www.welivesecurity.com Open in urlscan Pro
2a02:26f0:480:f::213:7ec8 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Submission: On December 15 via api (December 15th 2023, 2:14:41 am UTC) from TR — Scanned from DE

Summary HTTP 74 Redirects Links 58 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 8 domains to perform 74 HTTP transactions. The main IP is 2a02:26f0:480:f::213:7ec8, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.welivesecurity.com. The Cisco Umbrella rank of the primary domain is 352302.
TLS certificate: Issued by Thawte ECC CA 2018 on January 24th 2023. Valid for: a year.

This is the only time www.welivesecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	2a02:26f0:480... 2a02:26f0:480:f::213:7ec8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
18	52.142.86.50 52.142.86.50	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
4	151.101.0.134 151.101.0.134	54113 (FASTLY) (FASTLY)
3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
18	2600:9000:225... 2600:9000:225f:fa00:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:bdf::63 2620:1ec:bdf::63	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
74	12

19 2a02:26f0:480:f::213:7ec8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.welivesecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 52.142.86.50 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

web-assets.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

welivesecurity.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.0.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2600:9000:225f:fa00:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::63 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cdn.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	esetstatic.com web-assets.esetstatic.com cdn.esetstatic.com — Cisco Umbrella Rank: 642643	823 KB
19	welivesecurity.com www.welivesecurity.com — Cisco Umbrella Rank: 352302	2 MB
18	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 5837	359 KB
8	disqus.com welivesecurity.disqus.com disqus.com — Cisco Umbrella Rank: 1358 referrer.disqus.com — Cisco Umbrella Rank: 8189	57 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	184 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
0	go-mpulse.net Failed s.go-mpulse.net Failed
74	8

	Domain	Requested by
19	www.welivesecurity.com	www.welivesecurity.com
18	c.disquscdn.com	disqus.com c.disquscdn.com www.welivesecurity.com
18	web-assets.esetstatic.com	www.welivesecurity.com
4	disqus.com	welivesecurity.disqus.com c.disquscdn.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	referrer.disqus.com	www.welivesecurity.com
2	cdn.esetstatic.com	www.googletagmanager.com
2	www.googletagmanager.com	www.welivesecurity.com www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	fonts.googleapis.com	client
1	welivesecurity.disqus.com	www.welivesecurity.com
0	s.go-mpulse.net Failed	www.welivesecurity.com
74	12

This site contains links to these domains. Also see Links.

Domain
www.trendmicro.com
symantec-enterprise-blogs.security.com
events.sentinelone.com
media.defense.gov
blog.talosintelligence.com
www.mandiant.com
vblocalhost.com
web.archive.org
web-assets.esetstatic.com
learn.microsoft.com
docs.microsoft.com
www.eset.com
attack.mitre.org
www.facebook.com
www.linkedin.com
twitter.com
youtube.com

Subject Issuer	Validity	Valid
www.welivesecurity.com Thawte ECC CA 2018	`2023-01-24` - `2024-02-02`	a year	crt.sh
api.cms.eset.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-13` - `2024-04-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
a.disquscdn.com Amazon RSA 2048 M01	`2023-08-31` - `2024-09-27`	a year	crt.sh
cdn.esetstatic.com Thawte TLS RSA CA G1	`2023-11-06` - `2024-11-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Frame ID: 308EF4F47BCA1F676219A10D6047A7A1
Requests: 50 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Frame ID: D5996A324E938202D30E40EEE5F7888E
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
Frame ID: 8480FB24BC0398894CBFBCA2637BF11A
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OilRig’s persistent attacks using cloud service-powered downloaders

Detected technologies

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

74
Requests

97 %
HTTPS

64 %
IPv6

8
Domains

12
Subdomains

12
IPs

3
Countries

3738 kB
Transfer

5929 kB
Size

3
Cookies

58 Outgoing links

These are links going to different origins than the main page.

URL: https://www.trendmicro.com/en_us/research/23/b/new-apt34-malware-targets-the-middle-east.html
Title: Trend Micro

Search URL Search Domain Scan URL

URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government
Title: Symantec

Search URL Search Domain Scan URL

URL: https://events.sentinelone.com/event/1bdc4a79-98f4-4913-a8d6-efb9a6796cce/websitePage:9107aab7-3c7b-47d0-bad4-4f85cf7fcecd
Title: LABScon 2023 presentation

Search URL Search Domain Scan URL

URL: https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_TURLA_20191021%20VER%203%20-%20COPY.PDF
Title: commonly believed

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
Title: 2018

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html
Title: 2019

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/hard-pass-declining-apt34-invite-to-join-their-professional-network
Title: HardPass

Search URL Search Domain Scan URL

URL: https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf
Title: DanBot

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20230129145433/https:/www.prevailion.com/latest-targets-of-cyber-group-lyceum/
Title: Shark, Milan

Search URL Search Domain Scan URL

URL: https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset_threat_report_t32021.pdf
Title: T3 2021

Search URL Search Domain Scan URL

URL: https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2023-q3-2023.pdf
Title: local government sector in Israel

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/dotnet/api/microsoft.exchange.webservices.data.item.setextendedproperty?view=exchange-ews-api
Title: extended property

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/dotnet/api/microsoft.exchange.webservices.data.exchangeservice?view=exchange-ews-api
Title: ExchangeService

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/microsoft.exchange.webservices.data?view=exchange-ews-api
Title: Microsoft.Exchange.WebServices.Data

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/graph/use-the-api
Title: REST-based Microsoft Graph API

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/exchange/client-developer/web-service-reference/ews-reference-for-exchange
Title: SOAP-based Microsoft Office EWS API

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0
Title: Microsoft Graph API

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Title: OAuth2 access token

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/graph/api/driveitem-list-children
Title: obtain a list of files

Search URL Search Domain Scan URL

URL: https://www.eset.com/int/business/services/threat-intelligence/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=wls-research&utm_content=oilrig-persistent-attacks-cloud-service-powered-downloaders
Title: ESET Threat Intelligence

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/resources/versions/
Title: version 14

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1583/001/
Title: T1583.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1583/004
Title: T1583.004

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1583/006
Title: T1583.006

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1587/001
Title: T1587.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1585/003
Title: T1585.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1585/002
Title: T1585.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1608
Title: T1608

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1059/003
Title: T1059.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1106
Title: T1106

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1140
Title: T1140

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1480
Title: T1480

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1564/003
Title: T1564.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1070/004
Title: T1070.004

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1202
Title: T1202

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1036/005
Title: T1036.005

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1027
Title: T1027

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1082
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1033
Title: T1033

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1560/003
Title: T1560.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1074/001
Title: T1074.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1132/001
Title: T1132.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1573/001
Title: T1573.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1008
Title: T1008

