max-age=86400, public x-cache HIT x-age 12731 x-77-pop frankfurtDE
GET H2	200	amazon-astro-robot-price-review-and-reactions-why-new-home-robot-is-dangerous-for-your-privacy.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101871/502/301/50/40/	38 KB 38 KB	120ms 120ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101871/502/301/50/40/amazon-astro-robot-price-review-and-reactions-why-new-home-robot-is-dangerous-for-your-privacy.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 85b1d5c883bd2863fe7eac5e6489d4833cc4bfdc01699ad65c8c10d2c34ec747 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryx4BxSx x-accel-expires @1633065711 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag 54b08da91d1f27751ac2bcca255a7881 server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray xTx5b73bAIU= x-77-cache MISS content-type image/jpeg cache-control max-age=86400, public x-cache MISS x-77-pop frankfurtDE
GET H2	200	top-ios-15-feature-5-steps-to-set-up-recovery-contact-on-your-iphone.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101869/502/301/50/40/	10 KB 11 KB	227ms 226ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101869/502/301/50/40/top-ios-15-feature-5-steps-to-set-up-recovery-contact-on-your-iphone.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash dba44cf5ad8a27e484a253c0f6c0441aca5ba89943f51e21b6c58a7d661554e5 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1rywlm7Cx x-accel-expires @1633065711 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag 93e00b225c64201f8423535152a2671b server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray IQp7SynxIBc= x-77-cache MISS content-type image/jpeg cache-control max-age=86400, public x-cache MISS x-77-pop frankfurtDE
GET H2	200	new-iphone-app-lets-you-delete-drunken-tweets-fb-posts-fast-price-features-and-where-to-download.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101872/502/301/50/40/	19 KB 19 KB	123ms 121ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101872/502/301/50/40/new-iphone-app-lets-you-delete-drunken-tweets-fb-posts-fast-price-features-and-where-to-download.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 4e7b6b637296b3743b5b41135ebe80ff9e58fc0954b8c9fc275fc7d5cda7d521 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryztA02x x-accel-expires @1633065711 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag 034a22460fb00900f3938d17946531e1 server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray IGrB0aItGxQ= x-77-cache MISS content-type image/jpeg cache-control max-age=86400, public x-cache MISS x-77-pop frankfurtDE
GET H2	200	squid-game-phone-number-is-real-owner-getting-4000-prank-calls-per-day-receives-85-000-offer.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/101877/502/301/50/40/	19 KB 20 KB	120ms 119ms	Image image/jpeg	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/101877/502/301/50/40/squid-game-phone-number-is-real-owner-getting-4000-prank-calls-per-day-receives-85-000-offer.jpg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 499c9724a0e61f7db997cfb8aafe2f2307f139dd6c8e9cffe1b0dd5feeab514c Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryzwoH+x x-accel-expires @1633065711 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag ec8bb02ae8b970c0d32b318bab2fef09 server CDN77-Turbo x-powered-by PHP/7.2.34 x-77-nzt-ray Sc4+00AENuk= x-77-cache MISS content-type image/jpeg cache-control max-age=86400, public x-cache MISS x-77-pop frankfurtDE
GET H2	200	logo-plain.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/	946 B 768 B	10ms 9ms	Image image/svg+xml	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/logo-plain.svg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 91720d5f29a186fa3424b027d75e9a4c72186128cf924c426a0d255004257dff Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryx7NIjvCS0FAA== x-accel-expires @1633676902 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9b5e-3b2" last-modified Wed, 22 Sep 2021 02:56:30 GMT server CDN77-Turbo x-77-nzt-ray MGQ2zIouVbE= x-77-cache HIT content-type image/svg+xml x-cache HIT x-age 339209 content-encoding br x-77-pop frankfurtDE
GET H2	200	script.js Show response 1126564489.rsc.cdn77.org/static/common/_v2.0.0/js/	5 KB 2 KB	8ms 8ms	Script application/javascript	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/js/script.js?5xwc2g Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 04780fc935ae5eb239dcc0a25751c16492b60edf7aa5535e9644b66e9107787c Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryx7gk/vwi0FAA== x-accel-expires @1633676717 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9bcd-1463" last-modified Wed, 22 Sep 2021 02:58:21 GMT server CDN77-Turbo x-77-nzt-ray DWp5vOR5+kw= x-77-cache HIT content-type application/javascript x-cache HIT x-age 339394 content-encoding br x-77-pop frankfurtDE
GET H/1.1	200 OK	badge.gif static.getclicky.com/media/links/	241 B 763 B	29ms 18ms	Image image/gif	2606:4700::6810:a010 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://static.getclicky.com/media/links/badge.gif Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 2606:4700::6810:a010 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c93b5f9c2d83611b9a9ba0333b0b499b385cdce2aee9edaac6daf8a134cf5555 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:51 GMT CF-Cache-Status HIT Age 1502 Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Content-Length 241 Last-Modified Wed, 13 Apr 2016 00:13:35 GMT Server cloudflare ETag "570d8f2f-f1" Vary Accept-Encoding Content-Type image/gif Cache-Control public, max-age=604800 Accept-Ranges bytes CF-RAY 696b0297cc2d4abc-FRA X-Proxy-Cache HIT Expires Thu, 07 Oct 2021 05:21:51 GMT
GET H/1.1	200 OK	js Show response static.getclicky.com/	15 KB 6 KB	53ms 26ms	Script text/javascript	2606:4700::6810:a010 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://static.getclicky.com/js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 2606:4700::6810:a010 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c0db02fa8ce349e5c3629825f3cb63deed4803ba6b383f81eb2a882be89e4e07 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:51 GMT Content-Encoding gzip CF-Cache-Status HIT Server cloudflare Age 1503 Vary Accept-Encoding, Accept-Encoding Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Expires Thu, 07 Oct 2021 05:21:51 GMT Cache-Control public, max-age=604800 Transfer-Encoding chunked Connection keep-alive CF-RAY 696b0297cef99778-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 X-Proxy-Cache HIT
GET H2	200	counter_ssl.js Show response 1126564489.rsc.cdn77.org/common/js/stat/	743 B 594 B	11ms 8ms	Script application/javascript	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/stat/counter_ssl.js?v=11 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 08895426c0d9a9330b4b4988d244fb0f964082f78b8a929db01792481c508e49 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryzmKkzvwi0FAA== x-accel-expires @1633676717 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9e0f-2e7" last-modified Wed, 22 Sep 2021 03:07:59 GMT server CDN77-Turbo x-77-nzt-ray K63tfVLVtRM= x-77-cache HIT content-type application/javascript x-cache HIT x-age 339394 content-encoding br x-77-pop frankfurtDE
GET H2	200	58b07fec4121.js Show response www.instagram.com/static/bundles/es6/EmbedSDK.js/ Redirect Chain http://platform.instagram.com/en_US/embeds.js https://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://www.instagram.com/static/bundles/es6/EmbedSDK.js/58b07fec4121.js	15 KB 5 KB	308ms 7ms	Script text/javascript	2a03:2880:f22d:e5:face:b00c:0:4420 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.instagram.com/static/bundles/es6/EmbedSDK.js/58b07fec4121.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f22d:e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 55e4952be9599ffd0c411a904a954ac984ed919d612ac2c044545a373aebd1f8 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Sat, 18 Sep 2021 13:19:14 GMT x-fb-trip-id 1679558926 etag "58b07fec4121" vary Accept-Encoding content-type text/javascript access-control-allow-origin * edge-control max-age=1209600, no-transform cache-control public,max-age=31536000,immutable cross-origin-resource-policy cross-origin content-encoding br content-length 4824 Redirect headers date Thu, 30 Sep 2021 05:21:51 GMT x-fb-trip-id 1679558926 x-ig-origin-region ldc content-type text/html; charset=utf-8 location https://www.instagram.com/static/bundles/es6/EmbedSDK.js/58b07fec4121.js cache-control max-age=21600 alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 0
GET H2	200	request.js Show response script.anura.io/	47 KB 48 KB	484ms 415ms	Script application/javascript	18.133.97.68 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.anura.io/request.js?instance=2238638024&source=itechpost&campaign=tech%2Farticles&exid=anura_itechpost_1419974665853&callback=_anuraResFun&108478930276 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.133.97.68 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-133-97-68.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash 4af0e9b4fb079b92e1c08887ac30e60601e271aa59ec86e0a62adc88e001743c Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:51 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 x-content-type-options nosniff expires Sun, 28 Dec 1980 18:57:00 EST server nginx content-type application/javascript; charset=utf-8
GET H/1.1	200 OK	gpt.js Show response www.googletagservices.com/tag/js/	73 KB 26 KB	40ms 20ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://www.googletagservices.com/tag/js/gpt.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5f9d9a897fa6b2410844c02cd6a2603f98f19c5bdf7d6a111f28c40037d47837 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:51 GMT Content-Encoding gzip X-Content-Type-Options nosniff Server sffe ETag "1001 / 234 of 1000 / last-modified: 1632780739" Vary Accept-Encoding Report-To {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} Content-Type text/javascript Cache-Control private, max-age=900, stale-while-revalidate=3600 Timing-Allow-Origin * Content-Length 25687 X-XSS-Protection 0 Cross-Origin-Opener-Policy-Report-Only same-origin; report-to="ads-gpt-scs" Expires Thu, 30 Sep 2021 05:21:51 GMT
GET H/1.1	200 OK	apstag.js Show response c.amazon-adsystem.com/aax2/	133 KB 36 KB	37ms 19ms	Script application/javascript	13.226.132.202 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://c.amazon-adsystem.com/aax2/apstag.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 13.226.132.202 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-132-202.dus51.r.cloudfront.net Software Server / Resource Hash 975b62423e82390a1b54f47625f46f5b4451a8ea69945b2e85008a194bb55edd Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:11:23 GMT Content-Encoding gzip Age 628 Transfer-Encoding chunked X-Edge-Origin-Shield-Skipped 0 X-Cache Hit from cloudfront Connection keep-alive Timing-Allow-Origin * Server Server x-amz-rid 027Z7EBJ4NJJMP638YEB ETag 3900a2c2d757386fb762bfd86288f882 Vary Accept-Encoding x-amz-version-id 8N42zakBwOFy.ZF9LMqjmgZs3f2_X5lT Via 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront) Cache-Control public, max-age=900 X-Amz-Cf-Pop DUS51-C1 Accept-Ranges bytes Content-Type application/javascript X-Amz-Cf-Id CtSnon5kUkmtyvOmBcR4Ifv01dHJ-2LFsY5grp67hlxGkeUeeOn9Tw==
