urlscan.io logo urlscan.io
SecurityTrails logo

hybrid-analysis.blogspot.com Open in urlscan Pro
2a00:1450:4001:831::2001  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Effective URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Submission: On September 25 via manual from CH — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 49 HTTP transactions. The main IP is 2a00:1450:4001:831::2001, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is hybrid-analysis.blogspot.com.
TLS certificate: Issued by WR2 on August 26th 2024. Valid for: 3 months.
This is the only time hybrid-analysis.blogspot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
hybrid-analysis.blogspot.com
3    2a00:1450:4001:808::2009 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.blogger.com
1    2606:4700:4400::6812:22b7 (United States)

ASN13335 (CLOUDFLARENET, US)
hybrid-analysis.com
37    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh7-rt.googleusercontent.com
2    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
pagead2.googlesyndication.com
1    172.217.16.137 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f137.1e100.net
www.blogger.com
1    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
37 googleusercontent.com
lh7-rt.googleusercontent.com — Cisco Umbrella Rank: 862
3 MB
4 blogger.com
www.blogger.com — Cisco Umbrella Rank: 11657
56 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 52
region1.google-analytics.com — Cisco Umbrella Rank: 3391
21 KB
2 blogspot.com
hybrid-analysis.blogspot.com
21 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 57
99 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 122
67 B
1 hybrid-analysis.com
hybrid-analysis.com — Cisco Umbrella Rank: 414201
3 KB
49 7
Domain Requested by
37 lh7-rt.googleusercontent.com hybrid-analysis.blogspot.com
4 www.blogger.com hybrid-analysis.blogspot.com
2 www.google-analytics.com hybrid-analysis.blogspot.com
www.google-analytics.com
2 hybrid-analysis.blogspot.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com www.google-analytics.com
1 pagead2.googlesyndication.com hybrid-analysis.blogspot.com
1 hybrid-analysis.com hybrid-analysis.blogspot.com
49 8
Subject Issuer Validity Valid
misc-sni.blogspot.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.blogger.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
hybrid-analysis.com
Cloudflare Inc ECC CA-3		 2024-03-03 -
2024-12-31		 10 months crt.sh
*.googleusercontent.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Frame ID: F3F11387B96C4815F7BA307ED3D204CE
Requests: 49 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hybrid Analysis Blog: Analyzing the Newest Turla Backdoor Through the Eyes of Hybrid Analysis

Page URL History Show full URLs

  1. http://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1 HTTP 307
    https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.(?:blogspot|blogger)\.com
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

49
Requests

100 %
HTTPS

78 %
IPv6

7
Domains

8
Subdomains

9
IPs

2
Countries

2905 kB
Transfer

3330 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1 HTTP 307
    https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request analyzing-newest-turla-backdoor-through.html
hybrid-analysis.blogspot.com/2024/09/
Redirect Chain
  • http://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
  • https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
125 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5296f572843a4e0a5c812ca19184fbc4ac178c8c7a48a0b7cd9489054a0293ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
20484
content-type
text/html; charset=UTF-8
date
Wed, 25 Sep 2024 15:28:55 GMT
etag
W/"378851cf69adf263bfae49f726be7cca8227b4413d7a888ce80bd9d2d03c3043"
expires
Wed, 25 Sep 2024 15:28:55 GMT
last-modified
Tue, 24 Sep 2024 15:06:05 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Location
https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Non-Authoritative-Reason
HttpsUpgrades
1539816172-widget_css_mobile_2_bundle.css
www.blogger.com/static/v1/widgets/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/1539816172-widget_css_mobile_2_bundle.css
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd47e1c7c5792d78bb2849ce121d3b574e2057042d5f803dfc593b7ff5d5763a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