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1105
Title: T1105

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1102/002
Title: T1102.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1020
Title: T1020

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1041
Title: T1041

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1567/002
Title: T1567.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v14/techniques/T1567
Title: T1567

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Search URL Search Domain Scan URL

URL: https://www.eset.com/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=autotagging&utm_content=eset-research&utm_term=en
Title: ESET

Search URL Search Domain Scan URL

URL: https://www.facebook.com/eset/

Search URL Search Domain Scan URL

URL: https://youtube.com/esetglobal

Search URL Search Domain Scan URL

URL: https://twitter.com/ESET

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/eset

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/ 149 KB
39 KB 118ms
23ms Document
text/html 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

648309e809084615cf238814999116196dc2e0e0161a6d676e9b37f4794830f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=3600 public
content-encoding: gzip
content-length: 36365
content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-type: text/html; charset=UTF-8
date: Fri, 15 Dec 2023 02:14:36 GMT
expires: Fri, 15 Dec 2023 02:33:47 GMT
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
server-timing: cdn-cache; desc=HIT edge; dur=15 origin; dur=0 ak_p; desc="1702606475978_34831752_1221189099_1511_1176_6_30_255";dur=1
strict-transport-security: max-age=15724800
vary: Accept-Encoding
x-akamai-transformed: 9 40215 0 pmb=mRUM,2
x-content-type-options: nosniff
x-edps-request-status: normal
x-xss-protection: 1; mode=block

GET
H2 200 FedraSansAltPro-BookLF-405f3258.woff
www.welivesecurity.com/build/assets/ 163 KB
167 KB 10ms
9ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/FedraSansAltPro-BookLF-405f3258.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

405f32580b4440f0ddf2af9fcfd37fc9a863fde26b57b5623a9b188d61d47166

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189115_46_1082_6_0_219";dur=1
content-length: 166912
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jul 2023 00:44:42 GMT
etag: "64b8837a-28c00"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Fri, 19 Jul 2024 08:26:50 GMT

GET
H2 200 FedraSansAltPro-BoldLF-31f4bc72.woff
www.welivesecurity.com/build/assets/ 162 KB
166 KB 18ms
17ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/FedraSansAltPro-BoldLF-31f4bc72.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

31f4bc726f2849a3c8f77f8432b635d2d4529a3ff80b669fc9e21b0ed1c81ea7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189116_47_1070_6_0_219";dur=1
content-length: 166288
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jul 2023 00:45:14 GMT
etag: "64b8839a-28990"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Fri, 19 Jul 2024 08:24:40 GMT

GET
H2 200 FedraSansAltPro-DemiLF-8885b886.woff
www.welivesecurity.com/build/assets/ 164 KB
168 KB 27ms
26ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/FedraSansAltPro-DemiLF-8885b886.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8885b88667beb8538140ecc550853e59d12e85fbd73dd70d4487b6cc757d8a2b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189117_47_1059_6_0_219";dur=1
content-length: 167780
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jul 2023 00:45:14 GMT
etag: "64b8839a-28f64"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Fri, 19 Jul 2024 08:26:50 GMT

GET
H2 200 oilrig-eset-research-cloud-downloaders.jpeg
web-assets.esetstatic.com/tn/-x425/wls/2023/2023-12/ 54 KB
55 KB 121ms
55ms Image
image/jpeg 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/tn/-x425/wls/2023/2023-12/oilrig-eset-research-cloud-downloaders.jpeg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5037c8e0e2a79b4021e2dba266ecb910da17670007d865b6f8c75c94d3b52596

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff, nosniff
content-length: 55048
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified: Tue, 12 Dec 2023 19:32:31 GMT
etag: W/"6578b54f-386a4"
x-frame-options: SAMEORIGIN, SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true, true
access-control-allow-headers: Content-Type, Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 article-header-995fa639.js Show response
www.welivesecurity.com/build/assets/ 442 B
4 KB 31ms
30ms Script
application/javascript 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/article-header-995fa639.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

606ea62b1a8a1e2b24b9e0eafef0757cea22f73f3956d6548611f7c26c4551b5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189118_72_1383_6_0_219";dur=1
content-length: 200
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 26 Oct 2023 13:19:59 GMT
etag: W/"653a66f4-1ba"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Wed, 24 Jan 2024 13:18:50 GMT

GET
H2 200 app-8864fa1f.css
www.welivesecurity.com/build/assets/ 297 KB
36 KB 18ms
18ms Stylesheet
text/css 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/app-8864fa1f.css

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8864fa1f3693203d1ba51b1478bcf3a746bc70fcf7cb0fe68f22e2f262b6eef7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189114_70_1121_6_0_255";dur=1
content-length: 32603
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 13 Oct 2023 09:08:51 GMT
etag: W/"6529081f-4a256"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: text/css
access-control-allow-origin: *
cache-control: public
expires: Thu, 11 Jan 2024 09:07:04 GMT

GET
H2 200 zuzana-hromcova-2.jpeg
web-assets.esetstatic.com/tn/-x45/wls/2023/07/ 1 KB
2 KB 222ms
131ms Image
image/jpeg 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/tn/-x45/wls/2023/07/zuzana-hromcova-2.jpeg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2472c126ebd1c874e674ec8ac7d866b59137d0c5b6ad20385cff935fd8b7b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff, nosniff
content-length: 1255
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified: Fri, 14 Jul 2023 16:18:57 GMT
etag: W/"64b17571-8b6a"
x-frame-options: SAMEORIGIN, SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true, true
access-control-allow-headers: Content-Type, Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 Adam-Burgher.jpg
web-assets.esetstatic.com/tn/-x45/wls/2021/06/ 1 KB
2 KB 196ms
106ms Image
image/jpeg 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/tn/-x45/wls/2021/06/Adam-Burgher.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c61029a5f6ad5de323834e31241af8b24189033be40a5bf6625ed9441090261c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff, nosniff
content-length: 1327
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified: Mon, 15 May 2023 12:36:01 GMT
etag: W/"64622731-1a72d"
x-frame-options: SAMEORIGIN, SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true, true
access-control-allow-headers: Content-Type, Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-1-timeline-oilrig-downloaders.png
web-assets.esetstatic.com/wls/2020/03/ 72 KB
73 KB 173ms
107ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2020/03/figure-1-timeline-oilrig-downloaders.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a8de520e13fa3f61523324181326886222ab4318705c86fad590db1016fe03d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 73784
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 14 Dec 2023 07:39:29 GMT
etag: "657ab131-12038"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-2-sc5k-v3-calculates-a-victimid-from-the-compromised-computer-s-name.png
web-assets.esetstatic.com/wls/2023/2023-12/ 5 KB
6 KB 172ms
106ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-2-sc5k-v3-calculates-a-victimid-from-the-compromised-computer-s-name.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