GET H2	200	c-Ur5MKo-KE Show response www.youtube.com/embed/ Frame DE65	56 KB 24 KB	108ms 67ms	Document text/html	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/embed/c-Ur5MKo-KE Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 14b20b20a98583a4dac482b93b0f003de4be360395fe22dda4ccddf9202c1cde Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.youtube.com :scheme https :path /embed/c-Ur5MKo-KE pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer http://www.itechpost.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ Response headers content-type text/html; charset=utf-8 x-content-type-options nosniff cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Thu, 30 Sep 2021 05:21:51 GMT strict-transport-security max-age=31536000 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version permissions-policy ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=* report-to {"group":"AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"}]} cross-origin-opener-policy-report-only same-origin; report-to="AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA" p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info." content-encoding br server ESF x-xss-protection 0 set-cookie YSC=9CRmcfPahNU; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=-ILmYkE1nDs; Domain=.youtube.com; Expires=Tue, 29-Mar-2022 05:21:51 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+438; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	search.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/	244 B 448 B	10ms 10ms	Image image/svg+xml	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/search.svg Requested by Host: 1126564489.rsc.cdn77.org URL: https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash eae594adb80377b9a40c39ccf578596d245c4000865a828828b83eebc243d9a0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryykgY3vHSgFAA== x-accel-expires @1633678162 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9c5b-f4" last-modified Wed, 22 Sep 2021 03:00:43 GMT server CDN77-Turbo x-77-nzt-ray ORmQMI1zqSM= x-77-cache HIT content-type image/svg+xml x-cache HIT x-age 337949 content-encoding br x-77-pop frankfurtDE
GET H2	200	rightarrow.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/	164 B 404 B	11ms 11ms	Image image/svg+xml	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/rightarrow.svg Requested by Host: 1126564489.rsc.cdn77.org URL: https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 7158e27404d825c655c338d5490b7c42cfe862f4500f0238107be56aa29f4557 Request headers Accept-Language de-DE,de;q=0.9 Referer https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryzhKhDvvy0FAA== x-accel-expires @1633676720 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag W/"614a9cc5-a4" last-modified Wed, 22 Sep 2021 03:02:29 GMT server CDN77-Turbo x-77-nzt-ray JzzK88qFckE= x-77-cache HIT content-type image/svg+xml x-cache HIT x-age 339391 content-encoding br x-77-pop frankfurtDE
GET H2	200	graphic-newsletter.png 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/	1 KB 1 KB	8ms 8ms	Image image/png	2a02:6ea0:c700::1 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/graphic-newsletter.png Requested by Host: 1126564489.rsc.cdn77.org URL: https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::1 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 1a8e5a1f2e5abe980eb10ea6b6b8e298d0e3fb6e0db159357331b3be01cc7b49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-nzt AcO1ryzpLyzvCBYFAA== x-accel-expires @1633682791 date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google etag "614a9bcd-448" last-modified Wed, 22 Sep 2021 02:58:21 GMT server CDN77-Turbo x-77-nzt-ray 9cqI3Js0028= x-77-cache HIT content-type image/png x-cache HIT x-age 333320 accept-ranges bytes x-77-pop frankfurtDE content-length 1096
GET H/1.1	200 OK	quant.js Show response edge.quantserve.com/	24 KB 9 KB	41ms 13ms	Script application/javascript	2620:116:800d:21:8c6e:cf2c:8d6:9fb5 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://edge.quantserve.com/quant.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 2d452ca7bf499867307ebfa48373084a42e1f56ec0a26e5bb2e12f01888c3cc9 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:51 GMT Content-Encoding gzip Etag "XUylRaJiJNdi08iU32oNYQ==" Vary Accept-Encoding Content-Type application/javascript Cache-Control private, max-age=604800 Transfer-Encoding chunked Cross-Origin-Resource-Policy cross-origin Connection keep-alive Accept-Ranges bytes Expires Thu, 07 Oct 2021 05:21:51 GMT
GET H/1.1	200 OK	beacon.js Show response b.scorecardresearch.com/	1 KB 1 KB	42ms 13ms	Script application/javascript	13.226.145.6 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://b.scorecardresearch.com/beacon.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 13.226.145.6 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-145-6.dus51.r.cloudfront.net Software AmazonS3 / Resource Hash a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Wed, 29 Sep 2021 05:46:45 GMT Content-Encoding gzip Age 84907 x-amz-server-side-encryption AES256 Transfer-Encoding chunked X-Edge-Origin-Shield-Skipped 0 X-Cache Hit from cloudfront Connection keep-alive Last-Modified Fri, 26 Feb 2021 14:35:05 GMT Server AmazonS3 ETag W/"1827f116c73f319409b97f10b8a58ade" Vary Accept-Encoding Content-Type application/javascript Via 1.1 8ad073ef904d92431b3428f3430707af.cloudfront.net (CloudFront) X-Amz-Cf-Pop DUS51-C1 X-Amz-Cf-Id Yhwn8z3riNVDbovaSEf_tk-ZCeJmuJ_C7QdPbkhD5L42diUd5Xjhsg==
GET H2	200	counter_gif.gif stat.itechpost.com/stat/	180 B 180 B	181ms 120ms	Image image/gif	35.190.31.133 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://stat.itechpost.com/stat/counter_gif.gif?article_id=107166&w=1600&h=1200&ref= Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.31.133 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 133.31.190.35.bc.googleusercontent.com Software nginx/1.14.2 / PHP/7.2.18 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 google content-type image/gif server nginx/1.14.2 x-powered-by PHP/7.2.18 alt-svc clear p3p CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
GET H2	200	js Show response www.googletagmanager.com/gtag/	96 KB 39 KB	50ms 19ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-31773140-1 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8e960ef6dd3ba22adfe688472803a9872b54af8dce25c620db96496646184de1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38984 x-xss-protection 0 last-modified Thu, 30 Sep 2021 03:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 30 Sep 2021 05:21:51 GMT
GET H2	200	tag Show response a.teads.tv/page/82542/ Redirect Chain http://a.teads.tv/page/82542/tag https://a.teads.tv/page/82542/tag	658 B 624 B	73ms 53ms	Script application/javascript	2.18.232.7 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://a.teads.tv/page/82542/tag Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-232-7.deploy.static.akamaitechnologies.com Software / Resource Hash 8fab383cdeff5a62f80172a15ec74cd08cbda29bf48fdada03efb34d90874006 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding gzip vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, must-revalidate, max-age=3600 access-control-allow-credentials true content-length 424 expires Thu, 30 Sep 2021 06:21:51 GMT Redirect headers Location https://a.teads.tv/page/82542/tag Date Thu, 30 Sep 2021 05:21:51 GMT Cache-Control private, must-revalidate, max-age=3600 Connection keep-alive Content-Length 0 Expires Thu, 30 Sep 2021 06:21:51 GMT
GET H2	200	itechpost.com.1119397.es6.js Show response jsc.mgid.com/i/t/	234 KB 65 KB	26ms 26ms	Script text/javascript	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8bb59f913ef050d06766826865bcc69f5c629a8474e17f96880297298a18cf42 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding br cf-cache-status HIT age 3284 last-modified Wed, 08 Sep 2021 08:26:12 GMT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id XEAR2SX84AW9D797 x-amz-id-2 pWwfJ3bFcQm5aefNX0m4rtghuSPwz8oWlONWDqrn2VLGDsqydQLX9mSuMPX/7XHIDl9z4xfKmco= cf-bgj minify server cloudflare etag W/"e8a15840239cfda2e2b28c41c9c96b1f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript cache-control public, max-age=10800 cf-ray 696b02982defbea6-FRA expires Thu, 30 Sep 2021 08:21:51 GMT
GET H2	200	pubads_impl_2021092001.js Show response securepubads.g.doubleclick.net/gpt/	336 KB 118 KB	41ms 20ms	Script text/javascript	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092001.js?31062913 Requested by Host: www.googletagservices.com URL: http://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software sffe / Resource Hash 1530727d7a9de276d5934149bfd08e535021a6596ace5c87fbad802580189d0b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 120245 x-xss-protection 0 last-modified Mon, 20 Sep 2021 08:37:28 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Thu, 30 Sep 2021 05:21:51 GMT
GET H2	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	116 B 755 B	44ms 16ms	XHR application/json	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.itechpost.com Requested by Host: www.googletagservices.com URL: http://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software cafe / Resource Hash fb32842123ecc7009368c6bcac9bae6ecb890dfc4f1b81588a225a3b315c7598 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Thu, 30 Sep 2021 05:21:51 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 98 x-xss-protection 0 expires Thu, 30 Sep 2021 05:21:51 GMT
GET H2	204	config Show response c.amazon-adsystem.com/cdn/prod/	0 327 B	132ms 106ms	XHR text/plain	13.226.132.202 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&pubid=10f2e1c5-d495-4ec1-a8e3-2556d5c64ce9 Requested by Host: c.amazon-adsystem.com URL: http://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.132.202 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-132-202.dus51.r.cloudfront.net Software Server / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:50 GMT via 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront) server Server x-edge-origin-shield-skipped 0 x-cache Miss from cloudfront access-control-allow-origin http://www.itechpost.com cache-control max-age=21550, s-maxage=21600 access-control-allow-credentials true x-amz-cf-pop DUS51-C1 x-amz-cf-id ztYHGD1WWL3AR8hphvPcs5K3p9MKDhxpjJ9ZrpH6WBCtAobRcowEGg==
GET H2	200	bid Show response c.amazon-adsystem.com/e/dtb/	23 B 493 B	144ms 127ms	XHR text/javascript	13.226.132.202 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&pid=RWeoBiVaQmNOd&cb=0&ws=1600x1200&v=7.69.01&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22400x300%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22160x600%22%2C%22300x1050%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%5D&pubid=10f2e1c5-d495-4ec1-a8e3-2556d5c64ce9&gdprl=%7B%22status%22%3A%22no-cmp%22%7D Requested by Host: c.amazon-adsystem.com URL: http://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.132.202 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-132-202.dus51.r.cloudfront.net Software Server / Resource Hash 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8 Security Headers Name Value Strict-Transport-Security max-age=47474747; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront) server Server x-amz-cf-pop DUS51-C1 x-amz-rid P4Q0E43R54GK5XS6G9H7 vary Accept-Encoding,User-Agent x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 access-control-allow-origin http://www.itechpost.com access-control-allow-credentials true permissions-policy interest-cohort=() strict-transport-security max-age=47474747; includeSubDomains; preload timing-allow-origin * content-length 23 x-amz-cf-id 8R07FV3sMTGbLsOU8UoYTkxSbjRSnqM4filEJZVbN9gvPbqseSdqZQ==
GET H/1.1	200 OK	aps_csm.js Show response c.amazon-adsystem.com/bao-csm/aps-comm/	6 KB 3 KB	28ms 22ms	XHR application/javascript	13.226.132.202 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js Requested by Host: c.amazon-adsystem.com URL: http://c.amazon-adsystem.com/aax2/apstag.js Protocol HTTP/1.1 Server 13.226.132.202 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-132-202.dus51.r.cloudfront.net Software AmazonS3 / Resource Hash 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Wed, 29 Sep 2021 19:43:56 GMT Content-Encoding gzip Vary Accept-Encoding,Origin Age 34676 Transfer-Encoding chunked X-Edge-Origin-Shield-Skipped 0 X-Cache Hit from cloudfront Connection keep-alive Access-Control-Allow-Origin * Last-Modified Tue, 07 Sep 2021 22:15:56 GMT Server AmazonS3 ETag W/"a4d296427fc806b21335359e398c025c" Access-Control-Max-Age 3000 Access-Control-Allow-Methods GET x-amz-version-id S8kNCKkikutwvs4V44q0sFuZ4JNc9Ate Via 1.1 77d8cf253666facea1bbe67902fcbbc1.cloudfront.net (CloudFront) Cache-Control public, max-age=86400 X-Amz-Cf-Pop DUS51-C1 Content-Type application/javascript X-Amz-Cf-Id 2Y4G0KaeojNx8ws8wHPzvbNODH2dzQvVehx2aJ63I31HwAEKieejFg==