content-encoding
gzip
age
170267
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
x-content-type-options
nosniff
expires
Tue, 23 Sep 2025 16:11:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 16:11:08 GMT
last-modified
Sun, 22 Sep 2024 16:50:07 GMT
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
content-length
4934
x-xss-protection
0
server
sffe
logo_ha_new.svg
hybrid-analysis.com/img/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hybrid-analysis.com/img/logo_ha_new.svg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4c5fff9613669e30223df29007503561d86a73cb207d4cec6e511a088e79669
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.onetrust.com *.demdex.net *.adobedc.net *.cookielaw.org *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.adobedtm.com *.youtube.com *.cookielaw.org *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com cdn.jsdelivr.net *.typekit.net; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.cookielaw.org *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"14ed-62200b2994f00-gzip"
age
413
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
date
Wed, 25 Sep 2024 15:28:55 GMT
content-type
image/svg+xml
last-modified
Fri, 13 Sep 2024 14:04:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src 'none'; connect-src 'self' *.onetrust.com *.demdex.net *.adobedc.net *.cookielaw.org *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.adobedtm.com *.youtube.com *.cookielaw.org *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com cdn.jsdelivr.net *.typekit.net; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.cookielaw.org *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'none'
cache-control
public, max-age=86400
cf-ray
8c8c0bfc2f6c23df-ZRH
accept-ranges
bytes
content-length
1577
x-xss-protection
1; mode=block
server
cloudflare
AD_4nXf9J_irTk3hI178XefPjOU_r7pQ2hLAcFuxcEl94Mf6bzoEkWo81GwB7qRPovL8SZlzdqVynvrj_mFrKArfQxbVG0TAVEZcSzG8kAByUAKjgR5-hoM2MhNfkwyDKnpGWPqletqwww9FdPetsy88-ncrMDW-r7WIQ0NoYZLQrQ
lh7-rt.googleusercontent.com/docsz/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXf9J_irTk3hI178XefPjOU_r7pQ2hLAcFuxcEl94Mf6bzoEkWo81GwB7qRPovL8SZlzdqVynvrj_mFrKArfQxbVG0TAVEZcSzG8kAByUAKjgR5-hoM2MhNfkwyDKnpGWPqletqwww9FdPetsy88-ncrMDW-r7WIQ0NoYZLQrQ?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
119b34a998b5aee35d9a62c80e1257c880b15c1cc5406c2b2ba982f4db5a38fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
85441
x-xss-protection
0
server
fife
AD_4nXfkvFbQ_xiH8QuLxROtIxngQiwTfhgUzSvYytnFLDnN5OsqoHV0hJtDf5UasjQqaTm0vbw54bGD67vmLgLc3Cfz2NMQQTkiM3kx5yttlqE0YlKDyp732oxYt6cwHFnl7hqSnoFPJsfO9PaQ07BsIqBKXVsYY7J6aPOkLxj1MA
lh7-rt.googleusercontent.com/docsz/ 		430 KB
431 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXfkvFbQ_xiH8QuLxROtIxngQiwTfhgUzSvYytnFLDnN5OsqoHV0hJtDf5UasjQqaTm0vbw54bGD67vmLgLc3Cfz2NMQQTkiM3kx5yttlqE0YlKDyp732oxYt6cwHFnl7hqSnoFPJsfO9PaQ07BsIqBKXVsYY7J6aPOkLxj1MA?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
407d4b0f7800d0f869c18f35cee7a8cebc97d21ba61ecb1a5c27832a56248dce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
440722
x-xss-protection
0
server
fife
AD_4nXc6g8W3ANmZwa8bIJcChK5mj_23VDsOIcVhf3Ds6qWYR6afVCWWMyIQU0Tt3rENLOqnFJM2WymY_LFSM2qin_iC15xNuwBVEj1ZAogxfowLEExLXMIGGHMEBGjPSQsQFk1A8sNTLjQXQ6YjYXRWhv_7cI9VOwSvYeSms6p8
lh7-rt.googleusercontent.com/docsz/ 		105 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXc6g8W3ANmZwa8bIJcChK5mj_23VDsOIcVhf3Ds6qWYR6afVCWWMyIQU0Tt3rENLOqnFJM2WymY_LFSM2qin_iC15xNuwBVEj1ZAogxfowLEExLXMIGGHMEBGjPSQsQFk1A8sNTLjQXQ6YjYXRWhv_7cI9VOwSvYeSms6p8?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
146537a87487a00c4292271adfaf8e8aac595d931426ac87665260917d503e4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
107726
x-xss-protection
0
server
fife
AD_4nXc7W3-kVry9Km7zr7VAwo84HpUzWfunKGL11TluWa1RHLhMl0XkRYre5Ye7tXl_Wu1VqTMhRh7SQOBRS3tXx0TCfDrgPwImKQiwM8HOXSAS0f2aQzOqHoPtNPtoWvT0XS_GBpzJcTGv_AXEKLNn33E6-TzC0cfwkxQkpBY-Yw
lh7-rt.googleusercontent.com/docsz/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXc7W3-kVry9Km7zr7VAwo84HpUzWfunKGL11TluWa1RHLhMl0XkRYre5Ye7tXl_Wu1VqTMhRh7SQOBRS3tXx0TCfDrgPwImKQiwM8HOXSAS0f2aQzOqHoPtNPtoWvT0XS_GBpzJcTGv_AXEKLNn33E6-TzC0cfwkxQkpBY-Yw?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6b4ff3629db16ef1709d17361b55c4314238b6683fa8bb2c6bf60774aa39a84f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
45047
x-xss-protection
0
server
fife
AD_4nXc_aRe1rnDolKQI0DmbzA48MVVzevv0p8CcSrd7cFTG_Z7W93JIgp6yz4bmZkdwwj22ND4yFoi-jGCC1w_BQ9NKWsZ922B2QBDgvDJWSUwXUGKgXjqosg2Kmb-BwLqcgST6K8_9Eapo8VCslz-AiD8x0XTfRYcp9-dIRj06Gw
lh7-rt.googleusercontent.com/docsz/ 		72 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXc_aRe1rnDolKQI0DmbzA48MVVzevv0p8CcSrd7cFTG_Z7W93JIgp6yz4bmZkdwwj22ND4yFoi-jGCC1w_BQ9NKWsZ922B2QBDgvDJWSUwXUGKgXjqosg2Kmb-BwLqcgST6K8_9Eapo8VCslz-AiD8x0XTfRYcp9-dIRj06Gw?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3deb2fa9a4d7b5d7efe67bdfa73eccb9336721b4242fd2e4d86a3980b86f1e67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
74077
x-xss-protection
0
server
fife
AD_4nXd1Zoiv91LxRbz_gPqf6KuNBJUucUfQtkulMZrpr2zqTUFYqS1kLInEkOLLul64jEeyKegyp_RcZy13JcFJTFWYA3sOa7JOoDF7nt0rYqKWGaPxAKj5cI2CAP6QVWNU8hYLQ84g49lMxg5RCobudRQ5adBivZb2Ivfqh7uc
lh7-rt.googleusercontent.com/docsz/ 		82 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXd1Zoiv91LxRbz_gPqf6KuNBJUucUfQtkulMZrpr2zqTUFYqS1kLInEkOLLul64jEeyKegyp_RcZy13JcFJTFWYA3sOa7JOoDF7nt0rYqKWGaPxAKj5cI2CAP6QVWNU8hYLQ84g49lMxg5RCobudRQ5adBivZb2Ivfqh7uc?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3203adc74983310ef373b78d681626dd47e9040d3758b56e4e3ee7638c27e7a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
83765
x-xss-protection
0
server
fife
AD_4nXdvRna_Hd1bzj-7jCsnsjLVg0auq7ZETPF7Rt8Eo5QUd3-oUBRg6sF7T122LGxmktsqD4kBVD2uMJAl8ONvgm1-C_2BDkuSO6FvyTJRKrkYAO7mcAfNxdvpj854t-TKFpxXJI0pApR8xY-lQOCt1mUnfdKV2cKp45okvo0SzA
lh7-rt.googleusercontent.com/docsz/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXdvRna_Hd1bzj-7jCsnsjLVg0auq7ZETPF7Rt8Eo5QUd3-oUBRg6sF7T122LGxmktsqD4kBVD2uMJAl8ONvgm1-C_2BDkuSO6FvyTJRKrkYAO7mcAfNxdvpj854t-TKFpxXJI0pApR8xY-lQOCt1mUnfdKV2cKp45okvo0SzA?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
64f9636314c1ec9d6c539dfd5ab90e22a5ac2df4f1e1d9f835e1edc24b4dc4da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
37589
x-xss-protection
0
server
fife