bace355d1c82cdbb8901226b6810690531dd3ae39abf412a58a9620bd2710dde

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 5155
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:26:18 GMT
etag: "6570d8ea-1423"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-3-keep-alive-functionality-implemented-by-the-sc5k-v3-downloader.png
web-assets.esetstatic.com/wls/2023/2023-12/ 12 KB
12 KB 172ms
106ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-3-keep-alive-functionality-implemented-by-the-sc5k-v3-downloader.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1891b8f4576db8e442e42782af1f94a9cf5217f9adcde432b2ff157e1cb55f98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 11995
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:27:57 GMT
etag: "6570d94d-2edb"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-4-overview-of-oilbooster-s-c-c-communication-protocol-using-a-shared-onedrive-account.png
web-assets.esetstatic.com/wls/2023/2023-12/ 77 KB
77 KB 70ms
69ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-4-overview-of-oilbooster-s-c-c-communication-protocol-using-a-shared-onedrive-account.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1a5f35e2dce75a40c240ca4f9a93917bc015f24143ede8da541a3c2d91f0f114

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 78502
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:28:43 GMT
etag: "6570d97b-132a6"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-5-oilbooster-s-main-function.png
web-assets.esetstatic.com/wls/2023/2023-12/ 13 KB
14 KB 69ms
68ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-5-oilbooster-s-main-function.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1853a212dcb344c7ca6f636912d4ec7075e784240e6848bd545433453e96f426

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 13536
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:29:41 GMT
etag: "6570d9b5-34e0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-6-each-iteration-of-the-downloader-and-exfiltration-loops-is-spawned-in-a-new-thread.png
web-assets.esetstatic.com/wls/2023/2023-12/ 25 KB
26 KB 70ms
69ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-6-each-iteration-of-the-downloader-and-exfiltration-loops-is-spawned-in-a-new-thread.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e658f7583e8cde9c13f9e59c08ea4ee8d55d6c8a1b5be7a67ba3243e44c53c21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 25821
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:30:44 GMT
etag: "6570d9f4-64dd"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-7-oilbooster-can-request-a-new-refresh-token-from-its-fallback-c-c-server.png
web-assets.esetstatic.com/wls/2023/2023-12/ 41 KB
42 KB 68ms
67ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-7-oilbooster-can-request-a-new-refresh-token-from-its-fallback-c-c-server.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

00c78e21f6e3e130b27d03296ccae6b0b4d331381279f4eec9de4df5f241b52d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 41937
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:31:44 GMT
etag: "6570da30-a3d1"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-8-overview-of-oilbooster-s-network-comms.png
web-assets.esetstatic.com/wls/2023/2023-12/ 134 KB
135 KB 70ms
69ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-8-overview-of-oilbooster-s-network-comms.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

906e14a70fbce797937289bac444cee76c44c1a1c89e5b0b8bd5067a6d3023ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 137591
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:32:41 GMT
etag: "6570da69-21977"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-9-oilbooster-creates-a-victim-specific-directory-on-onedrive.png
web-assets.esetstatic.com/wls/2023/2023-12/ 64 KB
65 KB 68ms
67ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-9-oilbooster-creates-a-victim-specific-directory-on-onedrive.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5d3f58efa7004e3ac82cbaee98b8d96e82a37f0586af11d07d9a4d4966e5b441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 66018
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:33:31 GMT
etag: "6570da9b-101e2"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-10-odagent-s-code-responsible-for-parsing-json-files.png
web-assets.esetstatic.com/wls/2023/2023-12/ 52 KB
53 KB 70ms
69ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-10-odagent-s-code-responsible-for-parsing-json-files.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

46759bddcf6835a581aec196bb5285f4f2372d917046a8d214f81fdaba39b0ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 53381
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:34:25 GMT
etag: "6570dad1-d085"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 figure-11-odagent-s-exfiltration-loop.png
web-assets.esetstatic.com/wls/2023/2023-12/ 26 KB
27 KB 67ms
67ms Image
image/png 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/figure-11-odagent-s-exfiltration-loop.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

10c44fd8fe2d4a826cd488d1699f6c416be071f83d0af71e53d6e7667d347c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 26399
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Dec 2023 20:35:27 GMT
etag: "6570db0f-671f"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 welivesecurity-eset-threat-intelligence.jpeg
web-assets.esetstatic.com/wls/2023/2023-12/ 72 KB
73 KB 118ms
118ms Image
image/jpeg 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/wls/2023/2023-12/welivesecurity-eset-threat-intelligence.jpeg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a7def1fa0223f6d52a8d16be0dfde290883e9e2aa7911d0bfd46141eae8beabe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
content-length: 73925
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 14 Dec 2023 14:36:25 GMT
etag: "657b12e9-120c5"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 eset-threat-research-oilrig-outer-space-juicy-mix.jpeg
web-assets.esetstatic.com/tn/-x82/wls/2023/2023-09/ 4 KB
5 KB 133ms
107ms Image
image/jpeg 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/tn/-x82/wls/2023/2023-09/eset-threat-research-oilrig-outer-space-juicy-mix.jpeg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

05df6371bf02360c24b2bd3265fbe3a3982b390ec6555ff3f53c248894ccd9e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff, nosniff
content-length: 4333
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified: Tue, 19 Sep 2023 14:16:26 GMT
etag: W/"6509ad3a-26136"
x-frame-options: SAMEORIGIN, SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true, true
access-control-allow-headers: Content-Type, Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 ballistic-bobcat-sponsoring-access-backdoor.jpeg
web-assets.esetstatic.com/tn/-x82/wls/2023/2023-8/ 3 KB
4 KB 132ms
106ms Image
image/jpeg 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/tn/-x82/wls/2023/2023-8/ballistic-bobcat-sponsoring-access-backdoor.jpeg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

44c55e245ea3ea1f111a93f64c133ddeba1da47878cb05d7a646cb0ba8fc5129

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff, nosniff
content-length: 3311
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified: Wed, 06 Sep 2023 08:40:17 GMT
etag: W/"64f83af1-2e311"
x-frame-options: SAMEORIGIN, SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true, true
access-control-allow-headers: Content-Type, Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 eset-research-stealth-falcon-deadglyph.jpeg
web-assets.esetstatic.com/tn/-x82/wls/2023/2023-09/deadglyph/ 4 KB
6 KB 131ms
105ms Image
image/jpeg 52.142.86.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web-assets.esetstatic.com/tn/-x82/wls/2023/2023-09/deadglyph/eset-research-stealth-falcon-deadglyph.jpeg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8869a1e4833b19e09aef1bd85440df071067a4d45e8d8be44c00217d3ec6fc6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff, nosniff
content-length: 4559
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified: Tue, 19 Sep 2023 13:48:39 GMT
etag: W/"6509a6b7-1899d"
x-frame-options: SAMEORIGIN, SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, GET, POST, OPTIONS
content-type: image/jpeg
access-control-allow-origin: https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control: max-age=7776000, public
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials: true, true
access-control-allow-headers: Content-Type, Content-Type
expires: Thu, 14 Mar 2024 02:14:36 GMT

