urlscan.io logo urlscan.io
SecurityTrails logo

www.securityweek.com Open in urlscan Pro
2606:4700:20::6818:a103  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Submission: On June 11 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 4 countries across 14 domains to perform 94 HTTP transactions. The main IP is 2606:4700:20::6818:a103, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.securityweek.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 4th 2019. Valid for: 10 months.
This is the only time www.securityweek.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
40 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f11... 32934 (FACEBOOK)
7 2606:2800:234... 15133 (EDGECAST)
2 2 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
2 2620:119:50e4... 14413 (LINKEDIN)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 216.58.210.2 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 1 104.244.42.200 13414 (TWITTER)
6 168.62.202.120 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
2 137.135.51.188 8075 (MICROSOFT...)
94 21
40    2606:4700:20::6818:a103 (United States)

ASN13335 (CLOUDFLARENET, US)
www.securityweek.com
1    2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
7    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    2a02:26f0:10c:39a::25eb (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
platform.linkedin.com
2    2620:119:50e4:101::6cae:b58 (United States)

ASN14413 (LINKEDIN, US)
platform-src.linkedin.com
1    2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
6    2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
1    2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
4    216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s07-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2a00:1450:4001:81c::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2a00:1450:4001:81a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ecb79a91d4a6228329213223132f0e04.safeframe.googlesyndication.com
5    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.google-analytics.com
1    2a00:1450:4001:815::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cse.google.com
3    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
3    2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
6    168.62.202.120 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
app.brightinfo.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    137.135.51.188 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bia.brightinfo.com
Domain Requested by
40 www.securityweek.com www.securityweek.com
ajax.cloudflare.com
7 platform.twitter.com ajax.cloudflare.com
platform.twitter.com
6 app.brightinfo.com www.securityweek.com
app.brightinfo.com
6 apis.google.com www.securityweek.com
apis.google.com
5 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.securityweek.com
tpc.googlesyndication.com
cdn.ampproject.org
4 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.securityweek.com
3 pagead2.googlesyndication.com securepubads.g.doubleclick.net
3 cdn.ampproject.org securepubads.g.doubleclick.net
3 ssl.google-analytics.com www.securityweek.com
2 bia.brightinfo.com app.brightinfo.com
2 www.google-analytics.com app.brightinfo.com
2 platform-src.linkedin.com www.securityweek.com
2 platform.linkedin.com 2 redirects
2 www.facebook.com www.securityweek.com
1 syndication.twitter.com 1 redirects
1 cse.google.com
1 www.google.com 1 redirects
1 ecb79a91d4a6228329213223132f0e04.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 accounts.google.com apis.google.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 www.googletagservices.com www.securityweek.com
1 ajax.cloudflare.com www.securityweek.com
0 securityweek.disqus.com Failed www.securityweek.com
94 24
Subject Issuer Validity Valid
securityweek.com
CloudFlare Inc ECC CA-2		 2019-12-04 -
2020-10-09		 10 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-05-14 -
2020-08-05		 3 months crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA		 2019-11-12 -
2020-11-18		 a year crt.sh
static-src.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-03-04 -
2020-09-04		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-05-20 -
2020-08-12		 3 months crt.sh
*.apis.google.com
GTS CA 1O1		 2020-05-26 -
2020-08-18		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-05-26 -
2020-08-18		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-05-20 -
2020-08-12		 3 months crt.sh
accounts.google.com
GTS CA 1O1		 2020-05-26 -
2020-08-18		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-05-20 -
2020-08-12		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-05-26 -
2020-08-18		 3 months crt.sh
misc-sni.google.com
GTS CA 1O1		 2020-05-20 -
2020-08-12		 3 months crt.sh
*.brightinfo.com
DigiCert SHA2 Secure Server CA		 2020-03-11 -
2021-03-16		 a year crt.sh

This page contains 14 frames:

Primary Page: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Frame ID: 014EDBD05AA66B2C64A77CB48950D493
Requests: 75 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
Frame ID: 5EFA43B1FFC86A0CC8FF279E1D1B2D2B
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
Frame ID: 0CA00D8A948AFECEB90FA006BDB28F53
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
Frame ID: 37CCC75158E854733A8F2D3B27F4BB98
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
Frame ID: 9A0153E74B634C828F19E45515A70342
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
Frame ID: B53386337F00786B0BF875AD85FF00E6
Requests: 1 HTTP requests in this frame

Frame: https://www.securityweek.com/ad.html
Frame ID: D42400E11DFDAFAF19A7C4BE5644A970
Requests: 1 HTTP requests in this frame

Frame: https://www.securityweek.com/ad.html
Frame ID: 22F39C2E5CB9FBAE7EFFC28519014165
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.86df6234483a1fa251e365dd8643c136.html?origin=https%3A%2F%2Fwww.securityweek.com
Frame ID: FAA67D3918D257CDB648AFCAA1C89C51
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012005262159000/amp4ads-v0.js
Frame ID: 87C31523380DB09200D735C59EDB77AE
Requests: 8 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.86df6234483a1fa251e365dd8643c136.en.html
Frame ID: BA4CF29FEC799EB9B28A1A3B0C0C2D9E
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.86df6234483a1fa251e365dd8643c136.en.html
Frame ID: 2CFE116ECB8BF7A2432FAEF100A244C1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: EE55C460EDB0778DD1B943F10AAD3791
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 610539AE62F1F69F543A9FB1AC837D34
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
  • headers expires /19 Nov 1978/i
Overall confidence: 100%
Detected patterns
  • html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
  • headers expires /19 Nov 1978/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i

Page Statistics

94
Requests

98 %
HTTPS

83 %
IPv6

14
Domains

24
Subdomains

21
IPs

4
Countries

1946 kB
Transfer

3912 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40
  • https://platform.linkedin.com/in.js HTTP 302
  • https://platform-src.linkedin.com/in.js
Request Chain 45
  • https://platform.linkedin.com/in.js HTTP 302
  • https://platform-src.linkedin.com/in.js
Request Chain 61
  • https://www.google.com/coop/intl/en/images/google_custom_search_watermark.gif HTTP 302
  • https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
Request Chain 81
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html

94 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request oski-stealer-targets-browser-data-crypto-wallets-us
www.securityweek.com/ 		40 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
d7794297f58b6f9ca9c212991022065f8d8d11d4eb9095c342570f81340585fd