AD_4nXcUS5GfGwAZxfA973VprqHkmWdH7JuDqdq4uc0odcNYrn-LIh3atMYe2yDX00-6qpNpuwquCzVb3lBl2jaX32QwWw_LWyOfFJmtvLKBeKAbUNe4haI8NQ9Y3NwAeDlosLQQdv_780GPr3fWA7iDurKwsRNBEhDlgM-1eD2_tA
lh7-rt.googleusercontent.com/docsz/ 		81 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcUS5GfGwAZxfA973VprqHkmWdH7JuDqdq4uc0odcNYrn-LIh3atMYe2yDX00-6qpNpuwquCzVb3lBl2jaX32QwWw_LWyOfFJmtvLKBeKAbUNe4haI8NQ9Y3NwAeDlosLQQdv_780GPr3fWA7iDurKwsRNBEhDlgM-1eD2_tA?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
03395fa2c34f83cc9c609d883bce70d78b90967956536770a7fc733ae23e20ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
82765
x-xss-protection
0
server
fife
AD_4nXcZk2CUTxc5oYOIVGMq28j2QbEuo2P3Bw2Q4XNwj-N9xNUS9DaBY4uPssqKljMs1RoWLCubNGd_Ki-yFZwGD1koc0-VmQ7uqSgNfLNaA2MExikTSNWvrDHJ_wU5lycTDjvp-2vtoUt7LMdRLITNp9hvDes1hnWXyeqrHnOv2A
lh7-rt.googleusercontent.com/docsz/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcZk2CUTxc5oYOIVGMq28j2QbEuo2P3Bw2Q4XNwj-N9xNUS9DaBY4uPssqKljMs1RoWLCubNGd_Ki-yFZwGD1koc0-VmQ7uqSgNfLNaA2MExikTSNWvrDHJ_wU5lycTDjvp-2vtoUt7LMdRLITNp9hvDes1hnWXyeqrHnOv2A?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
cc50d34c5e93db1bef884e8265eb25c384f678764cd63630eb1a61c05b708561
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
31688
x-xss-protection
0
server
fife
AD_4nXd3dlABupMcVnFP-DggiAOO0x3hw4l53w4bE7JA71ObC1gGuBJ4kYpm4vTEBN8GcVHa45iug9uHo3cXykzFgV2TiXoKXtwaBGbAUTxtUEaZylmK4thDCxz3C_BSVcW120WNKZSSg4iCkUN7xn0clWDmI54ymKs2NqMkg6fDbg
lh7-rt.googleusercontent.com/docsz/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXd3dlABupMcVnFP-DggiAOO0x3hw4l53w4bE7JA71ObC1gGuBJ4kYpm4vTEBN8GcVHa45iug9uHo3cXykzFgV2TiXoKXtwaBGbAUTxtUEaZylmK4thDCxz3C_BSVcW120WNKZSSg4iCkUN7xn0clWDmI54ymKs2NqMkg6fDbg?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
127be81bd88c0849383e4c8e7af3f195c0e9f7add409eef0f271d39d043c9423
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
30298
x-xss-protection
0
server
fife
AD_4nXe10TPT0fgZY9Ky2AQA3UYw_DzGYM7uw3ob8LxEBq-oYHIZFWd3-n_QMsh0cNNIAMQiIvzZ5KRmeiLDuv9MKprkLg9rvVdwdMqFKvpu-GGPQW7ZeF03ahbU-SXDDAA5wZ7TRfWw9nC9gmsMzyigIgY2jHr1BL3UK1nzbEL17Q
lh7-rt.googleusercontent.com/docsz/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXe10TPT0fgZY9Ky2AQA3UYw_DzGYM7uw3ob8LxEBq-oYHIZFWd3-n_QMsh0cNNIAMQiIvzZ5KRmeiLDuv9MKprkLg9rvVdwdMqFKvpu-GGPQW7ZeF03ahbU-SXDDAA5wZ7TRfWw9nC9gmsMzyigIgY2jHr1BL3UK1nzbEL17Q?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ab4cc8c3d34991543272f490078fc7be8d07beb7c508905cd0e053a723218db2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
5592
x-xss-protection
0
server
fife
AD_4nXcGoI4nLQHnprtC7ZuxUIk--fI_rrTP7C_WcE8xQXUkcCmC3YZR3riQvKZZ3zUJTg7yf9DwPrgtRiTDAcntCD3RwsoQ0U6Oj000alIYvS8DBsqJydcxCF8f3PDzXST7nn7Rad98lsOFRqibogE95WMGdqX-55kENSjcTrBvEQ
lh7-rt.googleusercontent.com/docsz/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcGoI4nLQHnprtC7ZuxUIk--fI_rrTP7C_WcE8xQXUkcCmC3YZR3riQvKZZ3zUJTg7yf9DwPrgtRiTDAcntCD3RwsoQ0U6Oj000alIYvS8DBsqJydcxCF8f3PDzXST7nn7Rad98lsOFRqibogE95WMGdqX-55kENSjcTrBvEQ?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
126a1631186fadee25dc3632cc20f58f7e8216a7d4168b361913e9ec31b49fb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
28687
x-xss-protection
0
server
fife
AD_4nXc372aXnlPb1GkLkug-R6b8isD8B88gZnsCE65DO_hw0QP2W1aPeIRuuUjc1DrxaD6jfvE_mXua8Ssdo-XQkmgvP88avVGY89d5pOQEJAz0HaYAqvU714X0n6iIlzR830QAqBJnmWMg1qDUUox_hKvYjgsT_ByOXO_IHCEWnw
lh7-rt.googleusercontent.com/docsz/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXc372aXnlPb1GkLkug-R6b8isD8B88gZnsCE65DO_hw0QP2W1aPeIRuuUjc1DrxaD6jfvE_mXua8Ssdo-XQkmgvP88avVGY89d5pOQEJAz0HaYAqvU714X0n6iIlzR830QAqBJnmWMg1qDUUox_hKvYjgsT_ByOXO_IHCEWnw?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1e7c76c5dd2f80cab4263b19987c4191930b7173f13650d4cc4f43b7fd71fa92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
26118
x-xss-protection
0
server
fife
AD_4nXdJTDeaM_5GLIN1pGiYq9fiEELkd39BIGwwl47DL4A2HoPviwzZqqJqXd1WztIU4sj4Ew_5JLHSMt7aKTKGiJbBhcoOU8oTzk6i0xpH2e5EyyiGcB2f7iixDicUtnParwhPxy-b-0w_Im-6g5Xf0U-XJknvxD_EBifV_wD16w
lh7-rt.googleusercontent.com/docsz/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXdJTDeaM_5GLIN1pGiYq9fiEELkd39BIGwwl47DL4A2HoPviwzZqqJqXd1WztIU4sj4Ew_5JLHSMt7aKTKGiJbBhcoOU8oTzk6i0xpH2e5EyyiGcB2f7iixDicUtnParwhPxy-b-0w_Im-6g5Xf0U-XJknvxD_EBifV_wD16w?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4fc4f4f6f50026d8bde20c36550b666e84b2a0b33edd0f10e90007bb10e9b28c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
66586
x-xss-protection
0
server
fife
AD_4nXcxUsJQVCragR88ftOcht24tDkC8TsFc4sm4uze8k9IGJYcOvSvUq4pY4zR2i-1GrIo1GMGP_2Q_p_svGp5YR5M4f4K3paPl8_j25sGAnb2mXQcDjnPfBO6q8lCo8i7GzrXNuqPStX0RF1caVXC3FZC_bBpEXnXkoj7bHh1Kg
lh7-rt.googleusercontent.com/docsz/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcxUsJQVCragR88ftOcht24tDkC8TsFc4sm4uze8k9IGJYcOvSvUq4pY4zR2i-1GrIo1GMGP_2Q_p_svGp5YR5M4f4K3paPl8_j25sGAnb2mXQcDjnPfBO6q8lCo8i7GzrXNuqPStX0RF1caVXC3FZC_bBpEXnXkoj7bHh1Kg?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
311728f14753a70119c6dca884b3d330bc9379f2c17745cbce32261786364c62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
53955
x-xss-protection
0
server
fife
AD_4nXcp12pfrKMxstas_k6XW5BXgYQj60hsXTlP0E6zQ-9HHghz1WRU0Ky3KEcpDE9vIyaMrj-HvfmMAnInVToqUS6cEvtt4s5JsncEUr36z1aFMFDQwaGrQc5pzns9XEI59JsWapfx3fwskeVKoYumOnQ4lz4beBC77GCpjLDm
lh7-rt.googleusercontent.com/docsz/ 		124 KB
124 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcp12pfrKMxstas_k6XW5BXgYQj60hsXTlP0E6zQ-9HHghz1WRU0Ky3KEcpDE9vIyaMrj-HvfmMAnInVToqUS6cEvtt4s5JsncEUr36z1aFMFDQwaGrQc5pzns9XEI59JsWapfx3fwskeVKoYumOnQ4lz4beBC77GCpjLDm?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1c87855b3db9456ebfc98a776e12a7a66f211e9d6d39a3162f1637f7f15d978f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
127227
x-xss-protection
0
server
fife
AD_4nXcfgEswcO88wgTDvDk78lV3atWbMnumYlH_JmjYMEhJzi9h9NV8_FCTyC3oPFu0xkXsrvurXPiz9RtKe8q8Tf3T8OOZS3noh45DWSCPliXWSRKKGO3kS1Iwcvv1lFOXISRFu-Gl1KahhFbGafZonntOVJrU1CAXP1O_yPpikg
lh7-rt.googleusercontent.com/docsz/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcfgEswcO88wgTDvDk78lV3atWbMnumYlH_JmjYMEhJzi9h9NV8_FCTyC3oPFu0xkXsrvurXPiz9RtKe8q8Tf3T8OOZS3noh45DWSCPliXWSRKKGO3kS1Iwcvv1lFOXISRFu-Gl1KahhFbGafZonntOVJrU1CAXP1O_yPpikg?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
da2ade222409a20a34da17f270a7f8fefa63b62908b894a6242444c4707de029
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
41080
x-xss-protection
0
server
fife