GET
H2 200 apt-activity-report-0b5f1a6d.png
www.welivesecurity.com/build/assets/ 582 KB
586 KB 19ms
18ms Image
image/png 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/build/assets/apt-activity-report-0b5f1a6d.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0b5f1a6d738d2c76b21d0e0d47794ba662936f6e0aaddc8757915a5daa597517

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476066_34831752_1221189137_14_1051_6_0_146";dur=1
content-length: 596073
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 03 Nov 2023 14:35:31 GMT
etag: "65450533-91869"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Thu, 01 Feb 2024 14:36:44 GMT

GET
H2 200 app-7a4ecde0.js Show response
www.welivesecurity.com/build/assets/ 80 KB
25 KB 31ms
30ms Script
application/javascript 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/app-7a4ecde0.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8b67a0820b92ad626dd7204b203736274c68fa2cb1a107077d571e60f6dedf96

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189119_59_1372_6_0_219";dur=1
content-length: 22056
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Aug 2023 09:49:35 GMT
etag: W/"64dc9b1d-13f2d"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Tue, 14 Nov 2023 09:48:39 GMT

GET
H2 200 search-7d9f58b7.js Show response
www.welivesecurity.com/build/assets/ 276 KB
88 KB 33ms
32ms Script
application/javascript 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/search-7d9f58b7.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

956f61e41e263b6074a58cbcb2eb181014e8c8e277388ebd98cc0d59921577f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189120_69_1204_6_0_219";dur=1
content-length: 86056
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Aug 2023 10:10:05 GMT
etag: W/"64dc9afe-44eae"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Tue, 14 Nov 2023 09:55:36 GMT

GET
H2 200 _commonjsHelpers-042e6b4d.js Show response
www.welivesecurity.com/build/assets/ 725 B
4 KB 36ms
35ms Script
application/javascript 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/_commonjsHelpers-042e6b4d.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ed915d2176566b841f0e01e7632ce7a20b023cbcb4f5976a6015284fccd8a865

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189121_59_1186_6_0_219";dur=1
content-length: 330
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Aug 2023 09:50:52 GMT
etag: W/"64dc9b1d-2d5"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Tue, 14 Nov 2023 09:50:50 GMT

GET
H2 200 prism-40494b65.css
www.welivesecurity.com/build/assets/ 2 KB
4 KB 19ms
16ms Stylesheet
text/css 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/prism-40494b65.css

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

40494b653a0f9485c88432191eaace18e7dff8646f45114d6007fe19da129e34

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476065_34831752_1221189135_36_1235_6_0_255";dur=1
content-length: 563
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 06:37:48 GMT
etag: W/"6511a3c1-6fa"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: text/css
access-control-allow-origin: *
cache-control: public
expires: Mon, 25 Dec 2023 14:48:19 GMT

GET
H2 200 prism-40d1b0a4.js Show response
www.welivesecurity.com/build/assets/ 66 KB
24 KB 37ms
36ms Script
application/javascript 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/prism-40d1b0a4.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6572478fbf8e29ee8109a22286fd9f82330fae739c518b58d5f37df25e17ea37

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189122_60_1172_6_0_219";dur=1
content-length: 20342
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Aug 2023 09:49:15 GMT
etag: W/"64dc9afe-10728"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Tue, 14 Nov 2023 09:48:39 GMT

GET
H2 200 article-e3625c4c.css
www.welivesecurity.com/build/assets/ 23 KB
8 KB 23ms
20ms Stylesheet
text/css 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/article-e3625c4c.css

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3625c4c1b10a8e8b5fb271f45549d6d68e0a9c462062fc927709ea7ab285ca5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476066_34831752_1221189136_44_1457_6_0_182";dur=1
content-length: 4371
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Nov 2023 17:44:35 GMT
etag: W/"65032457-5d19"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: text/css
access-control-allow-origin: *
cache-control: public
expires: Mon, 25 Dec 2023 13:39:28 GMT

GET
H2 200 article-fd027339.js Show response
www.welivesecurity.com/build/assets/ 140 KB
39 KB 40ms
40ms Script
application/javascript 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/article-fd027339.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e9d5fa7dbd42331253c178a9fb1ce2aaac7543c8667326489b58d4ab3a51abfd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
x-edps-request-status: normal
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476039_34831752_1221189123_62_765_6_0_219";dur=1
content-length: 36164
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 13 Oct 2023 09:06:28 GMT
etag: W/"6529081f-23021"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Thu, 11 Jan 2024 09:06:27 GMT

GET 7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ 0
0

GET
H/1.1 200
OK embed.js Show response
welivesecurity.disqus.com/ 79 KB
25 KB 125ms
7ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://welivesecurity.disqus.com/embed.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

2bea50c2b896c01be1c45c9357bc8226950a8d71f35f028adeae19b16c46d082

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 02:14:36 GMT
content-encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
server: openresty
Age: 89
Vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
x-service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25629

GET
DATA 200
OK truncated
/ 671 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 644fbb688b94c602990a4988d379d439a5151ea782e06496cb6347cbbb64e49d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 FedraSansAltPro-MediumLF-261e3ac5.woff
www.welivesecurity.com/build/assets/ 166 KB
170 KB 17ms
13ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/FedraSansAltPro-MediumLF-261e3ac5.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

261e3ac5dbb4ba8069ecba539a13b971d2e147981f4573e993410d8bd6de0037

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476077_34831752_1221189144_67_729_6_0_255";dur=1
content-length: 170432
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jul 2023 14:40:48 GMT
etag: "64b94770-299c0"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Fri, 19 Jul 2024 16:25:46 GMT

GET
H2 200 FedraSansAltPro-BoldItalicLF-ec9eb351.woff
www.welivesecurity.com/build/assets/ 169 KB
173 KB 21ms
16ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/FedraSansAltPro-BoldItalicLF-ec9eb351.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ec9eb3515b0c462b663eb6e45a8c8d3de6993077cac8f05f30fbce263d1659c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476077_34831752_1221189145_67_721_6_0_255";dur=1
content-length: 172828
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 16 Oct 2023 05:59:20 GMT
etag: "652cd138-2a31c"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Thu, 17 Oct 2024 19:03:25 GMT