GET H2	200	rules-p-QzXvCmyt3qj48.js Show response rules.quantcount.com/ Redirect Chain http://rules.quantcount.com/rules-p-QzXvCmyt3qj48.js https://rules.quantcount.com/rules-p-QzXvCmyt3qj48.js	2 B 379 B	41ms 17ms	Script application/javascript	2600:9000:2182:6600:6:44e3:f8c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-QzXvCmyt3qj48.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2182:6600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 04:42:07 GMT via 1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-C1 server AmazonS3 age 2383 x-edge-origin-shield-skipped 0 content-type application/javascript access-control-allow-origin * cache-control max-age=3600 cross-origin-resource-policy cross-origin x-cache Hit from cloudfront access-control-allow-methods GET content-length 2 x-amz-cf-id p8jOl0StLgH0wUOPveLOwhTghvuZvzTIagY75DJwTMkCjB_JvdYr0w== Redirect headers Date Thu, 30 Sep 2021 05:21:51 GMT Via 1.1 3b811cf25a4fdc818f7cfcb16b38d622.cloudfront.net (CloudFront) Server CloudFront X-Amz-Cf-Pop DUS51-C1 X-Cache Redirect from cloudfront Content-Type text/html Location https://rules.quantcount.com/rules-p-QzXvCmyt3qj48.js Connection keep-alive Content-Length 183 X-Amz-Cf-Id 7EYPYDbaIUlMyeyfQO4O1T8CdlH1iaLPIoEOH8276-3LKeTNGNbBHw==
GET H2	200	b2 sb.scorecardresearch.com/ Redirect Chain https://sb.scorecardresearch.com/b?c1=2&c2=14401431&ns__t=1632979311455&ns_c=UTF-8&cv=3.5&c8=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%... https://sb.scorecardresearch.com/b2?c1=2&c2=14401431&ns__t=1632979311455&ns_c=UTF-8&cv=3.5&c8=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop...	64 B 330 B	15ms 14ms	Image image/gif	13.226.145.6 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://sb.scorecardresearch.com/b2?c1=2&c2=14401431&ns__t=1632979311455&ns_c=UTF-8&cv=3.5&c8=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You%20%7C%20iTech%20Post&c7=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&c9= Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.145.6 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-145-6.dus51.r.cloudfront.net Software / Resource Hash 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 877a7509af39a63279b2520fa0b455fa.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-C1 etag W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg" x-cache Miss from cloudfront content-type image/gif; charset=utf-8 content-length 64 x-amz-cf-id SA3prnZbGfQmdE8yiFdsKL38q_oEdO3UJuzc3AtOOllqhZY1NYo9vw== Redirect headers date Thu, 30 Sep 2021 05:21:51 GMT via 1.1 877a7509af39a63279b2520fa0b455fa.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-C1 vary Accept x-cache Miss from cloudfront content-type text/plain; charset=utf-8 location https://sb.scorecardresearch.com/b2?c1=2&c2=14401431&ns__t=1632979311455&ns_c=UTF-8&cv=3.5&c8=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You%20%7C%20iTech%20Post&c7=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&c9= content-length 430 x-amz-cf-id 9hyEN-RYQrSr8VvQg7JGNrjdJmDvbf9UEFgQqDSJYIuwhkmyAedyng==
GET H2	200	www-player-webp.css www.youtube.com/s/player/d82ca80e/ Frame DE65	330 KB 45 KB	13ms 12ms	Stylesheet text/css	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/d82ca80e/www-player-webp.css Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 98246f79b1495fa4d547fc6bdff6a3de6cf8064d5cb9e5d877adee9171a7f99d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/c-Ur5MKo-KE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 29 Sep 2021 08:50:52 GMT content-encoding br x-content-type-options nosniff age 73859 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 46472 x-xss-protection 0 last-modified Sat, 25 Sep 2021 00:00:24 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Thu, 29 Sep 2022 08:50:52 GMT
GET H2	200	www-embed-player.js Show response www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/ Frame DE65	201 KB 66 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/www-embed-player.js Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 045fd4ce57343257588e028026d314db88e7cc03aa84ec98ead1197bafe8c598 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/c-Ur5MKo-KE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 29 Sep 2021 06:17:32 GMT content-encoding br x-content-type-options nosniff age 83059 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 67318 x-xss-protection 0 last-modified Sat, 25 Sep 2021 00:00:24 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Thu, 29 Sep 2022 06:17:32 GMT
GET H2	200	base.js Show response www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/ Frame DE65	2 MB 506 KB	16ms 15ms	Script text/javascript	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8ac79395ad2c8c0efaf5a734544089eab4a8dce163f3b97f86d08921df5faafb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/c-Ur5MKo-KE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Sat, 25 Sep 2021 01:30:23 GMT content-encoding br x-content-type-options nosniff age 445888 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 518228 x-xss-protection 0 last-modified Sat, 25 Sep 2021 00:00:24 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Sun, 25 Sep 2022 01:30:23 GMT
GET H2	200	fetch-polyfill.js Show response www.youtube.com/s/player/d82ca80e/fetch-polyfill.vflset/ Frame DE65	8 KB 3 KB	10ms 9ms	Script text/javascript	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/d82ca80e/fetch-polyfill.vflset/fetch-polyfill.js Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/c-Ur5MKo-KE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 29 Sep 2021 16:05:38 GMT content-encoding br x-content-type-options nosniff age 47773 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2830 x-xss-protection 0 last-modified Sat, 25 Sep 2021 00:00:24 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Thu, 29 Sep 2022 16:05:38 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame DE65	15 KB 15 KB	33ms 7ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.youtube.com/ Origin https://www.youtube.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 27 Sep 2021 19:58:13 GMT x-content-type-options nosniff age 206618 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 27 Sep 2022 19:58:13 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	29ms 7ms	Script text/javascript	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-31773140-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 2094 date Thu, 30 Sep 2021 04:46:57 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Thu, 30 Sep 2021 06:46:57 GMT
GET H2	200	id Show response googleads.g.doubleclick.net/pagead/ Frame DE65 Redirect Chain https://googleads.g.doubleclick.net/pagead/id https://googleads.g.doubleclick.net/pagead/id?slf_rd=1	113 B 473 B	329ms 28ms	XHR application/json	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/id?slf_rd=1 Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ea08f8c0c405d5e14ab363a5c1c448d66211d219610b2879b0ae2c5dc406c9f3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 133 x-xss-protection 0 pragma no-cache server cafe content-type application/json; charset=UTF-8 access-control-allow-origin https://www.youtube.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Thu, 30 Sep 2021 05:21:51 GMT x-content-type-options nosniff access-control-allow-origin https://www.youtube.com p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 pragma no-cache server cafe content-type text/html; charset=UTF-8 location https://googleads.g.doubleclick.net/pagead/id?slf_rd=1 cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ad_status.js Show response static.doubleclick.net/instream/ Frame DE65	29 B 424 B	45ms 7ms	Script text/javascript	2a00:1450:4001:82b::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://static.doubleclick.net/instream/ad_status.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/www-embed-player.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:15:05 GMT x-content-type-options nosniff last-modified Thu, 12 Dec 2013 23:40:16 GMT server sffe age 406 content-type text/javascript access-control-allow-origin * cache-control public, max-age=900 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 29 x-xss-protection 0 expires Thu, 30 Sep 2021 05:30:05 GMT
GET H/1.1	200 OK	in.php Show response in.getclicky.com/	138 B 684 B	322ms 297ms	Script text/javascript	198.145.13.13 DF-PTL01
General Check archive.org Show headers Download Go to Full URL http://in.getclicky.com/in.php?site_id=66593558&type=pageview&href=%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&title=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You&res=1600x1200&lang=en&jsuid=872190229&mime=js&x=0.8978541159077174 Requested by Host: static.getclicky.com URL: http://static.getclicky.com/js Protocol HTTP/1.1 Server 198.145.13.13 Portland, United States, ASN2044 (DF-PTL01, US), Reverse DNS getclicky.com Software nginx / Resource Hash 48f560ed8edcf7a163febe7882fac902f30c9b389fffdc7a46f6da8eab941646 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:51 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding, Accept-Encoding Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control no-cache, must-revalidate, post-check=0, pre-check=0 Transfer-Encoding chunked Connection close Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H2	200	remote.js Show response www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/ Frame DE65	95 KB 29 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/remote.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 62b97aca219dc9aa7b073a1871afc7e9af2f5beea5df283c94841f53a264042c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/c-Ur5MKo-KE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Sat, 25 Sep 2021 01:30:29 GMT content-encoding br x-content-type-options nosniff age 445882 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 29952 x-xss-protection 0 last-modified Sat, 25 Sep 2021 00:00:24 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Sun, 25 Sep 2022 01:30:29 GMT
GET H2	200	ySIUQvk5GAKWp7RJKF5OyVe9ZkTQkmns_YoJWAMMFa4.js Show response www.google.com/js/th/ Frame DE65	35 KB 14 KB	29ms 7ms	Script text/javascript	2a00:1450:4001:813::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/js/th/ySIUQvk5GAKWp7RJKF5OyVe9ZkTQkmns_YoJWAMMFa4.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c9221442f939180296a7b449285e4ec957bd6644d09269ecfd8a0958030c15ae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 29 Sep 2021 04:37:57 GMT content-encoding br x-content-type-options nosniff age 89034 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13291 x-xss-protection 0 last-modified Mon, 20 Sep 2021 23:00:00 GMT server sffe vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="botguard-scs" expires Thu, 29 Sep 2022 04:37:57 GMT