AD_4nXf9k96_OHZ72kofIga4yBF3aTHApuwoiHEO2vzrTohVqrymWxRYBExqFhocJj6PI2vDiahUgICsUsvDupmODNhF6y4PHGuuZv6_jmzpWQ4uEr86xa5wxCe_iJBXXb90OOIKOPsY9uilw3GdqZZ688ej8MP7DuFmpiaLxBG8bA
lh7-rt.googleusercontent.com/docsz/ 		81 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXf9k96_OHZ72kofIga4yBF3aTHApuwoiHEO2vzrTohVqrymWxRYBExqFhocJj6PI2vDiahUgICsUsvDupmODNhF6y4PHGuuZv6_jmzpWQ4uEr86xa5wxCe_iJBXXb90OOIKOPsY9uilw3GdqZZ688ej8MP7DuFmpiaLxBG8bA?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d9cbf88ae5088c4a1dc74b584e1bb37e4224a52074a21a0c8940b3eb2c733686
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
82794
x-xss-protection
0
server
fife
AD_4nXdqQdJlvjvWQrnc6Esq2-BvosbKrdL9hW592aXeyVs9D2VAbCweJpIwvdfL-aHhAzxbDt8f7y_n9EYwEX29e2L7GXEy6Vesjjg5oSOhkTsNxuzWqb9k3ARoX86I6k5cyt3SFsNx6odAnKafou-x-C9oCh2IC22tUJJeu2UoDQ
lh7-rt.googleusercontent.com/docsz/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXdqQdJlvjvWQrnc6Esq2-BvosbKrdL9hW592aXeyVs9D2VAbCweJpIwvdfL-aHhAzxbDt8f7y_n9EYwEX29e2L7GXEy6Vesjjg5oSOhkTsNxuzWqb9k3ARoX86I6k5cyt3SFsNx6odAnKafou-x-C9oCh2IC22tUJJeu2UoDQ?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
740a851356eee4dcc704c838da0e65e3d3f05727a115385ed1bb9cf03824677f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
42028
x-xss-protection
0
server
fife
AD_4nXdY6rra4CxdmMno9w031l8tp2XSgooYbDVMRtqSv2AVqYWc7Or_ryvBXPAL5vv8n7-ubn6foqL1Td6p_GkTA2--rmneGKtjPyczmFIqSFdGDlo1Lu7KIy7YImPjiUuEPT9dST3vvyXQ6H1AsrYWadharha7rB_TpFH56Ik6Pg
lh7-rt.googleusercontent.com/docsz/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXdY6rra4CxdmMno9w031l8tp2XSgooYbDVMRtqSv2AVqYWc7Or_ryvBXPAL5vv8n7-ubn6foqL1Td6p_GkTA2--rmneGKtjPyczmFIqSFdGDlo1Lu7KIy7YImPjiUuEPT9dST3vvyXQ6H1AsrYWadharha7rB_TpFH56Ik6Pg?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
30d7f628b09271b809fa87233c252c4413787d9b9854cc4db48a750fbb8ffcdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
65572
x-xss-protection
0
server
fife
AD_4nXf-TqYZ0uPAKzSKRLH4ZrxEc_FJa5GEjDHez_FSqyEmBRPH0HZKBnL4MQCKB3WN4SQ-1dN8upiuC1dDKUmZpPampzHGLjt-kIv_M9YnFpOiFl7TH5ktN_TAbTtoNeXfCjJ6Fs1MpljDMw_sMJKdQ3XkJbsS0Mk21CShVONZrw
lh7-rt.googleusercontent.com/docsz/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXf-TqYZ0uPAKzSKRLH4ZrxEc_FJa5GEjDHez_FSqyEmBRPH0HZKBnL4MQCKB3WN4SQ-1dN8upiuC1dDKUmZpPampzHGLjt-kIv_M9YnFpOiFl7TH5ktN_TAbTtoNeXfCjJ6Fs1MpljDMw_sMJKdQ3XkJbsS0Mk21CShVONZrw?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3a2ce3284161f52af6627b2ccb4b975e7cc1b82a039852da4a57281107618f53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
25475
x-xss-protection
0
server
fife
AD_4nXd3tjZqX5Qqs5KHXeydZXm8dGoGAr2SS_J3qQ208v006ncqdSQtu6PkDH3p8SGiK9xzjtNPNXaZevwiz3jN94gtRUIT80k79KZ3SxHd1RX58Ph2hw7RiMxHoLyWm53dULWaOm9Yoag12qJVkNYAqVi5oom74jPVDC6MuNCx1A
lh7-rt.googleusercontent.com/docsz/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXd3tjZqX5Qqs5KHXeydZXm8dGoGAr2SS_J3qQ208v006ncqdSQtu6PkDH3p8SGiK9xzjtNPNXaZevwiz3jN94gtRUIT80k79KZ3SxHd1RX58Ph2hw7RiMxHoLyWm53dULWaOm9Yoag12qJVkNYAqVi5oom74jPVDC6MuNCx1A?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
31df226f6c5e27d44ae96fec80532754f4ea61aedd8560e782cd29ccad8a715c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
32454
x-xss-protection
0
server
fife
AD_4nXcQAAwGQZrLLNQu7S08hv2CUUqLFtg8GNupQ6pV4ZJ4deSZ3vlNMoXoWdX6SYxWsdpfeU43MyzJeW9w5xCfJLNPeBHnEFHGoNJV_5WnP_YNlePhwdUVO5r22B42AlMTYa5VOrLDNOwYY8pZQjIykhcC1ccCKT8DTPMkHGIW
lh7-rt.googleusercontent.com/docsz/ 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcQAAwGQZrLLNQu7S08hv2CUUqLFtg8GNupQ6pV4ZJ4deSZ3vlNMoXoWdX6SYxWsdpfeU43MyzJeW9w5xCfJLNPeBHnEFHGoNJV_5WnP_YNlePhwdUVO5r22B42AlMTYa5VOrLDNOwYY8pZQjIykhcC1ccCKT8DTPMkHGIW?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2ede7a4a2405f75a8baf0a5bb1498320c18a2a446d39496f2ad7b1a5743eb2f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
96353
x-xss-protection
0
server
fife
AD_4nXfvOmJphT87Xw7ThyfWm7s0FegYMM5re5YkTxDZH8FgiTBp17HDkfFzAzg_OoocMs-ywLduYwRZPaaCK0F6LIGYEc0cUIxrnLNijeJYqq2iXKIoJGoq-eI5wkPIHOYsn2KfLJgRP4XV34XSll95jxrnemBSZWu-KMNDaQ_JhQ
lh7-rt.googleusercontent.com/docsz/ 		101 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXfvOmJphT87Xw7ThyfWm7s0FegYMM5re5YkTxDZH8FgiTBp17HDkfFzAzg_OoocMs-ywLduYwRZPaaCK0F6LIGYEc0cUIxrnLNijeJYqq2iXKIoJGoq-eI5wkPIHOYsn2KfLJgRP4XV34XSll95jxrnemBSZWu-KMNDaQ_JhQ?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c77e5cc78a1479754592cc1573ab776c57e158c6fa6a05555d7381bf4d374db4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
103613
x-xss-protection
0
server
fife
AD_4nXcf8Z9MeeKAj1JjNpU2Vqj4YvoGP6Zq0VUUF7OgxL8CZgdbQpYohExm8U0Z_3VUeVzHFIyIPJFg7pMZrN7_Ir-QysBkSxrhuvqmDKTW2zUe6J9gJOA6KxVK5fU9bqsCFMPi-wposi0qll0ta3vyrUcUkZMWafq-5r0CS5pBhg
lh7-rt.googleusercontent.com/docsz/ 		81 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcf8Z9MeeKAj1JjNpU2Vqj4YvoGP6Zq0VUUF7OgxL8CZgdbQpYohExm8U0Z_3VUeVzHFIyIPJFg7pMZrN7_Ir-QysBkSxrhuvqmDKTW2zUe6J9gJOA6KxVK5fU9bqsCFMPi-wposi0qll0ta3vyrUcUkZMWafq-5r0CS5pBhg?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
0feb77994b1aadc6cb0f02abd94f5c6bff023aa4d97d5cd033d38ed97d15a37a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
83181
x-xss-protection
0
server
fife
AD_4nXfJ8PSxyRqD58YRqteI7HhMoz6s8Lb6n_shV0mD5am1ry8MMKD0cIcCdB43lrlDepkfJ10cQtXIe49fLJBGWasxv3x1JFxRGfF4RRtSfCJKQys7XklTlP3_yXHk4_5A4ay_j5IN2GuZZ49o9uG3ThDKsC6Vf1qGyJ4-nmLetw
lh7-rt.googleusercontent.com/docsz/ 		121 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXfJ8PSxyRqD58YRqteI7HhMoz6s8Lb6n_shV0mD5am1ry8MMKD0cIcCdB43lrlDepkfJ10cQtXIe49fLJBGWasxv3x1JFxRGfF4RRtSfCJKQys7XklTlP3_yXHk4_5A4ay_j5IN2GuZZ49o9uG3ThDKsC6Vf1qGyJ4-nmLetw?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6840ddd7052ad1f9aa1a55e38ef51224a41126d00bb11bb43fe548e3598e5b32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
123819
x-xss-protection
0
server
fife
AD_4nXfDaTco01bu5r2hqjq6injNp0g7TpXP3KD0buwyoO6-6K0ebJcVwiGvMQakgh5ncBgnVQVJOaS8NC75qp_Fmcv4Pzbu2_AKhbKkocD0M1Laq40uw8ZuXfQnOCTC_64mvyqJm9hbyywAt7KGz2xpPkbUHHmUdUbyth9851mV_g
lh7-rt.googleusercontent.com/docsz/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXfDaTco01bu5r2hqjq6injNp0g7TpXP3KD0buwyoO6-6K0ebJcVwiGvMQakgh5ncBgnVQVJOaS8NC75qp_Fmcv4Pzbu2_AKhbKkocD0M1Laq40uw8ZuXfQnOCTC_64mvyqJm9hbyywAt7KGz2xpPkbUHHmUdUbyth9851mV_g?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9fc78aa1bea311d3c0222e52a0a4f2313d69564d2a50c08ae5741351e702265c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
55486
x-xss-protection
0
server
fife