GET
H2 200 FedraSansAltPro-BookItalicLF-4cad214a.woff
www.welivesecurity.com/build/assets/ 162 KB
166 KB 21ms
18ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/FedraSansAltPro-BookItalicLF-4cad214a.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4cad214a2eeb48599ea314d32d2685f6554fe548be21add2f606db059530506e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476077_34831752_1221189146_68_713_6_0_255";dur=1
content-length: 165752
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jul 2023 14:41:32 GMT
etag: "64b9479c-28778"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Fri, 19 Jul 2024 16:25:46 GMT

GET
H2 200 FedraSansAltPro-LightLF-ec800a5b.woff
www.welivesecurity.com/build/assets/ 159 KB
163 KB 23ms
20ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/FedraSansAltPro-LightLF-ec800a5b.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ec800a5bcb2d4e57adcc0c7ec3d69427ac3e392d4a0302891dd76fb80ffd0bfd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702606476077_34831752_1221189147_69_667_6_0_255";dur=1
content-length: 162900
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jul 2023 00:44:42 GMT
etag: "64b8837a-27c54"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Fri, 19 Jul 2024 08:28:34 GMT

GET
H2 200 Consolas-58a1668c.woff
www.welivesecurity.com/build/assets/ 260 KB
264 KB 15ms
13ms Font
font/woff 2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/build/assets/Consolas-58a1668c.woff

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

58a1668cd118c21300e88b973c712f2dbc95a8cae66ee0f92f45c976db327dcf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status: normal
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 15 Dec 2023 02:14:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=6, origin; dur=0, ak_p; desc="1702606476093_34831752_1221189159_600_918_7_0_255";dur=1
content-length: 266368
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 11 Sep 2023 12:30:25 GMT
etag: "64ff0861-41080"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Tue, 10 Sep 2024 13:34:39 GMT

GET 7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ Frame D599 0
0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 328 KB
105 KB 212ms
80ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1174247c405bfaae204b77e6a8322e660fad516773b1a761211e2655989cf884

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107604
x-xss-protection: 0
last-modified: Fri, 15 Dec 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 15 Dec 2023 02:14:36 GMT

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 8480 8 KB
5 KB 46ms
15ms Document
text/html 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7bd7ddaaa10e73c1bc554db0b4d5ec7ef43cfc0cae324009f34147e55a3890c1

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 28
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3295
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 15 Dec 2023 02:14:36 GMT
ETag: W/"lounge:view:9967370004.c2a5c655d91d506db19c12c0d97a43ca.2"
Last-Modified: Wed, 06 Dec 2023 20:54:42 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 116ms
100ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=2c9p5prtqvcc1&experiment=prebidbidisrequired&variant=active&service=dynamic&area=top&product=embed&forum=welivesecurity&zone=thread&version=46355a98bc48ecd1c0c19b65d17b59ed&page_url=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Aprebidbidisrequired%3Aactive&section=default&verb=call&adjective=1&forum_id=2152520

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 02:14:36 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 111ms
96ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=2c9p5prtqvcc1&experiment=prebidbidisrequired&variant=active&service=dynamic&area=bottom&product=embed&forum=welivesecurity&zone=thread&version=46355a98bc48ecd1c0c19b65d17b59ed&page_url=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Aprebidbidisrequired%3Aactive&section=default&verb=call&adjective=1&forum_id=2152520

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 02:14:36 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

GET
H2 200 lounge.load.46355a98bc48ecd1c0c19b65d17b59ed.js Show response
c.disquscdn.com/next/embed/ Frame 8480 1 KB
1 KB 112ms
17ms Script
application/javascript 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.46355a98bc48ecd1c0c19b65d17b59ed.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cc3d3c81b9eac1b2b0c317957d35df1c263e99f574c1c933335943491cd782b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 06 Dec 2023 19:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 5bab9b28b9df8c7c6cb942e5654e9558.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 714295
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 630
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-276"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: fxtkNZMsbDeL6Eghg7pocfTbJGjveCBzXUTqE3n3TgDzuOTrXU3xUw==
expires: Thu, 05 Dec 2024 19:49:41 GMT

GET
H2 200 common.bundle.dee2b49ee90353edb3719f48d95284cd.js Show response
c.disquscdn.com/next/embed/ Frame 8480 280 KB
93 KB 54ms
19ms Script
application/javascript 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.46355a98bc48ecd1c0c19b65d17b59ed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

560a509130735e0826b11e67847715f03148528dc363c5dfb59a0abfeef03f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 28 Nov 2023 17:51:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 1412588
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94199
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-16ff7"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: h88IfLxVMatrIdrhr8TJpxarTcRoF0mBepPf37Grg64CK6x3pCaSdw==
expires: Wed, 27 Nov 2024 17:51:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
78 KB 81ms
81ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FBY6B30C4M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4ad2430fff69ab173052cbf59bf37a2dcc8e9fd41661d89ebe8680fd87e42433

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79890
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 15 Dec 2023 02:14:36 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 188ms
56ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 15 Dec 2023 01:48:14 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1582
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 15 Dec 2023 03:48:14 GMT

GET
H2 200 app.min.css
cdn.esetstatic.com/cookie-consent/v3/ 20 KB
5 KB 90ms
8ms Stylesheet
text/css 2620:1ec:bdf::63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.esetstatic.com/cookie-consent/v3/app.min.css
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ddf0e65e326bc99627ac2d1df7babf8780bb64fe4fa08bb1a0e5d772fb2e3c94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
content-encoding: br
last-modified: Wed, 30 Nov 2022 12:49:33 GMT
etag: W/"0x8DAD2D15474DB45"
vary: Accept-Encoding
x-azure-ref: 20231215T021436Z-xwdnfhc7a503fbqydwhfhbrmyg00000002hg000000000es0
content-type: text/css
x-ms-request-id: 87a95492-901e-0072-06b5-2d07f7000000
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 app.min.js Show response
cdn.esetstatic.com/cookie-consent/v3/ 380 KB
140 KB 90ms
8ms Script
text/javascript 2620:1ec:bdf::63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.esetstatic.com/cookie-consent/v3/app.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3136ed18810649908a21e1af3d5ed10eb6f0b06f8e7653362e2303870aaf8b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 02:14:36 GMT
content-encoding: br
last-modified: Fri, 11 Nov 2022 13:55:52 GMT
etag: W/"0x8DAC3EC72913F28"
vary: Accept-Encoding
x-azure-ref: 20231215T021436Z-xwdnfhc7a503fbqydwhfhbrmyg00000002hg000000000es1
content-type: text/javascript
x-ms-request-id: 23a7091a-c01e-00b4-558e-2dcc76000000
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 lounge.836fc8a416dc0c1320b56ba25eea2964.css
c.disquscdn.com/next/embed/styles/ Frame 8480 233 KB
33 KB 19ms
18ms Stylesheet
text/css 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