GET H2	200	embed.js Show response www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/ Frame DE65	25 KB 7 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/embed.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5cf2d602e6a7b16bf2a0b1866e945e014d8d08ecb9603a36943b8da90499a96e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/c-Ur5MKo-KE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 28 Sep 2021 21:55:58 GMT content-encoding br x-content-type-options nosniff age 113153 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7358 x-xss-protection 0 last-modified Sat, 25 Sep 2021 00:00:24 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Wed, 28 Sep 2022 21:55:58 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 146 B	14ms 14ms	XHR text/plain	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1942462227&t=pageview&_s=1&dl=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&ul=en-us&de=UTF-8&dt=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You%20%7C%20iTech%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBAAUABAAAAAC~&jid=54459055&gjid=1667013159&cid=1357978452.1632979312&tid=UA-31773140-1&_gid=690692136.1632979312&_r=1&gtm=2ou9r0&z=1523511541 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://www.itechpost.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:51 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin http://www.itechpost.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	collect www.google-analytics.com/	35 B 194 B	7ms 7ms	Image image/gif	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j93&a=1942462227&t=event&_s=2&dl=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&ul=en-us&de=UTF-8&dt=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You%20%7C%20iTech%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=article&ea=article3&_u=4GBAAUABAAAAAC~&jid=&gjid=&cid=1357978452.1632979312&tid=UA-31773140-1&_gid=690692136.1632979312&gtm=2ou9r0&cd1=Czarina%20Grace&cd2=News&cd3=Tech&cd4=article&cd5=&cd6=107166&z=1097197845 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Wed, 29 Sep 2021 07:05:48 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 80163 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated / Frame DE65	175 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET H2	200	AKedOLRhTf_EOX5WqFehXGgn7AEno6w41bPlnN1ILMXpsw=s68-c-k-c0x00ffffff-no-rj yt3.ggpht.com/ytc/ Frame DE65	4 KB 5 KB	31ms 7ms	Image image/jpeg	2a00:1450:4001:82f::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://yt3.ggpht.com/ytc/AKedOLRhTf_EOX5WqFehXGgn7AEno6w41bPlnN1ILMXpsw=s68-c-k-c0x00ffffff-no-rj Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash 2d079d4b9987d134d6ace5d24ff25c28230ae4464e4453bf3212c2f7e66ad741 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 03:46:17 GMT x-content-type-options nosniff age 5734 content-disposition inline;filename="unnamed.jpg" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4471 x-xss-protection 0 server fife etag "v373" vary Origin content-type image/jpeg access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=86400, no-transform timing-allow-origin * expires Mon, 06 Sep 2021 08:00:03 GMT
GET H2	200	maxresdefault.jpg i.ytimg.com/vi/c-Ur5MKo-KE/ Frame DE65	142 KB 143 KB	138ms 95ms	Image image/jpeg	2a00:1450:4001:801::2016 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://i.ytimg.com/vi/c-Ur5MKo-KE/maxresdefault.jpg Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1936b1ecadb4debe31e097d326211d5e0c4805974b59d07332a9c2bbff295526 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT x-content-type-options nosniff server sffe etag "1625203525" vary Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type image/jpeg cache-control public, max-age=7200 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 145408 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Thu, 30 Sep 2021 07:21:51 GMT
GET H2	200	pixel;r=453145742;rf=0;a=p-QzXvCmyt3qj48;url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm;uh=1e... pixel.quantserve.com/ Redirect Chain http://pixel.quantserve.com/pixel;r=453145742;rf=0;a=p-QzXvCmyt3qj48;url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-... https://pixel.quantserve.com/pixel;r=453145742;rf=0;a=p-QzXvCmyt3qj48;url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop...	35 B 372 B	30ms 11ms	Image image/gif	2620:116:800d:21:8c6e:cf2c:8d6:9fb5 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.quantserve.com/pixel;r=453145742;rf=0;a=p-QzXvCmyt3qj48;url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm;uh=1ebb899bafb5;uht=0;fpan=1;fpa=P0-986962621-1632979311749;pbc=;ns=0;ce=1;qjs=1;qv=00a3769c-20210929173447;cm=;gdpr=0;ref=;d=itechpost.com;je=0;sr=1600x1200x24;dst=0;et=1632979311749;tzo=0;ogl=type.article%2Curl.https%3A%2F%2Fwww%252Eitechpost%252Ecom%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-c%2Csite_name.iTech%20Post%2Cimage.https%3A%2F%2F1401700980%252Ersc%252Ecdn77%252Eorg%2Fdata%2Fimages%2Ffull%2F101857%2Fnew-microsoft-malware-c%2Ctitle.New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%252C%20Sensitive%20Info%3A%20How%20to%20Stop%20Fo%2Cdescription.Remember%20the%20SolarWinds%20hack%3F%20Microsoft%20recently%20discovered%20another%20piece%20of%20mal Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:51 GMT strict-transport-security max-age=86400 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" cache-control private, no-cache, no-store, proxy-revalidate content-type image/gif content-length 35 expires Fri, 04 Aug 1978 12:00:00 GMT Redirect headers Location https://pixel.quantserve.com/pixel;r=453145742;rf=0;a=p-QzXvCmyt3qj48;url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm;uh=1ebb899bafb5;uht=0;fpan=1;fpa=P0-986962621-1632979311749;pbc=;ns=0;ce=1;qjs=1;qv=00a3769c-20210929173447;cm=;gdpr=0;ref=;d=itechpost.com;je=0;sr=1600x1200x24;dst=0;et=1632979311749;tzo=0;ogl=type.article%2Curl.https%3A%2F%2Fwww%252Eitechpost%252Ecom%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-c%2Csite_name.iTech%20Post%2Cimage.https%3A%2F%2F1401700980%252Ersc%252Ecdn77%252Eorg%2Fdata%2Fimages%2Ffull%2F101857%2Fnew-microsoft-malware-c%2Ctitle.New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%252C%20Sensitive%20Info%3A%20How%20to%20Stop%20Fo%2Cdescription.Remember%20the%20SolarWinds%20hack%3F%20Microsoft%20recently%20discovered%20another%20piece%20of%20mal Date Thu, 30 Sep 2021 05:21:51 GMT Cache-Control private, no-transform, max-age=86400 Connection keep-alive Content-Length 0 Expires Fri, 01 Oct 2021 05:21:51 GMT
GET H2	200	teads-format.min.js Show response s8t.teads.tv/media/format/v3/	597 KB 131 KB	85ms 7ms	Script text/javascript	2a02:26f0:6c00:191::26e5 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s8t.teads.tv/media/format/v3/teads-format.min.js Requested by Host: a.teads.tv URL: http://a.teads.tv/page/82542/tag Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:6c00:191::26e5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b629997ea0945ffd710c295f3d869814e318a6069196d1374ed1fe1a07ce5fba Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding br vary Accept-Encoding x-amz-request-id 10V94SNXM4RP99F7 content-length 133197 x-amz-id-2 +qExSbv0mNkpM9TtSWDUqrZkd1fZNDGigqxr+xa79Epd7vLuFYnPLBW/R7+Vv3kkzjwHvV+OAIg= last-modified Thu, 23 Sep 2021 09:50:13 GMT etag "9a1420e621e2a47e2541b2740d3b20be" access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/javascript;charset=utf-8 access-control-allow-origin * cache-control private, must-revalidate, max-age=1800, no-transform access-control-allow-credentials false x-bucket 9 accept-ranges bytes access-control-allow-headers * expires Thu, 30 Sep 2021 05:51:51 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 464 B	45ms 16ms	XHR text/plain	2a00:1450:400c:c0c::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-31773140-1&cid=1357978452.1632979312&jid=54459055&gjid=1667013159&_gid=690692136.1632979312&_u=4GBAAUAAAAAAAC~&z=588930439 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://www.itechpost.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Thu, 30 Sep 2021 05:21:51 GMT content-type text/plain access-control-allow-origin http://www.itechpost.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	200 OK	/ reporting.powerad.ai/	2 B 412 B	556ms 102ms	Ping text/plain	54.234.151.247 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://reporting.powerad.ai/ Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-234-151-247.compute-1.amazonaws.com Software nginx/1.14.0 (Ubuntu) / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Referer http://www.itechpost.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Thu, 30 Sep 2021 05:21:52 GMT Server nginx/1.14.0 (Ubuntu) X-Powered-By Express ETag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Access-Control-Allow-Methods GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type text/plain; charset=utf-8 Access-Control-Allow-Origin * Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 2
GET H2	200	pbjs_wrapper.v1.0.js Show response hb.brainlyads.com/ Frame 3C22	61 KB 14 KB	313ms 96ms	Script application/javascript	23.20.158.212 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://hb.brainlyads.com/pbjs_wrapper.v1.0.js Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-20-158-212.compute-1.amazonaws.com Software nginx/1.10.3 (Ubuntu) / Resource Hash 368c94f8a26ed6a99ca46c4b565e4f2586994d513b47e35cf17cd9a01c423251 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT content-encoding gzip last-modified Wed, 22 Sep 2021 18:35:05 GMT server nginx/1.10.3 (Ubuntu) etag W/"614b7759-f5ff" vary Accept-Encoding content-type application/javascript cache-control max-age=86400 strict-transport-security max-age=31536000; includeSubDomains; preload expires Fri, 01 Oct 2021 05:21:52 GMT
GET H2	200	pbjs_wrapper.v1.1.js Show response hb.brainlyads.com/ Frame 3BBE	63 KB 14 KB	403ms 192ms	Script application/javascript	23.20.158.212 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://hb.brainlyads.com/pbjs_wrapper.v1.1.js Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-20-158-212.compute-1.amazonaws.com Software nginx/1.10.3 (Ubuntu) / Resource Hash 62a241b5bb0abbb690e5fca0412be810b9c22316fbb958c6a9539df6fab09c58 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT content-encoding gzip last-modified Wed, 22 Sep 2021 18:35:05 GMT server nginx/1.10.3 (Ubuntu) etag W/"614b7759-fbe5" vary Accept-Encoding content-type application/javascript strict-transport-security max-age=31536000; includeSubDomains; preload
GET H/1.1	200 OK	/ Show response powerad.ai/pubPls/	4 KB 2 KB	289ms 99ms	XHR text/html	18.211.226.152 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://powerad.ai/pubPls/?width=1600&url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 18.211.226.152 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-211-226-152.compute-1.amazonaws.com Software nginx/1.10.3 (Ubuntu) / Express Resource Hash 92fff3726c37a6a330135e43f766fa1bef2109b612760f7d976a3d9b16c4f787 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:52 GMT Content-Encoding gzip Server nginx/1.10.3 (Ubuntu) Transfer-Encoding chunked X-Powered-By Express ETag W/"111c-ztJ2HzriyvVtga2l3ULx0Fhg7Js" Vary Accept-Encoding Content-Type text/html; charset=utf-8 Access-Control-Allow-Origin http://www.itechpost.com Access-Control-Allow-Credentials true Connection close Access-Control-Allow-Headers *
GET H2	200	cast_sender.js Show response www.gstatic.com/cv/js/sender/v1/ Frame DE65	4 KB 3 KB	39ms 16ms	Script text/javascript	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/cv/js/sender/v1/cast_sender.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2007 x-xss-protection 0 last-modified Tue, 16 Feb 2021 23:57:06 GMT server sffe vary Accept-Encoding report-to {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="cloudview" expires Thu, 30 Sep 2021 05:21:51 GMT
GET H2	204	generate_204 www.youtube.com/ Frame DE65	0 39 B	8ms 6ms	Image text/plain	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.youtube.com/generate_204?mvXX5A Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/c-Ur5MKo-KE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/c-Ur5MKo-KE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:51 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H2	200	ga-audiences www.google.com/ads/	42 B 293 B	22ms 20ms	Image image/gif	2a00:1450:4001:813::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-31773140-1&cid=1357978452.1632979312&jid=54459055&_u=4GBAAUAAAAAAAC~&z=2136794237 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:51 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 522 B	41ms 18ms	Image image/gif	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-31773140-1&cid=1357978452.1632979312&jid=54459055&_u=4GBAAUAAAAAAAC~&z=2136794237 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:51 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	showads.js Show response ads.anura.io/	0 489 B	41ms 18ms	XHR application/javascript	13.226.145.10 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://ads.anura.io/showads.js?598744261762 Requested by Host: script.anura.io URL: https://script.anura.io/request.js?instance=2238638024&source=itechpost&campaign=tech%2Farticles&exid=anura_itechpost_1419974665853&callback=_anuraResFun&108478930276 Protocol HTTP/1.1 Server 13.226.145.10 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-145-10.dus51.r.cloudfront.net Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Wed, 29 Sep 2021 11:55:00 GMT Via 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront) Server nginx Age 62811 Transfer-Encoding chunked X-Edge-Origin-Shield-Skipped 0 Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Connection keep-alive X-Amz-Cf-Pop DUS51-C1 X-Cache Hit from cloudfront Access-Control-Allow-Methods GET X-Amz-Cf-Id ZKHdNS-rz0zJOjemNG-Hy5nuNtbdBM_-yYVPWtJm9gYGirESAR5cQg==