AD_4nXdH99T5a_g4KHGOpoiM3c6Z5dIkvpkTuU5cez8rK_NT-Y5XF_yojOY_hzEp4FGd4u6C5etwTUOt6eXAx1ugFDwh8GdZC_JiGZG_5v5ewxt9x8EIUnDwETM7TBYjYQOuFu9km-0A7IcfYEZdj07z1Ncjc9QdR5Kw-ny_cggTOw
lh7-rt.googleusercontent.com/docsz/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXdH99T5a_g4KHGOpoiM3c6Z5dIkvpkTuU5cez8rK_NT-Y5XF_yojOY_hzEp4FGd4u6C5etwTUOt6eXAx1ugFDwh8GdZC_JiGZG_5v5ewxt9x8EIUnDwETM7TBYjYQOuFu9km-0A7IcfYEZdj07z1Ncjc9QdR5Kw-ny_cggTOw?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d8fd5ace73134ca3bf06b6d39b45e4542e6ee87b056b6e958adbd8ad89ee00ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
24980
x-xss-protection
0
server
fife
AD_4nXdo_OpSd485z6gOxdnWGWJIc_48Gd6XvygmFEGUeaDbGwVHfYOdqdXjv_GqCYHGcuBDZjpAM0jvmX6TsKCvpRiC3bscQeBIfiefntR8FtLhGH9jXtdLuO55YZ9L0PZt7xGnbNQ-eiPsP9782Ie5nvVqqSy6DM3TvAkmUpiTiA
lh7-rt.googleusercontent.com/docsz/ 		117 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXdo_OpSd485z6gOxdnWGWJIc_48Gd6XvygmFEGUeaDbGwVHfYOdqdXjv_GqCYHGcuBDZjpAM0jvmX6TsKCvpRiC3bscQeBIfiefntR8FtLhGH9jXtdLuO55YZ9L0PZt7xGnbNQ-eiPsP9782Ie5nvVqqSy6DM3TvAkmUpiTiA?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
85e0d583cc02ba932fae316ccdf7f4ca76b41fd564131aaa366d9bda47cbd311
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
119749
x-xss-protection
0
server
fife
AD_4nXdpQbZkdNhle6-5au68AqVMSCmr21geOu-EC9Y8qKHkR2M3xMAysLrgRMDo_Y6evdcj9gHSLeWg141UNZ03TObw_sWuaso3vfLW7PB7UD7wp3pG98fgcxfVQ_4taK88HuikAuX9MkmRaXEukcY8wAMDMoP0itbZHSBMFfZLMg
lh7-rt.googleusercontent.com/docsz/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXdpQbZkdNhle6-5au68AqVMSCmr21geOu-EC9Y8qKHkR2M3xMAysLrgRMDo_Y6evdcj9gHSLeWg141UNZ03TObw_sWuaso3vfLW7PB7UD7wp3pG98fgcxfVQ_4taK88HuikAuX9MkmRaXEukcY8wAMDMoP0itbZHSBMFfZLMg?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
55e4037701c06f2c44b0aecc0e013e5bb70638b933c906fcddc106ec9006e109
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
20340
x-xss-protection
0
server
fife
AD_4nXecZ1JuAP91ir8J3NSwlUvd0bPxuTLiQH_rNN2hGcDUILdsiAIpvqntfSVYn01Jyed9WlGpMQ6o0vPzklxYS7scMADS9xZbVRsHavQyBhbI1bEtihGXAkNqLL3PmkvZh2kgFYGB8ppyNDf-le0kkkyPP4eJim7RqMM0wie1Ig
lh7-rt.googleusercontent.com/docsz/ 		178 KB
178 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXecZ1JuAP91ir8J3NSwlUvd0bPxuTLiQH_rNN2hGcDUILdsiAIpvqntfSVYn01Jyed9WlGpMQ6o0vPzklxYS7scMADS9xZbVRsHavQyBhbI1bEtihGXAkNqLL3PmkvZh2kgFYGB8ppyNDf-le0kkkyPP4eJim7RqMM0wie1Ig?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5372de94f7db0b206314728992f3cab3217fb73f86cd445ac7390c8c452f9aae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
182295
x-xss-protection
0
server
fife
AD_4nXf6otodPM-e1-z-wLJWTHaubAG1BiPv5_ZWFo3zp9OUd8ZRJiPNV7KBx5e_HR7VhIP2gOPyzOGjKAFnk6iNch8WsRjzC-JdrUZ1ZL3i91730nnYBSuXWgwFUlyEXynCJNbjfio3SGAPZ149zjHcqhk9y3Hy672qT1GzDcLj
lh7-rt.googleusercontent.com/docsz/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXf6otodPM-e1-z-wLJWTHaubAG1BiPv5_ZWFo3zp9OUd8ZRJiPNV7KBx5e_HR7VhIP2gOPyzOGjKAFnk6iNch8WsRjzC-JdrUZ1ZL3i91730nnYBSuXWgwFUlyEXynCJNbjfio3SGAPZ149zjHcqhk9y3Hy672qT1GzDcLj?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f0f40f86b303aee7bf189bde6f5b7219b6f407727d77b3d27e249d0fb145865b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
38262
x-xss-protection
0
server
fife
AD_4nXeIipvAVop-OHWGWSKaEUlQm_D-jHcDFJlJWd21F3uLQXcUg3PmhLBtaN5BT1GQFNHDJfOT6yYukRpcOzuiiF5jYpuCXe78qzVB7xOTqXu5_VCkMZVVNlUMkzhIGVN4CagMC-7ZQyd8sfp_GzzdbiSGHttX3giIBXcdrEYrcg
lh7-rt.googleusercontent.com/docsz/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXeIipvAVop-OHWGWSKaEUlQm_D-jHcDFJlJWd21F3uLQXcUg3PmhLBtaN5BT1GQFNHDJfOT6yYukRpcOzuiiF5jYpuCXe78qzVB7xOTqXu5_VCkMZVVNlUMkzhIGVN4CagMC-7ZQyd8sfp_GzzdbiSGHttX3giIBXcdrEYrcg?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
70cb43f4f595de810b26785ed5058557615695da76e9e8eecf5551c855b29029
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
2952
x-xss-protection
0
server
fife
AD_4nXcwqJInKMCBmkcKo5sDHz3-VFIE5lzMx_VvL9mtPcHM4um3zE8_M2hBaxvf8eMFW5tQy5bJFoYVHCIxXlj47DpkrFuzWsFOz6baRKGF2hPsKQhza7VGoy16pGsosvA9atVbwy3PlZJ1o4NqxcTCOkZgBvRM2jjOV8JHaNk7DQ
lh7-rt.googleusercontent.com/docsz/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcwqJInKMCBmkcKo5sDHz3-VFIE5lzMx_VvL9mtPcHM4um3zE8_M2hBaxvf8eMFW5tQy5bJFoYVHCIxXlj47DpkrFuzWsFOz6baRKGF2hPsKQhza7VGoy16pGsosvA9atVbwy3PlZJ1o4NqxcTCOkZgBvRM2jjOV8JHaNk7DQ?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ce4a9d81c51fdd2a45317c91cf88d6c33bea08b6bc4514d6ddb2463be0e0b2f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
4835
x-xss-protection
0
server
fife
AD_4nXc_YX6ZeXMBcFK3tFu_DljaHE4dnRkJ_rSv0k6cqJM33sJpbwapk9NCR4B0lbFVyjSk3XCfBMfw8eeZ8e8Kn6QYmoBPIu53gB8i587Y3B37DR2uOs94Sd1IY3QiizI9iPVGb80WAI65rMc-Qhv2-R4KSI5fGZ78ywE3mVHzig
lh7-rt.googleusercontent.com/docsz/ 		128 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXc_YX6ZeXMBcFK3tFu_DljaHE4dnRkJ_rSv0k6cqJM33sJpbwapk9NCR4B0lbFVyjSk3XCfBMfw8eeZ8e8Kn6QYmoBPIu53gB8i587Y3B37DR2uOs94Sd1IY3QiizI9iPVGb80WAI65rMc-Qhv2-R4KSI5fGZ78ywE3mVHzig?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b6e3182524b4c3824f4d14103fbbeb774edcf95146108eba6fc8559df0e02fb6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
131441
x-xss-protection
0
server
fife
AD_4nXetCn9JlNeoo4esdllRpIK-n5PXDHz_BmXKG84Xx8v-oBaYxZLRuEj_6c2iBoxUE13ajR0_UlJ4-FBBKZ3y6Ms7TiCE_O_e7kZ6e1MWnZlEmHiGetwLest5yP2DdqdKefeWtY2cFEs3q_fIrDWtpPyRuMrVyCq6JmIGuLRegA
lh7-rt.googleusercontent.com/docsz/ 		97 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXetCn9JlNeoo4esdllRpIK-n5PXDHz_BmXKG84Xx8v-oBaYxZLRuEj_6c2iBoxUE13ajR0_UlJ4-FBBKZ3y6Ms7TiCE_O_e7kZ6e1MWnZlEmHiGetwLest5yP2DdqdKefeWtY2cFEs3q_fIrDWtpPyRuMrVyCq6JmIGuLRegA?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8657b04008d925a7b85b09a699c7547d684446d7b4104f23784db3bf6eb45316
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
99522
x-xss-protection
0
server
fife
AD_4nXcnKcA2dc0shR3Serv2LuDfGjaCgH1ngoybrIhVJhuI3-C_AIaBSu5nsFdI9epkUkNGSqX_bp9EYynD4F5L7ZxQCYEKE9HLO0MHZuModO70OQ64qMO5RWeMPHMxlX5WcsDKAzWImBLZ3QFZouuhe2tdhspqfpLtKgm7jG_k7w
lh7-rt.googleusercontent.com/docsz/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh7-rt.googleusercontent.com/docsz/AD_4nXcnKcA2dc0shR3Serv2LuDfGjaCgH1ngoybrIhVJhuI3-C_AIaBSu5nsFdI9epkUkNGSqX_bp9EYynD4F5L7ZxQCYEKE9HLO0MHZuModO70OQ64qMO5RWeMPHMxlX5WcsDKAzWImBLZ3QFZouuhe2tdhspqfpLtKgm7jG_k7w?key=AJmIN0XPQjZJjv3aXq7Hwg
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2b98ffbce52d7deaa1389d3d935742255e67958a25e849d161d7e0afed4a5d27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