41f015f0c88ce5c917f8c9d1e02f3c9fb73bad38ec82419d733a267ab7440546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 06 Dec 2023 19:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 714295
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 33302
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-8216"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: FiCpL42I5ELJkASMhNID6EzPx6u3RMI7VrSfRBTI6gcRacXQ3o89BA==
expires: Thu, 05 Dec 2024 19:49:41 GMT

GET
H2 200 lounge.bundle.bdddb77ad23844461b40e306325fbba4.js Show response
c.disquscdn.com/next/embed/ Frame 8480 513 KB
129 KB 18ms
18ms Script
application/javascript 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.bdddb77ad23844461b40e306325fbba4.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a0ac6681efe2c5e32ee417a5368abc5bde4278f37d6ad54538eb908ee19dbfb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 06 Dec 2023 19:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 714295
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 131025
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-1ffd1"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: WJxbUPg9Sf-ZROJn2r5yUI4hXTHGaZfZv7QOcGkb_uCfAIviiY9_Lg==
expires: Thu, 05 Dec 2024 19:49:41 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 8480 19 KB
19 KB 6ms
6ms Script
application/javascript 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5db78ae694ad4c6628917734e442333427e5c0db54b8a8d474c640964eda41f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 02:14:36 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 54
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 19264
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 8480 4 KB
4 KB 110ms
110ms XHR
application/json 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=welivesecurity&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0bc3f92dc96660c065730c77963fb93c77d4a188cac56dfb42027c021b3bfc69

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 02:14:36 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3958
X-XSS-Protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ Frame 8480 11 KB
1 KB 412ms
80ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 15 Dec 2023 02:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 15 Dec 2023 01:51:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 15 Dec 2023 02:14:37 GMT

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 8480 1 KB
2 KB 108ms
96ms XHR
application/json 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=9967370004&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bb8a336cfb6fcec28ed454e668fd8a8cd440cb81544266cdb2cc79824fc49166

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 02:14:36 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 79
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 1351
X-XSS-Protection: 1; mode=block

GET
H2 200 avatar92.jpg
c.disquscdn.com/uploads/forums/215/2520/ Frame 8480 3 KB
4 KB 19ms
18ms Image
image/jpeg 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/uploads/forums/215/2520/avatar92.jpg?1666017561

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

547d64d9586e701e83fd750596ba4ad00437294bbb2377e68d38823b0d097911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 01 Dec 2023 08:13:37 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 1188059
x-cache: Hit from cloudfront
content-length: 3099
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Mon, 17 Oct 2022 14:39:22 GMT
server: nginx
etag: "03e2797add6e2cc784dc53b89eb72771"
content-type: image/jpeg
cache-control: max-age=31536000, public, immutable
accept-ranges: bytes
x-amz-cf-id: 2_pfOK4t87a8gr69oGp03DzP_k806JDLCOc-MAwvH7_taMZ1UwiR9A==
expires: Sat, 30 Nov 2024 08:13:37 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 8480 13 KB
13 KB 17ms
17ms Image
image/svg+xml 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 18 Nov 2023 05:39:28 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 2320508
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 15 Nov 2023 20:36:05 GMT
server: nginx
etag: "65552bb5-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5o9k1qPzTonerWHxcLX62Y_2tetJCMVcI2_orjjR9l4Xrc2oEIHBJw==
expires: Sun, 17 Nov 2024 05:39:28 GMT

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 8480 3 KB
3 KB 19ms
17ms Image
image/gif 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 20 Aug 2023 12:05:10 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 10073366
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 02 Aug 2023 23:18:56 GMT
server: nginx
etag: "64cae460-b9b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 1vHRVTVPebghqhn0UteEkKXHUcaJGjHgc8xiDkZ7vxhulWdrIR2A5Q==
expires: Mon, 19 Aug 2024 12:05:10 GMT

GET
H2 200 email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
c.disquscdn.com/next/embed/assets/img/ Frame 8480 840 B
1 KB 20ms
18ms Image
image/svg+xml 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 21 Sep 2023 03:03:24 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 7341071
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 840
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 20 Sep 2023 10:55:06 GMT
server: nginx
etag: "650acf8a-348"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: q_dHx7_K_dhk6EAyyzBECxfA_VXulh7zZDOqe8hEF_0clhv2LpoDcg==
expires: Fri, 20 Sep 2024 03:03:24 GMT

GET
H2 200 privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
c.disquscdn.com/next/embed/assets/img/ Frame 8480 891 B
1 KB 20ms
19ms Image
image/svg+xml 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 26 Jul 2023 18:48:11 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 12209185
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 891
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 26 Jul 2023 16:31:55 GMT
server: nginx
etag: "64c14a7b-37b"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: RgtFVmocpnoSidGYdgxOiErRxcIRejyXEKLit-mh78KIH6vO-DZP6Q==
expires: Thu, 25 Jul 2024 18:48:11 GMT

GET
H2 200 warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
c.disquscdn.com/next/embed/assets/img/ Frame 8480 605 B
1 KB 21ms
20ms Image
image/svg+xml 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 14 Sep 2023 03:57:58 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 7942598
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 605
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 13 Sep 2023 20:48:30 GMT
server: nginx
etag: "6502201e-25d"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: PUOpsT_Ps-D317__ZFMyufYBZh2YM8XA2z_m3QAZ_fBBDHghtnXsdg==
expires: Fri, 13 Sep 2024 03:57:58 GMT

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 8480 2 KB
2 KB 21ms
20ms Image
image/png 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 24 Jul 2023 12:53:27 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 12403269
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 12 Jul 2023 14:04:56 GMT
server: nginx
etag: "64aeb308-6e3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: dS7oiPlW37Prdd-8-Mnzn3lxwuR9EZQzlsvOmyjxObqybO4FHiLFXA==
expires: Tue, 23 Jul 2024 12:53:27 GMT

GET
H2 200 icons.79e576f9489bae308388e5b8e250aa86.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 8480 8 KB
9 KB 22ms
21ms Font
application/octet-stream 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.79e576f9489bae308388e5b8e250aa86.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8dc675da542f629aca965669b35900a5ed0685f4d87dce9eac4660baf4493687