GET H2	200	track t.teads.tv/	23 B 113 B	101ms 47ms	Image image/gif	2.18.232.7 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://t.teads.tv/track?action=placementCall&env=js-web&auctid=30fab861-b44e-45ff-8267-a1943c8b4299&pageId=82542&pid=89354&debug_metadata=xtJmcAyKqr&fv=872&ts=1632979311939&f=1&referer=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-232-7.deploy.static.akamaitechnologies.com Software / Resource Hash 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cache-control private, max-age=3666 content-length 23 content-type image/gif
GET H2	200	track t.teads.tv/	23 B 143 B	115ms 61ms	Image image/gif	2.18.232.7 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://t.teads.tv/track?action=slotAvailable&env=js-web&auctid=30fab861-b44e-45ff-8267-a1943c8b4299&pageId=82542&pid=89354&slot=polymorph&fv=872&ts=1632979311948&f=1&referer=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-232-7.deploy.static.akamaitechnologies.com Software / Resource Hash 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cache-control max-age=0, no-cache, no-store expires Sat, 26 Jul 1997 05:00:00 GMT content-length 23 content-type image/gif
GET H2	200	ad Show response a.teads.tv/page/82542/	511 B 548 B	85ms 85ms	XHR application/json	2.18.232.7 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://a.teads.tv/page/82542/ad?windowWidth=1600&windowHeight=1200&windowDepth=1&windowReferrerUrl=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&page=%7B%22id%22%3A82542%2C%22placements%22%3A%5B%7B%22id%22%3A89354%2C%22validity%22%3A%7B%22status%22%3Atrue%2C%22reasons%22%3A%5B%5D%7D%2C%22player%22%3A%7B%22width%22%3A870%2C%22height%22%3A489%7D%2C%22slotType%22%3A%22polymorph%22%7D%5D%2C%22gdpr_iab%22%3A%7B%22reason%22%3A220%2C%22status%22%3A22%2C%22consent%22%3A%22%22%2C%22apiVersion%22%3Anull%2C%22cmpId%22%3Anull%7D%2C%22segments%22%3A%7B%22permutive%22%3Anull%7D%7D&auctid=30fab861-b44e-45ff-8267-a1943c8b4299&formatVersion=872&env=js-web&netBw=9.2&ttfb=191 Requested by Host: s8t.teads.tv URL: https://s8t.teads.tv/media/format/v3/teads-format.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-232-7.deploy.static.akamaitechnologies.com Software / Resource Hash d83270f392943fdd40e6629de41abb03526b02f867cd56ac1497366ebb32f45e Request headers Accept application/json; charset=UTF-8 Referer http://www.itechpost.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT content-encoding gzip vary Accept-Encoding content-type application/json access-control-allow-origin http://www.itechpost.com cache-control max-age=0, no-cache, no-store access-control-allow-credentials true content-length 340 expires Thu, 30 Sep 2021 05:21:52 GMT
GET H2	200	/ Show response c.mgid.com/pv/	0 280 B	129ms 113ms	Script text/plain	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://c.mgid.com/pv/?pv=5&cbuster=1632979312050372818144&uniqId=0a9d3&childs=1121472&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&lu=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&sessionId=61554970-06301&pageView=1&pvid=17c3526ddb2b2a0c9d5&site=703696&implVersion=11&dpr=1 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true cf-ray 696b029c6f0cbea6-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200	Hc6PdfQeAi.js Show response pixel.zprk.io/v5/pixeljs/	3 KB 3 KB	686ms 167ms	Script text/plain	3.1.182.12 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pixel.zprk.io/v5/pixeljs/Hc6PdfQeAi.js?dne=1 Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 3.1.182.12 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-1-182-12.ap-southeast-1.compute.amazonaws.com Software / Resource Hash 8e521ebeb6ce59914c54f532b1577efd671f4b02bb3c331e01b4a7e79a02cfea Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:52 GMT Access-Control-Allow-Credentials true Access-Control-Allow-Headers Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers Content-Length 2753 Access-Control-Max-Age 3600 Access-Control-Allow-Methods POST, GET, DELETE, PUT Content-Type text/plain;charset=UTF-8
GET H2	200	251 Show response a.ad.gt/api/v1/u/matches/	3 KB 4 KB	514ms 174ms	Script application/javascript	44.227.231.197 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://a.ad.gt/api/v1/u/matches/251?url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&ref= Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.227.231.197 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-227-231-197.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash cf6f4b8c5b18eed769368e791fa74cb1b9cf5a9dbb781bc382caa01d3211e13f Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT server nginx/1.18.0 content-length 3314 content-type application/javascript
POST H/1.1	200 OK	/ reporting.powerad.ai/	2 B 412 B	304ms 101ms	Ping text/plain	54.234.151.247 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://reporting.powerad.ai/ Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-234-151-247.compute-1.amazonaws.com Software nginx/1.14.0 (Ubuntu) / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Referer http://www.itechpost.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Thu, 30 Sep 2021 05:21:52 GMT Server nginx/1.14.0 (Ubuntu) X-Powered-By Express ETag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Access-Control-Allow-Methods GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type text/plain; charset=utf-8 Access-Control-Allow-Origin * Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 2
GET H2	200	MGID_plus.svg cdn.mgid.com/images/logos/	2 KB 1 KB	48ms 22ms	Image image/svg+xml	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.mgid.com/images/logos/MGID_plus.svg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT content-encoding br cf-cache-status HIT age 3526 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id TV9EGYWE00S199ZT x-amz-id-2 PNtXkU1glOZAxPzbk+hlX7OVIWvv4OOWBZOa90rbxDtDjftx3mN+VuI8Xcy/kOUSata9Gcz4dSw= last-modified Tue, 23 Feb 2021 16:22:15 GMT server cloudflare x-amz-meta-s3cmd-attrs atime:1614097325/ctime:1614097325/gid:0/gname:root/md5:f7525f3a5f32c6f4a8e9867e9f57ab45/mode:33206/mtime:1614097325/uid:0/uname:root etag W/"f7525f3a5f32c6f4a8e9867e9f57ab45" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=86400 cf-ray 696b029cbf2cbea6-FRA expires Fri, 01 Oct 2021 05:21:52 GMT
GET H2	200	Adchoices.svg cdn.mgid.com/images/logos/	836 B 904 B	44ms 18ms	Image image/svg+xml	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.mgid.com/images/logos/Adchoices.svg Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT content-encoding br cf-cache-status HIT age 5378 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id 50VWJQBT5W4QYKJG x-amz-id-2 xhXkWrQ90G/ebA55GK4VP5V6mncDrGDeipe5cahYa8kJ+JMUWbxTCzXMUo5ci9AAJm/Ct0tTCXE= last-modified Wed, 17 Feb 2021 18:15:53 GMT server cloudflare x-amz-meta-s3cmd-attrs atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root etag W/"7d59364b7ed2df3f02507c9f92560df9" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=86400 cf-ray 696b029cbf2dbea6-FRA expires Fri, 01 Oct 2021 05:21:52 GMT
GET H/1.1	200 OK	pwt.js Show response ads.pubmatic.com/AdServer/js/pwt/157577/2378// Frame 3C22	175 KB 57 KB	14ms 10ms	Script text/javascript	2.18.233.180 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL http://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-180.deploy.static.akamaitechnologies.com Software Apache/2.2.15 (CentOS) / Resource Hash 4f755dc598f2431fd9096811c85fa8483838e86824d658199ce03a13de765cd7 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:52 GMT Content-Encoding gzip Last-Modified Tue, 17 Aug 2021 18:51:36 GMT Server Apache/2.2.15 (CentOS) ETag "10a1110-2bd37-5c9c5cea2ce36" Vary Accept-Encoding P3P CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" Cache-Control public, max-age=153724 Connection keep-alive Accept-Ranges bytes Content-Type text/javascript Content-Length 57427 Expires Sat, 02 Oct 2021 00:03:56 GMT
GET H/1.1	200 OK	pwt.js Show response ads.pubmatic.com/AdServer/js/pwt/157577/2378// Frame 3BBE	175 KB 57 KB	14ms 10ms	Script text/javascript	2.18.233.180 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL http://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Server 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-180.deploy.static.akamaitechnologies.com Software Apache/2.2.15 (CentOS) / Resource Hash 4f755dc598f2431fd9096811c85fa8483838e86824d658199ce03a13de765cd7 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:52 GMT Content-Encoding gzip Last-Modified Tue, 17 Aug 2021 18:51:36 GMT Server Apache/2.2.15 (CentOS) ETag "10a1110-2bd37-5c9c5cea2ce36" Vary Accept-Encoding P3P CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" Cache-Control public, max-age=153724 Connection keep-alive Accept-Ranges bytes Content-Type text/javascript Content-Length 57427 Expires Sat, 02 Oct 2021 00:03:56 GMT
POST H2	200	response.json Show response script.anura.io/	80 B 430 B	115ms 69ms	XHR application/json	18.133.97.68 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.anura.io/response.json Requested by Host: script.anura.io URL: https://script.anura.io/request.js?instance=2238638024&source=itechpost&campaign=tech%2Farticles&exid=anura_itechpost_1419974665853&callback=_anuraResFun&108478930276 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.133.97.68 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-133-97-68.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash e81c298fc523e765bd24629f75ed055c74f889c94550baa2bd221e24964848a8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://www.itechpost.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding access-control-allow-methods POST content-type application/json; charset=utf-8 access-control-allow-origin * cache-control private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 expires Sun, 28 Dec 1980 18:57:00 EST
GET H2	200	prebid.js Show response hb.brainlyads.com/ Frame 3C22	462 KB 142 KB	100ms 100ms	Script application/javascript	23.20.158.212 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://hb.brainlyads.com/prebid.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-20-158-212.compute-1.amazonaws.com Software nginx/1.10.3 (Ubuntu) / Resource Hash c9057126ea1f0a44bc850d540403adfad8b718b55ff27b768087585c32a7c4fd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT content-encoding gzip last-modified Wed, 22 Sep 2021 18:32:40 GMT server nginx/1.10.3 (Ubuntu) etag W/"614b76c8-736dd" vary Accept-Encoding content-type application/javascript cache-control max-age=86400 strict-transport-security max-age=31536000; includeSubDomains; preload expires Fri, 01 Oct 2021 05:21:52 GMT
GET H2	200	prebid.js Show response hb.brainlyads.com/ Frame 3BBE	462 KB 142 KB	283ms 283ms	Script application/javascript	23.20.158.212 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://hb.brainlyads.com/prebid.js Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-20-158-212.compute-1.amazonaws.com Software nginx/1.10.3 (Ubuntu) / Resource Hash c9057126ea1f0a44bc850d540403adfad8b718b55ff27b768087585c32a7c4fd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT content-encoding gzip last-modified Wed, 22 Sep 2021 18:32:40 GMT server nginx/1.10.3 (Ubuntu) etag W/"614b76c8-736dd" vary Accept-Encoding content-type application/javascript cache-control max-age=86400 strict-transport-security max-age=31536000; includeSubDomains; preload expires Fri, 01 Oct 2021 05:21:52 GMT