Request headers

:method
GET
:authority
www.securityweek.com
:scheme
https
:path
/oski-stealer-targets-browser-data-crypto-wallets-us
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Thu, 11 Jun 2020 22:04:25 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=dd3cfb6824998bf841ffa6f98f54180c31591913064; expires=Sat, 11-Jul-20 22:04:24 GMT; path=/; domain=.securityweek.com; HttpOnly; SameSite=Lax; Secure SESSc3f2c9572aa8f3f5ea6f60501affecb3=2bbb9c4cadd68248d54f0704f3b351fa; expires=Sun, 05-Jul-2020 01:37:44 GMT; path=/; domain=.securityweek.com
x-powered-by
PHP/5.3.29
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
store, no-cache, must-revalidate, post-check=0, pre-check=0
last-modified
Thu, 11 Jun 2020 22:04:24 GMT
cf-cache-status
DYNAMIC
cf-request-id
034702bf6d0000dfcfe0a1a200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5a1ea0abec34dfcf-FRA
content-encoding
br
MtZjAddKzhFJoLq5xYGl1vZkDn8.js
www.securityweek.com/cdn-cgi/apps/head/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/cdn-cgi/apps/head/MtZjAddKzhFJoLq5xYGl1vZkDn8.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8dd5483dc29044f06c3a45f8fd05d0f122a2b4315292df6da919775189351c9

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
br
cf-cache-status
HIT
age
1648025
status
200
x-amz-request-id
BC599424B53C25A4
x-amz-id-2
fwcVcNWzkpqZwPRofhh24Q35lGX4L+wPw3P6JxBkbnm+NhrNYhLnQSESwpO3rR0YeoeN0WBqNxQ=
last-modified
Tue, 04 Dec 2018 19:44:59 GMT
server
cloudflare
etag
W/"6998744eb932e2ecef296a28191978ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
JCMgPdMNLoo3bIn5Dbz15QtzSlH_yitT
cf-request-id
034702c2480000dfcfe0a51200000001
cf-ray
5a1ea0b07da8dfcf-FRA
css_67c9add0b878d07848e48c62a535ad60.css
www.securityweek.com/sites/default/files/css/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/sites/default/files/css/css_67c9add0b878d07848e48c62a535ad60.css
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d10a778caafc69e25249f7b7fa00a1bfaa240991b6c7cdedb7f562fff418eb21

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
br
cf-cache-status
HIT
age
159791
cf-polished
origSize=24799
status
200
cf-request-id
034702c2470000dfcfe0a4f200000001
last-modified
Wed, 10 Jun 2020 01:34:35 GMT
server
cloudflare
etag
W/"3c18d4-60df-5a7b0d8bb48ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
expires
Wed, 24 Jun 2020 01:41:14 GMT
cache-control
max-age=1209600
cf-ray
5a1ea0b07da0dfcf-FRA
cf-bgj
minify
css_8874e61fc98c90e5a1878df15084db2d.css
www.securityweek.com/sites/default/files/css/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0deae7d488b0316e0149f1dc2caec46821b2272127b61b4ffadf6f99a303ea16

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
br
cf-cache-status
HIT
age
160100
cf-polished
origSize=27647
status
200
cf-request-id
034702c2480000dfcfe0a50200000001
last-modified
Wed, 10 Jun 2020 01:34:35 GMT
server
cloudflare
etag
W/"3c18d8-6bff-5a7b0d8bb5466"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
expires
Wed, 24 Jun 2020 01:36:05 GMT
cache-control
max-age=1209600
cf-ray
5a1ea0b07da4dfcf-FRA
cf-bgj
minify
securityweek_logo.jpg
www.securityweek.com/sites/default/files/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/default/files/securityweek_logo.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54d6b160853e82e8543a0ba21ecfb80acc0313dd7cbfafe5fd636cf0186b0728

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
581805
cf-polished
origSize=20250
status
200
content-length
19825
cf-request-id
034702c26a0000dfcfe0a56200000001
last-modified
Thu, 01 Jan 2015 16:34:13 GMT
server
cloudflare
etag
"3a192b-4f1a-50b99cb580b40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 19 Jun 2020 04:27:40 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae18dfcf-FRA
cf-bgj
imgq:100,h2pri
SecuritySummit-Virtual-Events70x250.jpg
www.securityweek.com/sites/default/files/logos/ 		229 KB
230 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/default/files/logos/SecuritySummit-Virtual-Events70x250.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd0ae4c75772a426709fce9cae5b2f12fb303783325cb30b10d0fa7bbcd8e8e

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
123031
cf-polished
origSize=260356
status
200
content-length
234949
cf-request-id
034702c26a0000dfcfe0a57200000001
last-modified
Wed, 01 Apr 2020 11:38:51 GMT
server
cloudflare
etag
"c605ac-3f904-5a23920d680b3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 24 Jun 2020 11:53:54 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae19dfcf-FRA
cf-bgj
imgq:100
picture-142.jpg
www.securityweek.com/sites/default/files/imagecache/auth_story/pictures/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/default/files/imagecache/auth_story/pictures/picture-142.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cad15592b75353dd5594a8ddcbbea0cfc663001bd86413990b44956c5fde825

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
739838
cf-polished
origSize=2275
status
200
content-length
1886
cf-request-id
034702c26a0000dfcfe0a58200000001
last-modified
Wed, 31 Aug 2016 11:41:29 GMT
server
cloudflare
etag
"3c191c-8e3-53b5c9400d9a0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 17 Jun 2020 08:33:47 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae1bdfcf-FRA
cf-bgj
imgq:100
RSS-Icon.png
www.securityweek.com/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/RSS-Icon.png
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0052405943de6e39694e6f192e6e96ae8f7f3fdfcedef5c2f1a14477daf9ca2

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789252
cf-polished
origSize=2844
status
200
content-length
2610
cf-request-id
034702c26a0000dfcfe0a59200000001
last-modified
Wed, 06 Oct 2010 06:57:24 GMT
server
cloudflare
etag
"1e133b-b1c-491ed4a241d00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
expires
Tue, 16 Jun 2020 18:50:13 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae1ddfcf-FRA
cf-bgj
imgq:100
Oski.png
www.securityweek.com/sites/default/files/images/ 		282 KB
282 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/default/files/images/Oski.png
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
227fc18b18cb68fa4f1f03736d9237340313f375cb3451a1b11178c7e4d9ca40