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.836fc8a416dc0c1320b56ba25eea2964.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 06 Dec 2023 19:49:42 GMT
via: 1.1 5bab9b28b9df8c7c6cb942e5654e9558.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 714294
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8216
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-2018"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: GNFGq0q-6XX4OymQXSHYpltlZzkuqaVaHZ6GY8MGIEXyIET8yTTEmg==
expires: Thu, 05 Dec 2024 19:49:42 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
259 B 302ms
37ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FBY6B30C4M&gtm=45je3bt0v889440112z86269785&_p=1702606476184&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1165915686.1702606477&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1702606476&sct=1&seg=0&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&dt=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&en=page_view&_fv=2&_nsi=1&_ss=2&ep.branch=en&ep.page_location_noquery=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&ep.hostname=www.welivesecurity.com&ep.useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.109%20Safari%2F537.36&ep.project_id=wls&ep.article_category=ESET%20Research&ep.article_date=2023%2F12%2F14&ep.article_section=(not%20set)&ep.author=Zuzana%20Hromcov%C3%A1&ep.blog_length=3k%2B&epn.publication_id=30065&ep.cookie_consent=b%3A1%7Ca%3A0%7Cm%3A0&tfd=870
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FBY6B30C4M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Dec 2023 02:14:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.welivesecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
151 B 76ms
76ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=935621357&t=pageview&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&ul=en-us&de=UTF-8&dt=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAIg~&cid=1165915686.1702606477&tid=UA-37839312-1&_gid=76449051.1702606477&_slc=1&gtm=45He3bt0n71PMDGSMv6269785&cd1=ESET%20Research&cd2=Zuzana%20Hromcov%C3%A1&cd3=3k%2B&cd4=&cd5=2023-12-15T03%3A14%3A36.561%2B01%3A00&cd6=Non-Office%20Hours&cd7=www.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&cd10=(not%20set)&cd11=en&cd12=not-a-bot&cd14=30065&cd15=2023%2F12%2F14&cd21=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.109%20Safari%2F537.36&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1699533266

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Dec 2023 02:14:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.welivesecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
193 B 57ms
56ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=935621357&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&ul=en-us&de=UTF-8&dt=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=cookie%20consent&ea=cookie-consent-visible&_u=aDDAAEABAAAAACAAIg~&cid=1165915686.1702606477&tid=UA-37839312-1&_gid=76449051.1702606477&gtm=45He3bt0n71PMDGSMv6269785&cd1=ESET%20Research&cd2=Zuzana%20Hromcov%C3%A1&cd3=3k%2B&cd4=&cd5=2023-12-15T03%3A14%3A36.811%2B01%3A00&cd6=Non-Office%20Hours&cd7=www.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&cd10=(not%20set)&cd11=en&cd12=not-a-bot&cd14=30065&cd15=2023%2F12%2F14&cd20=1165915686.1702606477&cd21=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.109%20Safari%2F537.36&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1082433623

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Dec 2023 00:01:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 8010
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 8480 43 B
339 B 100ms
100ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=183&event=init_embed&thread=9967370004&forum=welivesecurity&forum_id=2152520&imp=2c9p5prtqvcc1&thread_slug=30065&user_type=anon&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&theme=next&dnt=0&tracking_enabled=0&experiment=prebidbidisrequired&variant=active&service=dynamic&promoted_enabled=true&max_enabled=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 02:14:36 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 8480 8 KB
8 KB 21ms
19ms Image
image/png 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 15 Dec 2023 02:10:48 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 228
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-1fea"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: qMVA_jRnlCXYpdvU4A6e9IeoIMvEUTeVCRqagjGrNXDJ7PTXx3I6Ng==
expires: Fri, 15 Dec 2023 02:15:48 GMT

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 8480 9 KB
9 KB 25ms
24ms Image
image/png 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 15 Dec 2023 02:14:36 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 2
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-22b3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: MvrZgZvsKlpA_tTkaqVa5m5-v0-Z-fBvumey00WnRh0dTkLofV3RBA==
expires: Fri, 15 Dec 2023 02:19:34 GMT

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 8480 12 KB
12 KB 21ms
20ms Image
image/png 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 15 Dec 2023 02:12:28 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 128
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-2e86"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: vO68G7wHACix_0rnPA3M0nMUWH1YY-sakAScQEGDkI1UdAf6FaeBDg==
expires: Fri, 15 Dec 2023 02:17:28 GMT

GET
H2 200 surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 8480 7 KB
8 KB 22ms
21ms Image
image/png 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 15 Dec 2023 02:10:27 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 292
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7308
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-1c8c"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: HB6RNYSWuoaYCp3cPtRhfPhH_DeAUQ-t3HW5LPPADgapUVVat5DD-g==
expires: Fri, 15 Dec 2023 02:14:44 GMT

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 8480 20 KB
21 KB 22ms
21ms Image
image/png 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 15 Dec 2023 02:10:27 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 287
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-50c3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5HDJ1cttr9puW8UzLqhjPTEi5ruk4ZAwTjsBHP9qWVToSPR2OJO9Uw==
expires: Fri, 15 Dec 2023 02:14:49 GMT

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 8480 9 KB
9 KB 24ms
23ms Image
image/png 2600:9000:225f:fa00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225f:fa00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Foilrig-persistent-attacks-cloud-service-powered-downloaders%2F&t_e=30065&t_d=OilRig%E2%80%99s%20persistent%20attacks%20using%20cloud%20service-powered%20downloaders&t_t=30065&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 15 Dec 2023 02:12:42 GMT
via: 1.1 6ffd9144e1bc0d7518dfec3f04843cdc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P2
age: 114
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
server: nginx
etag: "6570ce1c-231a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: VsJr-sNwnJvDjy0FrvKLwLzpA086MDICZTkS_p99huIypDo5VLVE-A==
expires: Fri, 15 Dec 2023 02:17:42 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B

Domain: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.welivesecurity.com/	1970-01-21 02:32:46	Name: _ga Value: GA1.2.1165915686.1702606477
.welivesecurity.com/	1970-01-20 16:58:12	Name: _gid Value: GA1.2.76449051.1702606477
.welivesecurity.com/	1970-01-21 02:32:46	Name: _ga_FBY6B30C4M Value: GS1.1.1702606476.1.0.1702606476.0.0.0