GET H2	200	1 Show response servicer.mgid.com/1119397/	4 KB 2 KB	93ms 70ms	Script application/x-javascript	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://servicer.mgid.com/1119397/1?pv=5&cbuster=1632979312367302062373&uniqId=0a9d3&childs=1121472&niet=4g&nisd=false&jsv=es6&w=670&h=497&p3_w=216&p3_h=208&maxw_3=216&maxh_3=208&cols=3&ref=&cxurl=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&lu=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&sessionId=61554970-06301&pageView=1&pvid=17c3526ddb2b2a0c9d5&implVersion=11&dpr=1 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bb935552499ce7900d33225efb4df39ad6f61ee11f707318a44a90cb219606d8 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT content-encoding br cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type application/x-javascript; charset=utf-8 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true cf-ray 696b029e7f7dbea6-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzIwOWY0ODAyNmU2NjY1ZjAzMWRlZDMyNzE5ZWI1ZmEwLmpwZw.webp s-img.mgid.com/g/8164883/492x277/0x0x492x328/	11 KB 11 KB	75ms 30ms	Image image/webp	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/8164883/492x277/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzIwOWY0ODAyNmU2NjY1ZjAzMWRlZDMyNzE5ZWI1ZmEwLmpwZw.webp?v=1632979312-gUbkiAayEDCcF5cP4WYFK7tngRm7oCOldkMPa6q75oI Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1a4439966cf3114fcfbe92d56d21b21810b5f3a0f138032a7e665113f2c754a7 Request headers Referer http://www.itechpost.com/ Origin http://www.itechpost.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status HIT last-modified Tue, 11 May 2021 11:21:57 GMT x-mg-request-uuid 5f18f2d4-ee0a-46bb-9ea0-88209be827a9 age 1286240 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 696b029f4f3342e7-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 10766 server cloudflare
GET H2	200	aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp s-img.mgid.com/g/8164865/492x277/0x0x900x600/	19 KB 19 KB	67ms 22ms	Image image/webp	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/8164865/492x277/0x0x900x600/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp?v=1632979312-Bp_CmyyZYoCJNAFFrMSkYRoA-J0fZ76JK8VlkARjJ4g Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d50c76f222ed812d0aef55d3b7fe52f4ea68565e14496a8d8e52fb290be7bc3e Request headers Referer http://www.itechpost.com/ Origin http://www.itechpost.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status HIT last-modified Tue, 11 May 2021 10:37:29 GMT x-mg-request-uuid ed78eb42-23eb-4893-aa57-9c8038432863 age 256415 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 696b029f4f3642e7-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 19190 server cloudflare
GET H2	200	aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC8zNjMwNThmNGE5ZDNhOTI3ZjczOWIyZWQzNmYzNjkwNi5qcGVn.webp s-img.mgid.com/g/8193537/492x277/0x168x510x340/	41 KB 42 KB	61ms 17ms	Image image/webp	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/8193537/492x277/0x168x510x340/aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC8zNjMwNThmNGE5ZDNhOTI3ZjczOWIyZWQzNmYzNjkwNi5qcGVn.webp?v=1632979312-6bCZ2FwRc0wV7ST9pZbRWg4achgPCGT4yD_OYgeQD0E Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f144441391ff81772d6f60ba9138e81f0a78f76739f2d123aa6d09cca8920f66 Request headers Referer http://www.itechpost.com/ Origin http://www.itechpost.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status HIT last-modified Tue, 11 May 2021 10:33:43 GMT x-mg-request-uuid 836587c9-0f15-4de1-bbb9-aae8fbb49871 age 247763 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 696b029f4f3842e7-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 42384 server cloudflare
GET H2	200	aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDUvMTAxOTI0LzA2ZWM0NWZkMzdjZmYxNTI4MzVjNjEzMDMxMmE5NjYxLmpwZWc.webp s-img.mgid.com/g/8164884/492x277/0x0x1001x667/	19 KB 19 KB	67ms 22ms	Image image/webp	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/8164884/492x277/0x0x1001x667/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDUvMTAxOTI0LzA2ZWM0NWZkMzdjZmYxNTI4MzVjNjEzMDMxMmE5NjYxLmpwZWc.webp?v=1632979312-fP7bvX1VI0wRm2HyUU8NNVLGhhlV9rQMrRWxutdowws Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c49c82f3f670e16ab6ad5231d4dba5ccea94142649a946a69d5d7f64a9cfe4cd Request headers Referer http://www.itechpost.com/ Origin http://www.itechpost.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status HIT last-modified Tue, 11 May 2021 10:38:40 GMT x-mg-request-uuid 5895b8cc-af09-4d84-946a-69c1d28058a7 age 256415 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 696b029f4f3942e7-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 18944 server cloudflare
GET H2	200	aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp s-img.mgid.com/g/8164911/492x277/32x5x928x618/	6 KB 6 KB	66ms 22ms	Image image/webp	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/8164911/492x277/32x5x928x618/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp?v=1632979312-dA0KmmLF0l7vsJaKXIFbgisAJNcCKhMExBvvREH1t9Q Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash be634f677ccb5ec45c00ec648b8b47529b36779c1888da92e8a6876f5a8decc7 Request headers Referer http://www.itechpost.com/ Origin http://www.itechpost.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status HIT last-modified Tue, 11 May 2021 10:29:43 GMT x-mg-request-uuid 9903295b-50da-459e-8d22-b45af5f6b068 age 262366 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 696b029f4f3d42e7-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 5990 server cloudflare
GET H2	200	aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDQvMTAxOTI0L2QyODY2NTUxNTI3OGY0ZjM0ZmM4NjhiZWY2MDc5NzYxLmpwZWc.webp s-img.mgid.com/g/8164909/492x277/16x0x492x328/	8 KB 9 KB	60ms 15ms	Image image/webp	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/8164909/492x277/16x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDQvMTAxOTI0L2QyODY2NTUxNTI3OGY0ZjM0ZmM4NjhiZWY2MDc5NzYxLmpwZWc.webp?v=1632979312-GSdduQVlM5MJoWMdSB9TxugrsDzR0O6kB_aiUGab_RA Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 46e6dc322efdbcb1dd558f99027ea33976253f0986ae538c6db660040847adef Request headers Referer http://www.itechpost.com/ Origin http://www.itechpost.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status HIT last-modified Tue, 11 May 2021 10:38:35 GMT x-mg-request-uuid 312f205c-11ab-4fa7-9a9c-de080fdc4f99 age 270403 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 696b029f4f3f42e7-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 8212 server cloudflare
GET H2	200	i.js Show response cm.mgid.com/	2 KB 884 B	93ms 67ms	Script application/javascript	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cm.mgid.com/i.js?&cbuster=1632979312517133653011 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8704a6b4e93695a6d0b754d1cd656dea2c49ffde03eaf89c50409c13e07c4b7b Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT content-encoding br cf-cache-status DYNAMIC x-mg-request-uuid 52031c03-5aca-44c9-a137-92b4c5b6c413 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type application/javascript cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true cf-ray 696b029f6fa6bea6-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 server cloudflare
GET H2	200	i-noref.js Show response cm.mgid.com/ Frame 546E	19 B 227 B	69ms 60ms	Script application/javascript	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cm.mgid.com/i-noref.js?cbuster=1632979312535686686606 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT content-encoding br cf-cache-status DYNAMIC x-mg-request-uuid 3c87e0b1-e904-4ef3-a9f2-8e19ceaf73d3 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type application/javascript cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true cf-ray 696b029f6fa5bea6-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 server cloudflare
GET H2	204	b sb.scorecardresearch.com/	0 339 B	15ms 15ms	Image text/plain	13.226.145.6 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://sb.scorecardresearch.com/b?c1=7&c2=15208452&c3=110&ns__t=1632979312561&ns_c=UTF-8&cv=3.5&c8=New%20Microsoft%20Malware%20Can%20Steal%20Your%20Credentials%2C%20Sensitive%20Info%3A%20How%20to%20Stop%20FoggyWeb%20From%20Attacking%20You%20%7C%20iTech%20Post&c7=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&c9= Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.145.6 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-145-6.dus51.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:52 GMT via 1.1 877a7509af39a63279b2520fa0b455fa.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-C1 etag W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk" x-amz-cf-id j20k8K8vWh52YppKz9xHHww-Fq-zDUpvCllh3vGJDCBFFfWwl_dSgw== x-cache Miss from cloudfront
GET H2	200	haloid Show response aufp.io/api/v1/	6 KB 3 KB	514ms 166ms	Script application/javascript	54.149.90.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://aufp.io/api/v1/haloid Requested by Host: a.ad.gt URL: https://a.ad.gt/api/v1/u/matches/251?url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&ref= Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.149.90.128 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-149-90-128.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash 85e50082d7ce113bfa87dbade18dbf747d1bacfcffdbd628296dcffa98a08f94 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT content-encoding gzip last-modified Thu, 30 Sep 2021 03:32:44 GMT server nginx/1.18.0 etag W/"1632972764.0-6132-2958560116" access-control-allow-methods GET, POST, OPTIONS content-type application/javascript access-control-allow-origin *, * access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range cache-control public, max-age=43200 origin-trial A/KTxPuSXtwcggydvUxw5B4dXspsb2iweedc7KDi2xv9M89MtnOpULTs7DQJVHBxGDV5wj5a3LW9S4ev3WfQkwIAAAB+eyJvcmlnaW4iOiJodHRwczovL2hhbG9mbG9jLmNvbTo0NDMiLCJmZWF0dXJlIjoiSW50ZXJlc3RDb2hvcnRBUEkiLCJleHBpcnkiOjE2MjYyMjA3OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9 access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range expires Thu, 30 Sep 2021 17:21:53 GMT
GET H2	200	251 Show response p.ad.gt/api/v1/p/	25 KB 8 KB	499ms 161ms	Script application/javascript	54.187.25.111 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://p.ad.gt/api/v1/p/251 Requested by Host: a.ad.gt URL: https://a.ad.gt/api/v1/u/matches/251?url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&ref= Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.25.111 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-187-25-111.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash 8027119f899b59c2af3b0ccb2c7d1323fb3891a1235ab54309fe5337b92cd1c6 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT content-encoding gzip last-modified Thu, 30 Sep 2021 03:31:10 GMT server nginx/1.18.0 etag W/"1632972670.0-26098-2710964840" access-control-allow-methods GET, POST, OPTIONS content-type application/javascript access-control-allow-origin * access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range cache-control public, max-age=43200 access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range expires Thu, 30 Sep 2021 17:21:53 GMT
GET H2	200	match ids.ad.gt/api/v1/ Redirect Chain https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&adnxs_id=$UID https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba%26adnxs_id%3D%24UID https://ids.ad.gt/api/v1/match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&adnxs_id=188111995801004360	43 B 562 B	418ms 174ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&adnxs_id=188111995801004360 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT Redirect headers Pragma no-cache Date Thu, 30 Sep 2021 05:21:52 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid a2aa94f3-62ab-466c-aafd-07f8665f65ee Server nginx/1.17.9 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://ids.ad.gt/api/v1/match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&adnxs_id=188111995801004360 Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	t_match ids.ad.gt/api/v1/ Redirect Chain https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=72f2515a-ec9b-4e17-979e-2ad31ea99cba https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=72f2515a-ec9b-4e17-979e-2ad31ea99cba https://ids.ad.gt/api/v1/t_match?tdid=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba	43 B 568 B	358ms 178ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/t_match?tdid=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT Redirect headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" location https://ids.ad.gt/api/v1/t_match?tdid=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba cache-control private,no-cache, must-revalidate content-type text/html content-length 259