access-control-expose-headers
Content-Length
etag
"v0"
age
0
x-content-type-options
nosniff
expires
Thu, 26 Sep 2024 15:28:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 15:28:55 GMT
content-disposition
inline;filename="unnamed.png"
content-type
image/png
vary
Origin
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
access-control-allow-origin
*
content-length
62617
x-xss-protection
0
server
fife
3138155095-widgets.js
www.blogger.com/static/v1/widgets/ 		142 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/3138155095-widgets.js
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f20887a6ab86b0928cd8828e294b9a6a4d09a27df5383982212c10314e194f7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

content-encoding
gzip
age
156044
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
x-content-type-options
nosniff
expires
Tue, 23 Sep 2025 20:08:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 20:08:11 GMT
last-modified
Mon, 23 Sep 2024 00:49:50 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
content-length
51437
x-xss-protection
0
server
sffe
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
content-encoding
gzip
age
7127
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 15:30:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
date
Wed, 25 Sep 2024 13:30:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
server
Golfe2
vary
Accept-Encoding
authorization.css
www.blogger.com/dyn-css/ 		1 B
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1892382564999138908&zx=cff42c46-cb6e-46e9-9ee9-1414ad1c3000
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-length
21
date
Wed, 25 Sep 2024 15:28:55 GMT
x-xss-protection
1; mode=block
content-type
text/css; charset=UTF-8
last-modified
Wed, 25 Sep 2024 15:28:55 GMT
server
GSE
x-frame-options
SAMEORIGIN
google_top_exp.js
pagead2.googlesyndication.com/pagead/js/ 		47 B
67 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/google_top_exp.js
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