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
MISS
last-modified
Mon, 13 Jan 2020 13:48:26 GMT
server
cloudflare
etag
"c6051e-466b6-59c05bac82402"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae1edfcf-FRA
content-length
288438
cf-request-id
034702c26a0000dfcfe0a5a200000001
expires
Thu, 25 Jun 2020 22:04:25 GMT
serve.php
www.securityweek.com/sites/all/modules/ad/ 		695 B
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1296
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 11 Jun 2020 22:04:25 GMT
server
cloudflare
x-powered-by
PHP/5.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/jpeg
status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
5a1ea0b0ae1fdfcf-FRA
cf-request-id
034702c26a0000dfcfe0a5b200000001
expires
Mon, 26 Jul 1997 05:00:00 GMT
serve.php
www.securityweek.com/sites/all/modules/ad/ 		695 B
889 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=894
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 11 Jun 2020 22:04:25 GMT
server
cloudflare
x-powered-by
PHP/5.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/jpeg
status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
5a1ea0b0ae21dfcf-FRA
cf-request-id
034702c26a0000dfcfe0a5c200000001
expires
Mon, 26 Jul 1997 05:00:00 GMT
serve.php
www.securityweek.com/sites/all/modules/ad/ 		695 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=693
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 11 Jun 2020 22:04:25 GMT
server
cloudflare
x-powered-by
PHP/5.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/jpeg
status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
5a1ea0b0ae24dfcf-FRA
cf-request-id
034702c26a0000dfcfe0a5d200000001
expires
Mon, 26 Jul 1997 05:00:00 GMT
serve.php
www.securityweek.com/sites/all/modules/ad/ 		695 B
880 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=683
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 11 Jun 2020 22:04:25 GMT
server
cloudflare
x-powered-by
PHP/5.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/jpeg
status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
5a1ea0b0ae26dfcf-FRA
cf-request-id
034702c26a0000dfcfe0a5e200000001
expires
Mon, 26 Jul 1997 05:00:00 GMT
serve.php
www.securityweek.com/sites/all/modules/ad/ 		695 B
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1030
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 11 Jun 2020 22:04:25 GMT
server
cloudflare
x-powered-by
PHP/5.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/jpeg
status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
5a1ea0b0ae28dfcf-FRA
cf-request-id
034702c26a0000dfcfe0a5f200000001
expires
Mon, 26 Jul 1997 05:00:00 GMT
tag_icon.jpg
www.securityweek.com/images/ 		660 B
858 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/tag_icon.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e9f1c88100e1e9b1e9f112e4e1839a32ce9d8f5694ebd4bb4ed64308d731abe

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
781688
cf-polished
origSize=680
status
200
content-length
660
cf-request-id
034702c26a0000dfcfe0a60200000001
last-modified
Fri, 06 Aug 2010 07:41:12 GMT
server
cloudflare
etag
"1e133a-2a8-48d22ca765600"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 20:56:17 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae2bdfcf-FRA
cf-bgj
imgq:100
security_newsletter.gif
www.securityweek.com/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/security_newsletter.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
200abde0c426b23abe8a9c501ab4e8e72c048cc0653203817cc9ff96cc6e394d

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
581936
cf-polished
status=not_needed
status
200
content-length
1084
cf-request-id
034702c26a0000dfcfe0a61200000001
last-modified
Fri, 22 Apr 2011 17:43:08 GMT
server
cloudflare
etag
"1e134c-43c-4a185640ae300"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Fri, 19 Jun 2020 04:25:29 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae2cdfcf-FRA
cf-bgj
imgq:100,h2pri
subscribe_icon_new_03.jpg
www.securityweek.com/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/subscribe_icon_new_03.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39b67a626bf990ef239c8f32322b0fea0df01ec6d13257ff06f4a7fbd7215ccf

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
origSize=2535
status
200
content-length
2521
cf-request-id
034702c26a0000dfcfe0a62200000001
last-modified
Mon, 22 Mar 2010 15:43:36 GMT
server
cloudflare
etag
"1e1333-9e7-482658f665a00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 18:50:13 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae2ddfcf-FRA
cf-bgj
imgq:100
subscribe_icon_new_05.jpg
www.securityweek.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/subscribe_icon_new_05.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aad13bf04035f24eb4ffbbddd432dfb8dd0cdeac853943a26b9cd451ed517edc

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
581444
cf-polished
origSize=2237
status
200
content-length
2215
cf-request-id
034702c26a0000dfcfe0a63200000001
last-modified
Mon, 22 Mar 2010 15:43:38 GMT
server
cloudflare
etag
"1e1332-8bd-482658f84de80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 19 Jun 2020 04:33:41 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae2edfcf-FRA
cf-bgj
imgq:100,h2pri
subscribe_icon_new_07.jpg
www.securityweek.com/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/subscribe_icon_new_07.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
363cb466cb44913b8c880111c017a4bbdd2ab9f83db0fbc9082fffd2752a9998

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
1160068
cf-polished
origSize=2488
status
200
content-length
2467
cf-request-id
034702c26a0000dfcfe0a64200000001
last-modified
Mon, 22 Mar 2010 15:43:40 GMT
server
cloudflare
etag
"1e132e-9b8-482658fa36300"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 12 Jun 2020 11:49:56 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae30dfcf-FRA
cf-bgj
imgq:100
rss_icon_new_11.jpg
www.securityweek.com/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/rss_icon_new_11.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99f599f5ce506f5157d56040e57c4379648c7ec0c1ae8e339c74854d12fd51be

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
256335
cf-polished
origSize=2696
status
200
content-length
2681
cf-request-id
034702c26a0000dfcfe0a65200000001
last-modified
Mon, 22 Mar 2010 15:43:34 GMT
server
cloudflare
etag
"1e1338-a88-482658f47d580"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Mon, 22 Jun 2020 22:52:09 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae31dfcf-FRA
cf-bgj
imgq:100,h2pri
Darktrace-Email-Security-300x250.jpg
www.securityweek.com/sites/default/files/product_images/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/default/files/product_images/Darktrace-Email-Security-300x250.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d28483d8562547a0465e8356d45822faaa4a1319a0cb818dd736a554ffe78a6a