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/ Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/(Line 55) Message: Refused to load the script 'https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/(Line 55) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/(Line 55) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/(Line 55) Message: Refused to load the script 'https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://welivesecurity.disqus.com/embed.js(Line 48) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://welivesecurity.disqus.com/embed.js(Line 48) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://welivesecurity.disqus.com/embed.js(Line 48) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://welivesecurity.disqus.com/embed.js(Line 48) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://welivesecurity.disqus.com/embed.js(Line 48) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://welivesecurity.disqus.com/ Message: Refused to frame 'https://tempest.services.disqus.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com".
security	error	URL: https://welivesecurity.disqus.com/ Message: Refused to frame 'https://tempest.services.disqus.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.eset.com https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.disquscdn.com
cdn.esetstatic.com
disqus.com
fonts.googleapis.com
referrer.disqus.com
region1.google-analytics.com
s.go-mpulse.net
web-assets.esetstatic.com
welivesecurity.disqus.com
www.google-analytics.com
www.googletagmanager.com
www.welivesecurity.com
s.go-mpulse.net
151.101.0.134
199.232.192.134
199.232.196.134
2001:4860:4802:34::36
2600:9000:225f:fa00:6:8656:f5c0:93a1
2620:1ec:bdf::63
2a00:1450:4001:80f::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82a::200a
2a02:26f0:480:f::213:7ec8
52.142.86.50
00c78e21f6e3e130b27d03296ccae6b0b4d331381279f4eec9de4df5f241b52d
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
05df6371bf02360c24b2bd3265fbe3a3982b390ec6555ff3f53c248894ccd9e1
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
0b5f1a6d738d2c76b21d0e0d47794ba662936f6e0aaddc8757915a5daa597517
0bc3f92dc96660c065730c77963fb93c77d4a188cac56dfb42027c021b3bfc69
10c44fd8fe2d4a826cd488d1699f6c416be071f83d0af71e53d6e7667d347c2e
1174247c405bfaae204b77e6a8322e660fad516773b1a761211e2655989cf884
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
1853a212dcb344c7ca6f636912d4ec7075e784240e6848bd545433453e96f426
1891b8f4576db8e442e42782af1f94a9cf5217f9adcde432b2ff157e1cb55f98
1a5f35e2dce75a40c240ca4f9a93917bc015f24143ede8da541a3c2d91f0f114
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
261e3ac5dbb4ba8069ecba539a13b971d2e147981f4573e993410d8bd6de0037
2bea50c2b896c01be1c45c9357bc8226950a8d71f35f028adeae19b16c46d082
31f4bc726f2849a3c8f77f8432b635d2d4529a3ff80b669fc9e21b0ed1c81ea7
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
40494b653a0f9485c88432191eaace18e7dff8646f45114d6007fe19da129e34
405f32580b4440f0ddf2af9fcfd37fc9a863fde26b57b5623a9b188d61d47166
41f015f0c88ce5c917f8c9d1e02f3c9fb73bad38ec82419d733a267ab7440546
44c55e245ea3ea1f111a93f64c133ddeba1da47878cb05d7a646cb0ba8fc5129
46759bddcf6835a581aec196bb5285f4f2372d917046a8d214f81fdaba39b0ea
4ad2430fff69ab173052cbf59bf37a2dcc8e9fd41661d89ebe8680fd87e42433
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4cad214a2eeb48599ea314d32d2685f6554fe548be21add2f606db059530506e
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
5037c8e0e2a79b4021e2dba266ecb910da17670007d865b6f8c75c94d3b52596
547d64d9586e701e83fd750596ba4ad00437294bbb2377e68d38823b0d097911
560a509130735e0826b11e67847715f03148528dc363c5dfb59a0abfeef03f05
58a1668cd118c21300e88b973c712f2dbc95a8cae66ee0f92f45c976db327dcf
5d3f58efa7004e3ac82cbaee98b8d96e82a37f0586af11d07d9a4d4966e5b441
5db78ae694ad4c6628917734e442333427e5c0db54b8a8d474c640964eda41f3
606ea62b1a8a1e2b24b9e0eafef0757cea22f73f3956d6548611f7c26c4551b5
644fbb688b94c602990a4988d379d439a5151ea782e06496cb6347cbbb64e49d
648309e809084615cf238814999116196dc2e0e0161a6d676e9b37f4794830f0
6572478fbf8e29ee8109a22286fd9f82330fae739c518b58d5f37df25e17ea37
7bd7ddaaa10e73c1bc554db0b4d5ec7ef43cfc0cae324009f34147e55a3890c1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8864fa1f3693203d1ba51b1478bcf3a746bc70fcf7cb0fe68f22e2f262b6eef7
8869a1e4833b19e09aef1bd85440df071067a4d45e8d8be44c00217d3ec6fc6d
8885b88667beb8538140ecc550853e59d12e85fbd73dd70d4487b6cc757d8a2b
8b67a0820b92ad626dd7204b203736274c68fa2cb1a107077d571e60f6dedf96
8dc675da542f629aca965669b35900a5ed0685f4d87dce9eac4660baf4493687
906e14a70fbce797937289bac444cee76c44c1a1c89e5b0b8bd5067a6d3023ff
956f61e41e263b6074a58cbcb2eb181014e8c8e277388ebd98cc0d59921577f4
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
a0ac6681efe2c5e32ee417a5368abc5bde4278f37d6ad54538eb908ee19dbfb0
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
a7def1fa0223f6d52a8d16be0dfde290883e9e2aa7911d0bfd46141eae8beabe
a8de520e13fa3f61523324181326886222ab4318705c86fad590db1016fe03d3
bace355d1c82cdbb8901226b6810690531dd3ae39abf412a58a9620bd2710dde
bb8a336cfb6fcec28ed454e668fd8a8cd440cb81544266cdb2cc79824fc49166
c61029a5f6ad5de323834e31241af8b24189033be40a5bf6625ed9441090261c
cc3d3c81b9eac1b2b0c317957d35df1c263e99f574c1c933335943491cd782b2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
ddf0e65e326bc99627ac2d1df7babf8780bb64fe4fa08bb1a0e5d772fb2e3c94
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3136ed18810649908a21e1af3d5ed10eb6f0b06f8e7653362e2303870aaf8b8
e3625c4c1b10a8e8b5fb271f45549d6d68e0a9c462062fc927709ea7ab285ca5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e658f7583e8cde9c13f9e59c08ea4ee8d55d6c8a1b5be7a67ba3243e44c53c21
e9d5fa7dbd42331253c178a9fb1ce2aaac7543c8667326489b58d4ab3a51abfd
ec800a5bcb2d4e57adcc0c7ec3d69427ac3e392d4a0302891dd76fb80ffd0bfd
ec9eb3515b0c462b663eb6e45a8c8d3de6993077cac8f05f30fbce263d1659c3
ed915d2176566b841f0e01e7632ce7a20b023cbcb4f5976a6015284fccd8a865
f2472c126ebd1c874e674ec8ac7d866b59137d0c5b6ad20385cff935fd8b7b02

www.welivesecurity.com Open in urlscan Pro 2a02:26f0:480:f::213:7ec8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

74 Requests

97 %HTTPS

64 %IPv6

8 Domains

12 Subdomains

12 IPs

3 Countries

3738 kBTransfer

5929 kBSize

3 Cookies

58 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.welivesecurity.com Open in urlscan Pro
2a02:26f0:480:f::213:7ec8 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

97 %
HTTPS

64 %
IPv6

8
Domains

12
Subdomains

12
IPs

3
Countries

3738 kB
Transfer

5929 kB
Size

3
Cookies

74 HTTP transactions
1 data transactions