content-encoding
br
etag
13036835877489095579
age
25890
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 08:17:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 25 Sep 2024 08:17:25 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
42
x-xss-protection
0
server
cafe
collect
www.google-analytics.com/j/ 		15 B
230 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=356753275&t=pageview&_s=1&dl=https%3A%2F%2Fhybrid-analysis.blogspot.com%2F2024%2F09%2Fanalyzing-newest-turla-backdoor-through.html%3Fm%3D1&ul=de-ch&de=UTF-8&dt=Hybrid%20Analysis%20Blog%3A%20Analyzing%20the%20Newest%20Turla%20Backdoor%20Through%20the%20Eyes%20of%20Hybrid%20Analysis&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=636940597&gjid=1259819255&cid=143734976.1727278136&tid=UA-49856974-3&_gid=543345832.1727278136&_r=1&_slc=1&z=2123537479
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
c0c32b8ed929586488bf97f66db8f3865ff4b00ece50a176c8916d5e20e00e6b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://hybrid-analysis.blogspot.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://hybrid-analysis.blogspot.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
date
Wed, 25 Sep 2024 15:28:55 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
server
Golfe2
authorization.css
www.blogger.com/dyn-css/ 		1 B
43 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1892382564999138908&zx=cff42c46-cb6e-46e9-9ee9-1414ad1c3000
Requested by
Host: hybrid-analysis.blogspot.com
URL: https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f137.1e100.net
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-length
21
date
Wed, 25 Sep 2024 15:28:55 GMT
x-xss-protection
1; mode=block
content-type
text/css; charset=UTF-8
last-modified
Wed, 25 Sep 2024 15:28:55 GMT
server
GSE
x-frame-options
SAMEORIGIN
js
www.googletagmanager.com/gtag/ 		284 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-0MMP1V2628&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bc6582b631bcabbfa045860d597b7c9a2d808a6a7e5606ac635eeea898364e4d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
br
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Wed, 25 Sep 2024 15:28:55 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100880
date
Wed, 25 Sep 2024 15:28:55 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-0MMP1V2628&gtm=45je49n0v9133648290za200&_p=1727278135866&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=de-ch&sr=1600x1200&cid=143734976.1727278136&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fhybrid-analysis.blogspot.com%2F2024%2F09%2Fanalyzing-newest-turla-backdoor-through.html%3Fm%3D1&dt=Hybrid%20Analysis%20Blog%3A%20Analyzing%20the%20Newest%20Turla%20Backdoor%20Through%20the%20Eyes%20of%20Hybrid%20Analysis&sid=1727278136&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=903
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0MMP1V2628&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://hybrid-analysis.blogspot.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 25 Sep 2024 15:28:56 GMT
content-type
text/plain
server
Golfe2
favicon.ico
hybrid-analysis.blogspot.com/ 		1 KB
838 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hybrid-analysis.blogspot.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
3d05a7e4cc59801d2d25766e5eace76f9722bebc5435a8503c5bc1c80757cc12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html?m=1