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
101526
cf-polished
origSize=47991
status
200
content-length
42387
cf-request-id
034702c26a0000dfcfe0a66200000001
last-modified
Wed, 27 May 2020 17:27:16 GMT
server
cloudflare
etag
"c605c4-bb77-5a6a485f84c08"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 24 Jun 2020 17:52:19 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae32dfcf-FRA
cf-bgj
imgq:100,h2pri
wired_publishing.jpg
www.securityweek.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/images/wired_publishing.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48a93ab79e97cebdb0a614f94a9a9ef592729dd86b58db65c84c50776a9ed26

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
origSize=2601
status
200
content-length
2072
cf-request-id
034702c26a0000dfcfe0a67200000001
last-modified
Wed, 08 Dec 2010 15:26:32 GMT
server
cloudflare
etag
"1e132d-a29-496e7bef23a00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 18:50:13 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae37dfcf-FRA
cf-bgj
imgq:100
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Wed, 10 Jun 2020 17:45:48 GMT
server
cloudflare
etag
W/"5ee11c4c-3016"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
5a1ea0b0ae8b05b3-FRA
cf-request-id
034702c268000005b32c190200000001
expires
Sat, 13 Jun 2020 22:04:25 GMT
JsfVAji5wHtjMw9KWartCq34fZY.js
www.securityweek.com/cdn-cgi/apps/body/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/cdn-cgi/apps/body/JsfVAji5wHtjMw9KWartCq34fZY.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/apps/head/MtZjAddKzhFJoLq5xYGl1vZkDn8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c9b185e1e937971dfedaafecf01bc14813a2ece31cc9af4a2097f9b3ecb061d

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
br
cf-cache-status
HIT
age
16513169
status
200
x-amz-request-id
CE3A0B6C73B139C6
x-amz-id-2
PRMFOvKJosTdQSSE9hk7Y7+FuzS42K8CxePCyVPVv11KMkMLNndnkL/yCFiRUC1NKEJ4VSIAvrI=
last-modified
Tue, 04 Dec 2018 19:44:58 GMT
server
cloudflare
etag
W/"cb0ca31f11dc8247de26e3dcd49db722"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
h5OK1yTQAx2t7V4blDMielr1pB4gwYKR
cf-request-id
034702c26a0000dfcfe0a68200000001
cf-ray
5a1ea0b0ae39dfcf-FRA
like.php
www.facebook.com/plugins/ Frame 5EFA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

status
200
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
strict-transport-security
max-age=15552000; preload
content-encoding
br
timing-allow-origin
*
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-type
text/html; charset="utf-8"
x-fb-debug
vaTaV6iSzaaKFaRoUEUwsPQ1N36uPfOJQgeWg/ELYxmqNVlGe8VoO4fL79ZF8azp85YxNuUVoyXOvm/7hGO+Lw==
date
Thu, 11 Jun 2020 22:04:25 GMT Thu, 11 Jun 2020 22:04:25 GMT
alt-svc
h3-27=":443"; ma=3600
like.php
www.facebook.com/plugins/ Frame 0CA0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

status
200
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
strict-transport-security
max-age=15552000; preload
content-encoding
br
timing-allow-origin
*
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-type
text/html; charset="utf-8"
x-fb-debug
y9NqCUiqjCOpW4ibxE6tAPAlUmoOHS6SJU174l1MfDTp3mBxcmYUwTtnHFhxRKxjV/MONSsD20tKF3hzkXE3kw==
date
Thu, 11 Jun 2020 22:04:25 GMT Thu, 11 Jun 2020 22:04:25 GMT
alt-svc
h3-27=":443"; ma=3600
bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		622 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0eb8c78b4dfa8b3591631c3dc0bc82b82fac561d7f42e735c06bccd28261bfa9

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
origSize=13217
status
200
content-length
622
cf-request-id
034702c26a0000dfcfe0a69200000001
last-modified
Sat, 09 Aug 2014 20:02:44 GMT
server
cloudflare
etag
"3c0013-33a1-50037ce116100"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 18:50:13 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ae3adfcf-FRA
cf-bgj
imgq:100
menu-leaf.gif
www.securityweek.com/sites/all/themes/securityweek/images/icons/ 		175 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/icons/menu-leaf.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
913e0bff2ebdfd8aa46e82e8282910638f68fdb9f56f447f1f6b259f3fe5e539

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
status=not_needed
status
200
content-length
175
cf-request-id
034702c2720000dfcfe0a6a200000001
last-modified
Mon, 22 Mar 2010 15:27:51 GMT
server
cloudflare
etag
"3c002d-af-482655712cbc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 16 Jun 2020 18:50:13 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0be3cdfcf-FRA
cf-bgj
imgq:100
header_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		368 B
535 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/header_bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38fddc9062d968d14ab085099d5de0f3ef3900d8db2ba7d0f0f67cfd3dc64732

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
origSize=387
status
200
content-length
368
cf-request-id
034702c2720000dfcfe0a6b200000001
last-modified
Mon, 22 Mar 2010 15:27:31 GMT
server
cloudflare
etag
"3c0020-183-4826555e19ec0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 18:50:14 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0be3ddfcf-FRA
cf-bgj
imgq:100
nav_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		481 B
664 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/nav_bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbef11bff1d217c890ec20d5759379b8879cc1b44943b7200a41aeab7293743b

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
1164705
cf-polished
origSize=500
status
200
content-length
481
cf-request-id
034702c2720000dfcfe0a6c200000001
last-modified
Mon, 22 Mar 2010 15:28:13 GMT
server
cloudflare
etag
"3c001b-1f4-4826558627d40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 12 Jun 2020 10:32:40 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0be3edfcf-FRA
cf-bgj
imgq:100
menu-expanded.gif
www.securityweek.com/sites/all/themes/securityweek/images/icons/ 		183 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/icons/menu-expanded.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa76185f417cf85d7029b35e3a6544d4495402e17f76a32633b5ba80a81faa26

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
status=not_needed
status
200
content-length
183
cf-request-id
034702c2720000dfcfe0a6d200000001
last-modified
Mon, 22 Mar 2010 15:27:50 GMT
server
cloudflare
etag
"3c002a-b7-4826557038980"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 16 Jun 2020 18:50:14 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0be3fdfcf-FRA
cf-bgj
imgq:100
line_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/line_dotted.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19c3d03351d11b3bf4c98af1f0094d0dfc2ed7114d08afb76840333461644e9c