GET H2	200	pbm_match ids.ad.gt/api/v1/ Redirect Chain https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba https://ids.ad.gt/api/v1/pbm_match?pbm=3816C3F6-FD09-4DDE-8004-77EF231003B4&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba	43 B 571 B	559ms 318ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/pbm_match?pbm=3816C3F6-FD09-4DDE-8004-77EF231003B4&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT Redirect headers location https://ids.ad.gt/api/v1/pbm_match?pbm=3816C3F6-FD09-4DDE-8004-77EF231003B4&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba date Thu, 30 Sep 2021 05:21:51 GMT cache-control no-store, no-cache, private server nginx p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
GET H2	200	g_match ids.ad.gt/api/v1/ Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&google_tc= https://ids.ad.gt/api/v1/g_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&google_error=3	43 B 179 B	409ms 164ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/g_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&google_error=3 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT Redirect headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://ids.ad.gt/api/v1/g_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&google_error=3 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 288 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	g_match ids.ad.gt/api/v1/ Redirect Chain https://ids.ad.gt/api/v1/g_hosted?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzJmMjUxNWEtZWM5Yi00ZTE3LTk3OWUtMmFkMzFlYTk5Y2Jh https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzJmMjUxNWEtZWM5Yi00ZTE3LTk3OWUtMmFkMzFlYTk5Y2Jh&google_tc= https://ids.ad.gt/api/v1/g_match?google_error=3	43 B 179 B	162ms 162ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/g_match?google_error=3 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT Redirect headers pragma no-cache date Thu, 30 Sep 2021 05:21:53 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://ids.ad.gt/api/v1/g_match?google_error=3 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 244 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	getuid sync.smartadserver.com/ Redirect Chain https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fsmart_match%3Fid%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba%26sas_uid%3D%5bsas_uid%5d https://sync.smartadserver.com/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&sas_uid=[sas_uid]&cklb=1	0 435 B	17ms 16ms	Image text/plain	185.86.138.114 SMARTADSERVER
General Check archive.org Show headers Download Go to Show image Full URL https://sync.smartadserver.com/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&sas_uid=[sas_uid]&cklb=1 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.86.138.114 , France, ASN201081 (SMARTADSERVER, FR), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT cache-control no-cache,no-store content-length 0 p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Redirect headers location https://sync.smartadserver.com:443/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&sas_uid=[sas_uid]&cklb=1 pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT cache-control no-cache,no-store content-length 0 p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
GET H/1.1	200 OK	us sync.go.sonobi.com/	0 478 B	96ms 15ms	Image text/plain	178.162.133.149 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Show image Full URL https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&uid=[UID] Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS ams-1-sync.go.sonobi.com Software sonobi-go / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Pragma no-cache Date Thu, 30 Sep 2021 05:21:52 GMT Server sonobi-go Vary negotiate,Accept-Encoding X-Go-Server xcp-ams-1-7-129 P3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Cache-Control no-cache, no-store, private Tcn Choice Content-Type text/plain; charset=utf8 Content-Length 0 X-Xss-Protection 0 Expires Sat, 26 Jul 1997 05:00:00 GMT
GET H2	200	mediamath_match ids.ad.gt/api/v1/ Redirect Chain https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3D72f2515a-ec9b-4e17-979e-2ad31ea99cba https://ids.ad.gt/api/v1/mediamath_match?user_id=c8df6155-4970-4c00-836a-627e9175fcd3&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba	43 B 483 B	519ms 317ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/mediamath_match?user_id=c8df6155-4970-4c00-836a-627e9175fcd3&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT Redirect headers Date Thu, 30 Sep 2021 05:21:52 GMT Server MT3 3984 0e3af3b master cdg-pixel-x31 config:1.0.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://ids.ad.gt/api/v1/mediamath_match?user_id=c8df6155-4970-4c00-836a-627e9175fcd3&id=72f2515a-ec9b-4e17-979e-2ad31ea99cba Cache-Control no-cache Connection keep-alive Content-Type image/gif Keep-Alive timeout=360 Content-Length 0 Expires Thu, 30 Sep 2021 05:21:51 GMT
GET H/1.1	200 OK	usync.html Show response eus.rubiconproject.com/ Frame 1A01 Redirect Chain https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=eu https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu	281 B 554 B	108ms 7ms	Document text/html	104.117.200.100 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu Requested by Host: cm.mgid.com URL: https://cm.mgid.com/i.js?&cbuster=1632979312517133653011 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-117-200-100.deploy.static.akamaitechnologies.com Software Apache/2.2.15 (CentOS) / Resource Hash 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390 Request headers Host eus.rubiconproject.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer http://www.itechpost.com/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ Response headers Server Apache/2.2.15 (CentOS) Last-Modified Fri, 24 Sep 2021 19:54:05 GMT ETag "40333-119-5ccc31c0f3140" Accept-Ranges bytes Content-Encoding gzip Content-Length 233 Content-Type text/html; charset=UTF-8 Date Thu, 30 Sep 2021 05:21:52 GMT Connection keep-alive Vary Accept-Encoding Redirect headers Server AkamaiGHost Content-Length 0 Location https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu Date Thu, 30 Sep 2021 05:21:52 GMT Connection keep-alive Access-Control-Allow-Credentials true Access-Control-Allow-Origin *
GET H/1.1	200 OK	sync.html Show response s.adtelligent.com/ Frame 5CA0	1 KB 884 B	186ms 24ms	Document text/html	2a0c:5c81:5139::2 24SHELLS
General Check archive.org Show headers Download Go to Full URL https://s.adtelligent.com/sync.html?aid=658327 Requested by Host: cm.mgid.com URL: https://cm.mgid.com/i.js?&cbuster=1632979312517133653011 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a0c:5c81:5139::2 London, United Kingdom, ASN55081 (24SHELLS, US), Reverse DNS Software VertaMedia 1.0 / Resource Hash 16e04bdf6c116d4ad9220245c02b90483beaee2275b489e27d687f3b519d382e Request headers Host s.adtelligent.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer http://www.itechpost.com/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ Response headers Server VertaMedia 1.0 Date Thu, 30 Sep 2021 05:21:52 GMT Content-Type text/html; charset=UTF-8 Content-Length 600 Access-Control-Allow-Origin http://www.itechpost.com Access-Control-Allow-Credentials true Connection Keep-Alive Content-Encoding gzip
GET H2	200	/ cm.lentainform.com/setmuidn/	0 495 B	100ms 57ms	Image image/gif	104.19.217.61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cm.lentainform.com/setmuidn/?muidf=l8tQeG0Z_Dlm Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.217.61 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 696b02a0ba3dd6d9-FRA p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true content-type image/gif alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	m cm.mgid.com/ Redirect Chain https://x.bidswitch.net/sync?ssp=mgid https://x.bidswitch.net/ul_cb/sync?ssp=mgid https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=mgid https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=mgid https://x.bidswitch.net/sync?dsp_id=70&user_id=3921928039039586189&ssp=mgid https://cm.mgid.com/m?cdsp=433145&c=6b42cf17-ffad-4916-9d65-6f6d5bee433c&gdpr=&gdpr_consent=&us_privacy=	43 B 586 B	61ms 60ms	Image image/gif	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cm.mgid.com/m?cdsp=433145&c=6b42cf17-ffad-4916-9d65-6f6d5bee433c&gdpr=&gdpr_consent=&us_privacy= Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status DYNAMIC x-mg-request-uuid fd11a8b9-c904-48e9-86b1-f0aa960e0e92 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type image/gif cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true cf-ray 696b02a1ca254e4f-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 server cloudflare Redirect headers location //cm.mgid.com/m?cdsp=433145&c=6b42cf17-ffad-4916-9d65-6f6d5bee433c&gdpr=&gdpr_consent=&us_privacy= date Thu, 30 Sep 2021 05:21:52 GMT cache-control no-cache, no-store, must-revalidate content-length 0
GET H3	200	m cm.mgid.com/ Redirect Chain https://creativecdn.com/cm-notify?pi=mgid https://creativecdn.com/cm-notify?pi=mgid&tc=1 https://cm.mgid.com/m?cdsp=501037&c=b3QZAt8FaRCI1FWEWFJY&pi=mgid&tc=1	43 B 621 B	57ms 57ms	Image image/gif	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cm.mgid.com/m?cdsp=501037&c=b3QZAt8FaRCI1FWEWFJY&pi=mgid&tc=1 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT cf-cache-status DYNAMIC x-mg-request-uuid f5c1556c-d7e0-4148-9fea-bd4b1678f6b4 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type image/gif cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true cf-ray 696b02a179cd4e4f-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 server cloudflare Redirect headers location https://cm.mgid.com/m?cdsp=501037&c=b3QZAt8FaRCI1FWEWFJY&pi=mgid&tc=1 pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT, Thu, 30 Sep 2021 05:21:52 GMT cache-control no-cache, no-store, must-revalidate, private, max-age=0 content-length 0 expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	match ad.360yield.com/ul_cb/ Redirect Chain https://x.bidswitch.net/sync?dsp_id=303&user_id=l8tQeG0Z_Dlm https://ad.360yield.com/match?publisher_dsp_id=191&external_user_id=6b42cf17-ffad-4916-9d65-6f6d5bee433c https://ad.360yield.com/ul_cb/match?publisher_dsp_id=191&external_user_id=6b42cf17-ffad-4916-9d65-6f6d5bee433c	43 B 444 B	11ms 11ms	Image image/gif	52.58.57.174 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ad.360yield.com/ul_cb/match?publisher_dsp_id=191&external_user_id=6b42cf17-ffad-4916-9d65-6f6d5bee433c Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.58.57.174 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-58-57-174.eu-central-1.compute.amazonaws.com Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers access-control-allow-origin * date Thu, 30 Sep 2021 05:21:53 GMT content-type image/gif content-length 43 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Redirect headers location https://ad.360yield.com/ul_cb/match?publisher_dsp_id=191&external_user_id=6b42cf17-ffad-4916-9d65-6f6d5bee433c date Thu, 30 Sep 2021 05:21:53 GMT content-type text/plain content-length 0 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
GET H3	200	google cm.mgid.com/ Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDh0UWVHMFpfRGxt&muidn=l8tQeG0Z_Dlm https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDh0UWVHMFpfRGxt&muidn=l8tQeG0Z_Dlm&google_tc= https://cm.mgid.com/google?muidn=l8tQeG0Z_Dlm&google_error=3	0 376 B	52ms 52ms	Image text/plain	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cm.mgid.com/google?muidn=l8tQeG0Z_Dlm&google_error=3 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:53 GMT content-encoding br cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type text/plain cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true cf-ray 696b02a23ac34e4f-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Redirect headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://cm.mgid.com/google?muidn=l8tQeG0Z_Dlm&google_error=3 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 261 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ cm.idealmedia.io/setmuidn/	0 412 B	98ms 61ms	Image image/gif	104.16.221.74 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cm.idealmedia.io/setmuidn/?muidf=l8tQeG0Z_Dlm Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.221.74 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:53 GMT cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 696b02a2192f4eaf-FRA p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true content-type image/gif