Response headers

cache-control
private, max-age=86400
content-encoding
gzip
etag
W/"378851cf69adf263bfae49f726be7cca8227b4413d7a888ce80bd9d2d03c3043"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 15:28:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
721
date
Wed, 25 Sep 2024 15:28:56 GMT
x-xss-protection
1; mode=block
content-type
image/x-icon
last-modified
Tue, 24 Sep 2024 15:06:05 GMT
server
GSE

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| GoogleAnalyticsObject function| ga function| setAttributeOnload function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| BLOG_BASE_IMAGE_URL string| BLOG_LANG_DIR string| __wavt boolean| google_empty_script_included object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| google_tag_manager

4 Cookies

Domain/Path Name / Value
.hybrid-analysis.blogspot.com/ Name: _ga
Value: GA1.3.143734976.1727278136
.hybrid-analysis.blogspot.com/ Name: _gid
Value: GA1.3.543345832.1727278136
.hybrid-analysis.blogspot.com/ Name: _gat_blogger
Value: 1
.hybrid-analysis.blogspot.com/ Name: _ga_0MMP1V2628
Value: GS1.3.1727278136.1.0.1727278136.0.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hybrid-analysis.blogspot.com
hybrid-analysis.com
lh7-rt.googleusercontent.com
pagead2.googlesyndication.com
region1.google-analytics.com
www.blogger.com
www.google-analytics.com
www.googletagmanager.com
142.250.185.66
172.217.16.137
2001:4860:4802:32::36
2606:4700:4400::6812:22b7
2a00:1450:4001:808::2009
2a00:1450:4001:813::200e
2a00:1450:4001:81c::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:831::2001
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
03395fa2c34f83cc9c609d883bce70d78b90967956536770a7fc733ae23e20ca
0feb77994b1aadc6cb0f02abd94f5c6bff023aa4d97d5cd033d38ed97d15a37a
119b34a998b5aee35d9a62c80e1257c880b15c1cc5406c2b2ba982f4db5a38fd
126a1631186fadee25dc3632cc20f58f7e8216a7d4168b361913e9ec31b49fb3
127be81bd88c0849383e4c8e7af3f195c0e9f7add409eef0f271d39d043c9423
146537a87487a00c4292271adfaf8e8aac595d931426ac87665260917d503e4e
1c87855b3db9456ebfc98a776e12a7a66f211e9d6d39a3162f1637f7f15d978f
1e7c76c5dd2f80cab4263b19987c4191930b7173f13650d4cc4f43b7fd71fa92
2b98ffbce52d7deaa1389d3d935742255e67958a25e849d161d7e0afed4a5d27
2ede7a4a2405f75a8baf0a5bb1498320c18a2a446d39496f2ad7b1a5743eb2f3
30d7f628b09271b809fa87233c252c4413787d9b9854cc4db48a750fbb8ffcdc
311728f14753a70119c6dca884b3d330bc9379f2c17745cbce32261786364c62
31df226f6c5e27d44ae96fec80532754f4ea61aedd8560e782cd29ccad8a715c
3203adc74983310ef373b78d681626dd47e9040d3758b56e4e3ee7638c27e7a7
3a2ce3284161f52af6627b2ccb4b975e7cc1b82a039852da4a57281107618f53
3d05a7e4cc59801d2d25766e5eace76f9722bebc5435a8503c5bc1c80757cc12
3deb2fa9a4d7b5d7efe67bdfa73eccb9336721b4242fd2e4d86a3980b86f1e67
407d4b0f7800d0f869c18f35cee7a8cebc97d21ba61ecb1a5c27832a56248dce
4fc4f4f6f50026d8bde20c36550b666e84b2a0b33edd0f10e90007bb10e9b28c
5296f572843a4e0a5c812ca19184fbc4ac178c8c7a48a0b7cd9489054a0293ae
5372de94f7db0b206314728992f3cab3217fb73f86cd445ac7390c8c452f9aae
55e4037701c06f2c44b0aecc0e013e5bb70638b933c906fcddc106ec9006e109
64f9636314c1ec9d6c539dfd5ab90e22a5ac2df4f1e1d9f835e1edc24b4dc4da
6840ddd7052ad1f9aa1a55e38ef51224a41126d00bb11bb43fe548e3598e5b32
6b4ff3629db16ef1709d17361b55c4314238b6683fa8bb2c6bf60774aa39a84f
70cb43f4f595de810b26785ed5058557615695da76e9e8eecf5551c855b29029
740a851356eee4dcc704c838da0e65e3d3f05727a115385ed1bb9cf03824677f
85e0d583cc02ba932fae316ccdf7f4ca76b41fd564131aaa366d9bda47cbd311
8657b04008d925a7b85b09a699c7547d684446d7b4104f23784db3bf6eb45316
9fc78aa1bea311d3c0222e52a0a4f2313d69564d2a50c08ae5741351e702265c
ab4cc8c3d34991543272f490078fc7be8d07beb7c508905cd0e053a723218db2
b6e3182524b4c3824f4d14103fbbeb774edcf95146108eba6fc8559df0e02fb6
bc6582b631bcabbfa045860d597b7c9a2d808a6a7e5606ac635eeea898364e4d
c0c32b8ed929586488bf97f66db8f3865ff4b00ece50a176c8916d5e20e00e6b
c77e5cc78a1479754592cc1573ab776c57e158c6fa6a05555d7381bf4d374db4
cc50d34c5e93db1bef884e8265eb25c384f678764cd63630eb1a61c05b708561
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2
ce4a9d81c51fdd2a45317c91cf88d6c33bea08b6bc4514d6ddb2463be0e0b2f0
d8fd5ace73134ca3bf06b6d39b45e4542e6ee87b056b6e958adbd8ad89ee00ab
d9cbf88ae5088c4a1dc74b584e1bb37e4224a52074a21a0c8940b3eb2c733686
da2ade222409a20a34da17f270a7f8fefa63b62908b894a6242444c4707de029
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
f0f40f86b303aee7bf189bde6f5b7219b6f407727d77b3d27e249d0fb145865b
f20887a6ab86b0928cd8828e294b9a6a4d09a27df5383982212c10314e194f7a
f4c5fff9613669e30223df29007503561d86a73cb207d4cec6e511a088e79669
fd47e1c7c5792d78bb2849ce121d3b574e2057042d5f803dfc593b7ff5d5763a