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
398263
cf-polished
origSize=3724
status
200
content-length
3199
cf-request-id
034702c2720000dfcfe0a6e200000001
last-modified
Sun, 15 Jan 2012 05:43:31 GMT
server
cloudflare
etag
"3c001c-e8c-4b68a93f6a6c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Sun, 21 Jun 2020 07:26:42 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0be40dfcf-FRA
cf-bgj
imgq:100,h2pri
bullet.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/bullet.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
076aea1fe6f6a5870e7478733f90705f6e31085e02597ccab72cb00db3441039

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
origSize=2285
status
200
content-length
1813
cf-request-id
034702c2720000dfcfe0a6f200000001
last-modified
Sun, 15 Jan 2012 05:30:46 GMT
server
cloudflare
etag
"3c0019-8ed-4b68a665dad80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 18:50:14 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0be41dfcf-FRA
cf-bgj
imgq:100
subscribe-btn.gif
www.securityweek.com/sites/all/themes/securityweek/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/subscribe-btn.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4986aea94d23482c38fb06749a6a5c5c6ab95db97aa3bcc9feaf7eda6cbf6626

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
status=not_needed
status
200
content-length
2249
cf-request-id
034702c27b0000dfcfe0a71200000001
last-modified
Tue, 25 Jan 2011 04:28:42 GMT
server
cloudflare
etag
"3c0021-8c9-49aa426bbd280"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 16 Jun 2020 18:50:14 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ce63dfcf-FRA
cf-bgj
imgq:100
footer_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		491 B
684 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
879e759654d4384f0609f8ac2b59fd13d1d90fcaeed2b6d5c4d34dbd550621c9

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
origSize=510
status
200
content-length
491
cf-request-id
034702c27d0000dfcfe0a72200000001
last-modified
Mon, 22 Mar 2010 15:27:23 GMT
server
cloudflare
etag
"3c0015-1fe-4826555678cc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 18:50:14 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ce6bdfcf-FRA
cf-bgj
imgq:100
footer_partition.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		393 B
543 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_partition.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6875c134ddb19f931881caf2eb4cbcd8290bf898e84c3606f33ccc897f2a851

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
origSize=412
status
200
content-length
393
cf-request-id
034702c27d0000dfcfe0a73200000001
last-modified
Mon, 22 Mar 2010 15:27:29 GMT
server
cloudflare
etag
"3c000f-19c-4826555c31a40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 16 Jun 2020 18:50:14 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ce6edfcf-FRA
cf-bgj
imgq:100
footer_h3_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 		1007 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_h3_dotted.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1ef9fd6b885be870cc572c7c79bfae34bd6d4c2368c342003ba13df0f192dd

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
581936
cf-polished
origSize=1026
status
200
content-length
1007
cf-request-id
034702c27f0000dfcfe0a74200000001
last-modified
Mon, 22 Mar 2010 15:27:27 GMT
server
cloudflare
etag
"3c001d-402-4826555a495c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 19 Jun 2020 04:25:29 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ce71dfcf-FRA
cf-bgj
imgq:100,h2pri
footer_bullet.gif
www.securityweek.com/sites/all/themes/securityweek/images/ 		58 B
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_bullet.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f1298490f294128f086689a5654a8340ea9ec7c20c8e97f811590d5313edc9e

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_8874e61fc98c90e5a1878df15084db2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
cf-cache-status
HIT
age
789251
cf-polished
status=not_needed
status
200
content-length
58
cf-request-id
034702c27f0000dfcfe0a75200000001
last-modified
Mon, 22 Mar 2010 15:27:25 GMT
server
cloudflare
etag
"3c001e-3a-4826555861140"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 16 Jun 2020 18:50:14 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0b0ce72dfcf-FRA
cf-bgj
imgq:100
init.js
www.securityweek.com/sites/all/modules/custom_control/misc/ 		1 KB
674 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/sites/all/modules/custom_control/misc/init.js?1591913064
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05f4004f999652bf4c69b8b17fd4813363473fabcf89c056d3da5a6d8eac0555

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 22 Mar 2018 21:18:02 GMT
server
cloudflare
etag
W/"3c0d00-44d-56806d7baf680"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=1209600
cf-ray
5a1ea0b12f1bdfcf-FRA
cf-request-id
034702c2b70000dfcfe0a81200000001
expires
Thu, 25 Jun 2020 22:04:25 GMT
js_406d7cf17930692ea047206565f77312.js
www.securityweek.com/sites/default/files/js/ 		785 B
558 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/sites/default/files/js/js_406d7cf17930692ea047206565f77312.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8df0ba2d8af3e602eaba8677fe2c57228955b28868c91c2850a4c3c1ad8c7f68

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
br
cf-cache-status
HIT
age
159791
cf-polished
origSize=1094
status
200
cf-request-id
034702c2b80000dfcfe0a82200000001
last-modified
Wed, 10 Jun 2020 01:34:35 GMT
server
cloudflare
etag
W/"3a0027-446-5a7b0d8bb6bd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
expires
Wed, 24 Jun 2020 01:41:14 GMT
cache-control
max-age=1209600
cf-ray
5a1ea0b12f1ddfcf-FRA
cf-bgj
minify
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4191) /
Resource Hash
b54675d0c78b4247cd5ae2ab6b4ab96a280ae2bbdaf4f46dff6b95ca109840a5

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:25 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Jun 2020 22:20:30 GMT
Server
ECS (fcn/4191)
Age
1009
Etag
"e8665a6672f6c6e18facbfd9e1eaaad3+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
29247
in.js
platform-src.linkedin.com/
Redirect Chain
  • https://platform.linkedin.com/in.js
  • https://platform-src.linkedin.com/in.js
181 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-src.linkedin.com/in.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:119:50e4:101::6cae:b58 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
bdb594f8ca784f89cb065b46eec86f19cd6e56b0019c3f6f109193bf20c330c0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=3600
x-li-pop
prod-edc2
x-li-proto
http/2
content-length
55597
x-li-uuid
ts7TqH+cFxYAV6TnTCsAAA==
x-li-fabric
prod-ltx1
expires
Thu, 11 Jun 2020 23:04:25 GMT