GET		34b9aae5baa016b251b9fc488f4a97cd.gif sync.e-volution.ai/	0 0
GET H3	200	m cm.mgid.com/ Redirect Chain https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1 https://cm.mgid.com/m?cdsp=371158&c=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&ttl=1635571312	43 B 602 B	52ms 52ms	Image image/gif	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cm.mgid.com/m?cdsp=371158&c=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&ttl=1635571312 Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:53 GMT cf-cache-status DYNAMIC x-mg-request-uuid 1e4d01ed-a27c-4a2f-8560-f2b695034632 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type image/gif cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true cf-ray 696b02a25ae74e4f-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 server cloudflare Redirect headers pragma no-cache date Thu, 30 Sep 2021 05:21:52 GMT x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" location https://cm.mgid.com/m?cdsp=371158&c=bb21d8a5-0cb1-4d53-b1c5-38b4d9ed7612&ttl=1635571312 cache-control private,no-cache, must-revalidate content-type text/html content-length 205
GET H3	200	m cm.mgid.com/ Redirect Chain https://rtb-usw.mfadsrvr.com/sync?ssp=mgid https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid https://cm.mgid.com/m?cdsp=287839&c=d1eb906b-5df9-4662-b9fc-6458d297814e	43 B 617 B	52ms 52ms	Image image/gif	104.19.136.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cm.mgid.com/m?cdsp=287839&c=d1eb906b-5df9-4662-b9fc-6458d297814e Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 05:21:53 GMT cf-cache-status DYNAMIC x-mg-request-uuid 8b869c04-ee0b-4697-b129-7e1a301fc4b5 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" p3p CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" content-type image/gif cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true cf-ray 696b02a698cf4e4f-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 server cloudflare Redirect headers location //cm.mgid.com/m?cdsp=287839&c=d1eb906b-5df9-4662-b9fc-6458d297814e date Thu, 30 Sep 2021 05:21:53 GMT cache-control no-cache, no-store, must-revalidate alt-svc clear content-length 0 via 1.1 google
GET H/1.1	200 OK	usync.js Show response eus.rubiconproject.com/ Frame 1A01	31 KB 10 KB	8ms 8ms	Script text/html	104.117.200.100 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://eus.rubiconproject.com/usync.js Requested by Host: eus.rubiconproject.com URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-117-200-100.deploy.static.akamaitechnologies.com Software Apache/2.2.15 (CentOS) / PHP/5.3.3 Resource Hash 16c55383f3b9c3c5d1571105a923284df4d9670ba630518fdb34c2a57d1e33f5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 30 Sep 2021 05:21:52 GMT Content-Encoding gzip Last-Modified Fri, 24 Sep 2021 16:02:32 GMT Server Apache/2.2.15 (CentOS) X-Powered-By PHP/5.3.3 Vary Accept-Encoding p3p CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT" Cache-Control max-age=66122 Connection keep-alive Content-Type text/html; charset=UTF-8 Content-Length 9355 Expires Thu, 30 Sep 2021 23:43:54 GMT
GET H/1.1	200 OK	khaos.jpg token.rubiconproject.com/ Frame 1A01	284 B 536 B	35ms 9ms	Image image/jpg	69.173.144.138 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://token.rubiconproject.com/khaos.jpg? Requested by Host: eus.rubiconproject.com URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032 Request headers Accept-Language de-DE,de;q=0.9 Referer https://eus.rubiconproject.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" content-length 284 X-RPHost 704c1e4d3fcc922a3031d436b584678b Content-Type image/jpg
GET		csync sync.adtelligent.com/ Frame 5CA0	0 0
GET H2	204	getpixels Show response pixels.ad.gt/api/v1/	0 344 B	510ms 165ms	Script text/plain	54.189.240.181 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pixels.ad.gt/api/v1/getpixels?tagger_id=cef2b6ad962208d4d9c0e0dc33010ba8&url=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&code=%27none%27 Requested by Host: p.ad.gt URL: https://p.ad.gt/api/v1/p/251 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.240.181 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-240-181.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers access-control-allow-origin * date Thu, 30 Sep 2021 05:21:53 GMT server nginx/1.18.0 access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range access-control-allow-methods GET, POST, OPTIONS access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	98 KB 26 KB	24ms 8ms	Script application/x-javascript	2a03:2880:f02d:12:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: p.ad.gt URL: https://p.ad.gt/api/v1/p/251 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 010197d1993c80fa2d28758f166043e0eace7c062d11df8a4bcb342fa8755b53 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 25967 x-xss-protection 0 pragma public x-fb-debug b4rq+TxWeAGvP6msY5RftOHQjAQuYyPduy9CH83uxE8AyOD1vl1BOLOmCLF5Zud5kWRFKEKqdOED80xya4ZfGA== x-fb-trip-id 917726464 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Thu, 30 Sep 2021 05:21:53 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	ecommerce.js Show response www.google-analytics.com/plugins/ua/	1 KB 1 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/ecommerce.js Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:06:52 GMT content-encoding gzip x-content-type-options nosniff age 901 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 738 x-xss-protection 0 last-modified Tue, 22 Oct 2019 18:15:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Thu, 30 Sep 2021 06:06:52 GMT
GET H2	200	ec.js Show response www.google-analytics.com/plugins/ua/	3 KB 1 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/ec.js Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 04:42:10 GMT content-encoding gzip x-content-type-options nosniff age 2383 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1306 x-xss-protection 0 last-modified Tue, 22 Oct 2019 18:15:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Thu, 30 Sep 2021 05:42:10 GMT
GET H2	200	openx ids.ad.gt/api/v1/ Redirect Chain https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3D02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8... https://u.openx.net/w/1.0/cm?cc=1&id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3D02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm... https://ids.ad.gt/api/v1/openx?openx_id=f0d0a6fa-df10-42f4-b196-10fe77a6aba5&id=02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj91nelrdq1e...	43 B 482 B	199ms 199ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/openx?openx_id=f0d0a6fa-df10-42f4-b196-10fe77a6aba5&id=02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj91nelrdq1elzfjf1hl5r1i1kkc2jl&auid=72f2515a-ec9b-4e17-979e-2ad31ea99cba Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT Redirect headers date Thu, 30 Sep 2021 05:21:53 GMT content-encoding gzip server OXGW/16.216.4 vary Accept, Accept-Encoding p3p CP="CUR ADM OUR NOR STA NID" location https://ids.ad.gt/api/v1/openx?openx_id=f0d0a6fa-df10-42f4-b196-10fe77a6aba5&id=02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj91nelrdq1elzfjf1hl5r1i1kkc2jl&auid=72f2515a-ec9b-4e17-979e-2ad31ea99cba content-type image/gif alt-svc clear content-length 0 via 1.1 google
GET H2	200	halo_match ids.ad.gt/api/v1/	43 B 651 B	178ms 178ms	Image image/gif	52.35.10.191 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ids.ad.gt/api/v1/halo_match?id=72f2515a-ec9b-4e17-979e-2ad31ea99cba&halo_id=02000hc5ci07jv2yg08xizqr0bwpa0c0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj91nelrdq1elzfjf1hl5r1i1kkc2jl Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.35.10.191 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-35-10-191.us-west-2.compute.amazonaws.com Software nginx/1.18.0 / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT cache-control public, max-age=43200 server nginx/1.18.0 content-type image/gif expires Thu, 30 Sep 2021 17:21:53 GMT
GET H2	200	1853083501571805 Show response connect.facebook.net/signals/config/	491 KB 145 KB	9ms 8ms	Script application/x-javascript	2a03:2880:f02d:12:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1853083501571805?v=2.9.47&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ed94983768212f54f047cc9ac0d3db7742b39918ff88c261d6368b4b7f859942 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 147938 x-xss-protection 0 pragma public x-fb-debug utQvSo5CRtpdT+lCV1YB60dFUrcrylxQL+e52olax7cQ0mGT7G/aIXStNooeCWHx8z3H9gdRS6Gq4Yj86LCESQ== x-fb-trip-id 917726464 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Thu, 30 Sep 2021 05:21:53 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 313 B	23ms 7ms	Image image/gif	2a03:2880:f12d:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1853083501571805&ev=PageView&dl=http%3A%2F%2Fwww.itechpost.com%2Farticles%2F107166%2F20210929%2Fnew-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm&rl=&if=false&ts=1632979313191&cd[partner_id]=251&cd[tagger_id]=cef2b6ad962208d4d9c0e0dc33010ba8&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.1.1632979313191.1298674414&it=1632979313136&coo=false&tm=1&exp=p0&rqm=GET Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 05:21:53 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 44 expires Thu, 30 Sep 2021 05:21:53 GMT
POST H2	200	/ Show response www.facebook.com/tr/ Frame A2D9	0 85 B	8ms 7ms	Document text/plain	2a03:2880:f12d:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: www.itechpost.com URL: http://www.itechpost.com/articles/107166/20210929/new-microsoft-malware-steal-credentials-sensitive-info-stop-foggyweb-attacking.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :method POST :authority www.facebook.com :scheme https :path /tr/ content-length 2948 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 origin http://www.itechpost.com content-type application/x-www-form-urlencoded user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer http://www.itechpost.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 Origin http://www.itechpost.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.itechpost.com/ Response headers content-type text/plain access-control-allow-origin http://www.itechpost.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 date Thu, 30 Sep 2021 05:21:53 GMT
POST H2	200	log_event Show response www.youtube.com/youtubei/v1/ Frame DE65	28 B 342 B	21ms 21ms	XHR application/json	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/www-embed-player.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type application/json X-YouTube-Utc-Offset 0 X-YouTube-Client-Name 56 Referer https://www.youtube.com/embed/c-Ur5MKo-KE X-YouTube-Client-Version 1.20210922.1.1 X-YouTube-Time-Zone Etc/Unknown X-Goog-Visitor-Id CgstSUxtWWtFMW5EcyjvktWKBg%3D%3D X-YouTube-Ad-Signals dt=1632979311494&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java&u_nplug=3&u_nmime=4&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C870%2C480&vis=1&wgl=true&ca_type=image&bid=ANyPxKom13TRu2QlqCWBBzm4aWnOeyqBhT9zsiVj4ny4GsnHFklSl9n0ARGC0Wo9Ts1KI0cuBXI4ZLIziVxir-AdIFD16kdesw Response headers date Thu, 30 Sep 2021 05:21:53 GMT content-encoding br x-content-type-options nosniff server scaffolding on HTTPServer2 x-frame-options SAMEORIGIN vary Origin, X-Origin, Referer p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cache-control private content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31 x-xss-protection 0 expires Thu, 30 Sep 2021 05:21:53 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

sync.e-volution.ai

URL

https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=l8tQeG0Z_Dlm

Domain

sync.adtelligent.com

URL

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D