Redirect headers

X-LI-UUID
oz32QnCY6xVQwiK9RysAAA==
Date
Thu, 11 Jun 2020 22:04:25 GMT
X-CDN-CLIENT-IP-VERSION
IPV6
X-Li-Pop
prod-tln1
X-Li-Fabric
prod-lor1
Location
https://platform-src.linkedin.com/in.js
X-LI-Proto
http/1.1
Connection
keep-alive
Content-Length
0
X-CDN
AKAM
js_b76f8e39a9529492ace32dcddaca2fbb.js
www.securityweek.com/sites/default/files/js/ 		69 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/sites/default/files/js/js_b76f8e39a9529492ace32dcddaca2fbb.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1098ef7fef25a8fd6eac7dbf1442047062c4d1400c601f8ff843742c61de640c

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:25 GMT
content-encoding
br
cf-cache-status
HIT
age
159791
cf-polished
origSize=90975
status
200
cf-request-id
034702c2b80000dfcfe0a83200000001
last-modified
Wed, 10 Jun 2020 01:34:35 GMT
server
cloudflare
etag
W/"3a0018-1635f-5a7b0d8bb5c36"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
expires
Wed, 24 Jun 2020 01:41:14 GMT
cache-control
max-age=1209600
cf-ray
5a1ea0b12f1edfcf-FRA
cf-bgj
minify
truncated
/ 		6 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
03253e6108bcbd971960c840c954069278e642928fcfaf9bc4e002fff1d61a0d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
text/css;charset=utf-8
gpt.js
www.googletagservices.com/tag/js/ 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f39737400b9fff7929cc96a77232dcbe045a000499b47c4adca4de8579860482
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"540 / 895 of 1000 / last-modified: 1591893560"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
14487
x-xss-protection
0
expires
Thu, 11 Jun 2020 22:04:26 GMT
plusone.js
apis.google.com/js/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1f649957f4fc091425a4bf4381bbfa94e1b2dd3ed13c3e49e039adfc7a04f2d8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-x4j8DM/fyL32ztK+bv0+bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"bf671b405a6ba42bf04812eca7f9b45e"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-x4j8DM/fyL32ztK+bv0+bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Thu, 11 Jun 2020 22:04:26 GMT
in.js
platform-src.linkedin.com/
Redirect Chain
  • https://platform.linkedin.com/in.js
  • https://platform-src.linkedin.com/in.js
181 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-src.linkedin.com/in.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:119:50e4:101::6cae:b58 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
623ed90799463fc0a17bf17a4063abd3b7cb36cf4dcafb27633729a0fd20f17e

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=3600
x-li-pop
prod-edc2
x-li-proto
http/2
content-length
55596
x-li-uuid
Z45J2X+cFxYwC4vCTCsAAA==
x-li-fabric
prod-ltx1
expires
Thu, 11 Jun 2020 23:04:26 GMT

Redirect headers

X-LI-UUID
oz32QnCY6xVQwiK9RysAAA==
Date
Thu, 11 Jun 2020 22:04:26 GMT
X-CDN-CLIENT-IP-VERSION
IPV6
X-Li-Pop
prod-tln1
X-Li-Fabric
prod-lor1
Location
https://platform-src.linkedin.com/in.js
X-LI-Proto
http/1.1
Connection
keep-alive
Content-Length
0
X-CDN
AKAM
integrator.js
adservice.google.de/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.securityweek.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.securityweek.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
pubads_impl_2020060103.js
securepubads.g.doubleclick.net/gpt/ 		246 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
sffe /
Resource Hash
7281df0fc37f02952ecbff4b9f47640a7f193aac19c97f89e3e276b20d47e454
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 01 Jun 2020 18:46:06 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
90085
x-xss-protection
0
expires
Thu, 11 Jun 2020 22:04:26 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.pYPiPEsIel4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ/ 		141 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.pYPiPEsIel4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2468d5c2d1a7f80ac57cb119957d349af6330773f9faeb7b66aadfdbbf2e617c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 May 2020 19:53:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 May 2020 22:21:36 GMT
server
sffe
age
1303837
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50596
x-xss-protection
0
expires
Thu, 27 May 2021 19:53:49 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.pYPiPEsIel4.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.pYPiPEsIel4.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3b77f667be88cf8c1006b3f0effe0cb6be203c9e45ef8ae620838bcd249d7398
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 09 Jun 2020 00:26:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 May 2020 22:21:36 GMT
server
sffe
age
250653
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33557
x-xss-protection
0
expires
Wed, 09 Jun 2021 00:26:53 GMT
fastbutton
apis.google.com/se/0/_/+1/ Frame 37CC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wXgWK4xGksjlj+rkqtjJpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
apis.google.com
:scheme
https
:path
/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=204=MWfbUkyox4t1XtQ8FY9fM2VISlqN0AFjM96k54IZGQblKDYlS1R5-PzqdqoNqwuky_-dyQYdneqL2Lc0bjoQab6utEwos75Z64C8Cob1my46fLIYFVzV2C1GRQs7EorXqxYzANw1jnc_3nw1we2ADdv0A9ySQzIcKcudcONihns
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

status
404
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 11 Jun 2020 22:04:26 GMT
content-security-policy
script-src 'report-sample' 'nonce-wXgWK4xGksjlj+rkqtjJpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
fastbutton
apis.google.com/se/0/_/+1/ Frame 9A01 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6sintp9vxOq1DaMlG5e0VA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
apis.google.com
:scheme
https
:path
/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=204=MWfbUkyox4t1XtQ8FY9fM2VISlqN0AFjM96k54IZGQblKDYlS1R5-PzqdqoNqwuky_-dyQYdneqL2Lc0bjoQab6utEwos75Z64C8Cob1my46fLIYFVzV2C1GRQs7EorXqxYzANw1jnc_3nw1we2ADdv0A9ySQzIcKcudcONihns
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

status
404
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 11 Jun 2020 22:04:26 GMT
content-security-policy
script-src 'report-sample' 'nonce-6sintp9vxOq1DaMlG5e0VA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
postmessageRelay
accounts.google.com/o/oauth2/ Frame B533 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.pYPiPEsIel4.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ/cb=gapi.loaded_1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Wc2F64ZlAI8Qr+yKcDyM1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection 0

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.pYPiPEsIel4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOey13j2hPNXahsyr0hsvfbpOW7OQ%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=204=MWfbUkyox4t1XtQ8FY9fM2VISlqN0AFjM96k54IZGQblKDYlS1R5-PzqdqoNqwuky_-dyQYdneqL2Lc0bjoQab6utEwos75Z64C8Cob1my46fLIYFVzV2C1GRQs7EorXqxYzANw1jnc_3nw1we2ADdv0A9ySQzIcKcudcONihns
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 11 Jun 2020 22:04:26 GMT
content-security-policy
script-src 'report-sample' 'nonce-Wc2F64ZlAI8Qr+yKcDyM1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
plusone.js
apis.google.com/js/ 		48 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1f649957f4fc091425a4bf4381bbfa94e1b2dd3ed13c3e49e039adfc7a04f2d8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-aPFkNHF264hp+/4sTDaOPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"bf671b405a6ba42bf04812eca7f9b45e"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-aPFkNHF264hp+/4sTDaOPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Thu, 11 Jun 2020 22:04:26 GMT
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4191) /
Resource Hash
b54675d0c78b4247cd5ae2ab6b4ab96a280ae2bbdaf4f46dff6b95ca109840a5

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:26 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Jun 2020 22:20:30 GMT
Server
ECS (fcn/4191)
Age
1010
Etag
"e8665a6672f6c6e18facbfd9e1eaaad3+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
29247
ads
securepubads.g.doubleclick.net/gampad/ 		25 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3214035775406030&correlator=693162091163761&output=ldjh&impl=fifs&adsid=NT&eid=21064170%2C21066301&vrg=2020060103&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200611&iu_parts=1009451%2C300x250-Lower%2C300x600-Right-Side%2C728x90-Bottom%2CSecurityWeek-Splash-640x480%2CSecurityWeek_Home_Top_728x90%2CSecurityWeek_Home_Top_Right_300x250%2CRSA-ThreatInsights-300x600%2CRSA-ThreatInsights-728x90&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8&prev_iu_szs=300x250%2C300x600%2C728x90%2C640x480%2C728x90%2C300x250%2C300x600%2C728x90&cookie_enabled=1&bc=31&abxe=1&lmt=1591913064&dt=1591913066396&dlt=1591913065026&idt=1262&frm=20&biw=1600&bih=1200&oid=3&adxs=-9%2C993%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=-9%2C632%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adks=2099535745%2C3057893268%2C1175233209%2C4168261516%2C3429238268%2C2944426297%2C4131204049%2C771541050&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&dssz=24&icsg=3140096&std=0&csl=86&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C303x610%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C300x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&ga_vid=270606716.1591913066&ga_sid=1591913066&ga_hid=1670746711&fws=2%2C4%2C2%2C2%2C2%2C2%2C2%2C2&ohw=0%2C998%2C0%2C0%2C0%2C0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
a3600ffb31cb95ff8bde6122686eb5ee9262d169ad8585eadfe97c5b8ad04a10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7811
x-xss-protection
0
google-lineitem-id
-2,4506530349,-2,81272401,-2,-2,-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,138308208778,-2,30583699681,-2,-2,-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.securityweek.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
ecb79a91d4a6228329213223132f0e04.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://ecb79a91d4a6228329213223132f0e04.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
5283
date
Thu, 11 Jun 2020 20:36:23 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Thu, 11 Jun 2020 22:36:23 GMT
embed.js
securityweek.disqus.com/ 		0
0
google_custom_search_watermark.gif
cse.google.com/coop/intl/en/images/
Redirect Chain
  • https://www.google.com/coop/intl/en/images/google_custom_search_watermark.gif
  • https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
pfe /
Resource Hash
4b4b65dc5e87ed8215fb3d74834cd100069e7eb8aaf903a4665e26079fb0777d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 21:56:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 08 Feb 2012 18:07:38 GMT
server
pfe
age
500
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, max-age=1800
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2024
x-xss-protection
0
expires
Thu, 11 Jun 2020 22:26:06 GMT

Redirect headers

date
Thu, 11 Jun 2020 22:04:26 GMT
x-content-type-options
nosniff
server
sffe
status
302
content-type
text/html; charset=UTF-8
location
https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
cache-control
private
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
274
x-xss-protection
0
ad.html
www.securityweek.com/ Frame D424 		0
0
ad.html
www.securityweek.com/ Frame 22F3 		506 B
376 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.securityweek.com/ad.html
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52138cc28f477230cbf123ded239cefd00ad25f81ae65bf7b0c8c9752a0f86e4

Request headers

:method
GET
:authority
www.securityweek.com
:scheme
https
:path
/ad.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dd3cfb6824998bf841ffa6f98f54180c31591913064; SESSc3f2c9572aa8f3f5ea6f60501affecb3=2bbb9c4cadd68248d54f0704f3b351fa; SESSae1377f0cbe7278b70a9339b7853afbd=bae0cfd0d3f11f2b6b7185c67b90f804; has_js=1; sessid=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

status
200
date
Thu, 11 Jun 2020 22:04:26 GMT
content-type
text/html
last-modified
Fri, 03 Apr 2020 15:50:12 GMT
cache-control
max-age=1209600
expires
Thu, 25 Jun 2020 22:04:26 GMT
cf-cache-status
DYNAMIC
cf-request-id
034702c7d40000dfcfe0ada200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5a1ea0b959eddfcf-FRA
content-encoding
br
widget_iframe.86df6234483a1fa251e365dd8643c136.html
platform.twitter.com/widgets/ Frame FAA6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.86df6234483a1fa251e365dd8643c136.html?origin=https%3A%2F%2Fwww.securityweek.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41B0) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
258111
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 11 Jun 2020 22:04:26 GMT
Etag
"9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified
Mon, 08 Jun 2020 22:13:29 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/41B0)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5825
__utm.gif
ssl.google-analytics.com/r/ 		35 B
196 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1709276614&utmhn=www.securityweek.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Oski%20Stealer%20Targets%20Browser%20Data%2C%20Crypto%20Wallets%20in%20U.S.%20%7C%20SecurityWeek.Com&utmhid=1670746711&utmr=-&utmp=%2Foski-stealer-targets-browser-data-crypto-wallets-us&utmht=1591913066476&utmac=UA-11590534-1&utmcc=__utma%3D89563204.1031815497.1591913066.1591913066.1591913066.1%3B%2B__utmz%3D89563204.1591913066.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=884513748&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
button.a9e51eea566eab199c00950f37200d0b.js
platform.twitter.com/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.a9e51eea566eab199c00950f37200d0b.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4191) /
Resource Hash
592e35a583c401384ba6166b860a346ea7853f17287296c6a7c0c2468567330c

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:26 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Jun 2020 22:13:03 GMT
Server
ECS (fcn/4191)
Age
258119
Etag
"92aacddeeb64a7dc76de732a636030f4+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
2297
amp4ads-v0.js
cdn.ampproject.org/rtv/012005262159000/ Frame 87C3 		202 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012005262159000/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b009637beabb9f494ef15cf6c4303652428789993effe3911dbac52d55d516b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
1172
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56265
x-xss-protection
0
server
sffe
date
Thu, 11 Jun 2020 21:44:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9b3afaa85c48c2d0"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 11 Jun 2021 21:44:54 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012005262159000/v0/ Frame 87C3 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012005262159000/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f48155f11a2ab68fe1544f625c5692d20863eedb6ae86b09d68503c7181e213b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
1149
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29929
x-xss-protection
0
server
sffe
date
Thu, 11 Jun 2020 21:45:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"22e1efecde29c9e4"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 11 Jun 2021 21:45:17 GMT
truncated
/ Frame 87C3 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ce067079b922cfecb694c5e6289e92bf7b68ebd97dc5d6e4840628a8b33bcf38

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012005262159000/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012005262159000/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b72dd7e2a01859f433e7aee18008c9b522f0b2e0396d5656edd9fb29a305cdb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
1176
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7224
x-xss-protection
0
server
sffe
date
Thu, 11 Jun 2020 21:44:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f6cfa2ba62463627"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 11 Jun 2021 21:44:50 GMT
1956689884250199370
tpc.googlesyndication.com/simgad/ Frame 87C3 		200 KB
200 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/1956689884250199370
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d700d6487ef4b0198e9a669c9ec89dd2d633302b7c82808b08f37ff9d38e98b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 21 May 2020 12:38:18 GMT
x-content-type-options
nosniff
age
1848368
x-dns-prefetch-control
off
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
204410
x-xss-protection
0
last-modified
Wed, 01 Apr 2020 12:54:53 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 21 May 2021 12:38:18 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 87C3 		0
280 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvoz1jbW2cP5--OW1KjE1h4GePmL73f6rDl1nfgmgqWB5B1SOGcU2OzRxvX0huWzWZhO0GLDQN3suETzavFzumU5cMQUX1iNshqdu0Z0-sDaYnm0w9e8zkDxP2bZtn2IX1--sDC0z3lokMVAz0_Hrbr81Qs9rhpLo6I2YjEL_gjNLCgIOsiXSlnXGTlF5KdrHzYaFiZL2_h7kyCIydYN5BdA-kPNUxErgIhV7PoypNAzkQbSRuhSKsFS-p2b2kegokNRLiNK7aC6aM6d7dKT5k&sai=AMfl-YRVbSXf3RByB3cfVbW5qpSoGZqZfYuu7AoXqB-52jv6hTeAb_SoKzueZdgPeCsrBlWt2_hzwdmI06ibo81pnA1ypu2RzzJ-ZMVQvizKbw&sig=Cg0ArKJSzI9ccgu77hjmEAE&adurl=
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 11 Jun 2020 22:04:26 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 11 Jun 2020 22:04:26 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020060103&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bd1269826869d0c6a68b2e044154b30de102543375603e51402fd0e626d1e378
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5582
x-xss-protection
0
tweet_button.86df6234483a1fa251e365dd8643c136.en.html
platform.twitter.com/widgets/ Frame BA4C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.86df6234483a1fa251e365dd8643c136.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4191) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
258115
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 11 Jun 2020 22:04:26 GMT
Etag
"b7e2cefca3a001ace91680d39e5f2daf+gzip"
Last-Modified
Mon, 08 Jun 2020 22:13:22 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/4191)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
12394
tweet_button.86df6234483a1fa251e365dd8643c136.en.html
platform.twitter.com/widgets/ Frame 2CFE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.86df6234483a1fa251e365dd8643c136.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4191) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
258115
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 11 Jun 2020 22:04:26 GMT
Etag
"b7e2cefca3a001ace91680d39e5f2daf+gzip"
Last-Modified
Mon, 08 Jun 2020 22:13:22 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/4191)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
12394
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020060103.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1591403518460474"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
expires
Thu, 11 Jun 2020 22:04:26 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame EE55 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/210/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4590
date
Thu, 11 Jun 2020 21:45:58 GMT
expires
Fri, 11 Jun 2021 21:45:58 GMT
last-modified
Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1108
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
1956689884250199370
tpc.googlesyndication.com/simgad/ Frame 87C3 		200 KB
200 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/1956689884250199370
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005262159000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d700d6487ef4b0198e9a669c9ec89dd2d633302b7c82808b08f37ff9d38e98b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 21 May 2020 12:38:18 GMT
x-content-type-options
nosniff
age
1848368
x-dns-prefetch-control
off
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
204410
x-xss-protection
0
last-modified
Wed, 01 Apr 2020 12:54:53 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 21 May 2021 12:38:18 GMT
Virtual-Events-640x480.jpg
www.securityweek.com/ad/ Frame 22F3 		149 KB
150 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.securityweek.com/ad/Virtual-Events-640x480.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/ad.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da5006f287712ece88e6e6696e60983401d0a23f23df66abf6c0680a82e572fb

Request headers

Referer
https://www.securityweek.com/ad.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 22:04:26 GMT
cf-cache-status
HIT
age
1138079
cf-polished
origSize=172066
status
200
content-length
153000
cf-request-id
034702c8ad0000dfcfe0ae7200000001
last-modified
Fri, 03 Apr 2020 15:48:03 GMT
server
cloudflare
etag
"2c082c-2a022-5a264d7c42a8a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 12 Jun 2020 17:56:27 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
5a1ea0baac75dfcf-FRA
cf-bgj
imgq:100
view
securepubads.g.doubleclick.net/pcs/ Frame 87C3 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstYyXvXu0cblbZArh62i_i52m2hzZTaz482-JMI9Q-c0NHB1ojz4dPaXYXiITajffhR0rd8IsY23pC-fsKFR-1X_npahmwf1nCMmvUC4VM7FcgttFaaV_LCTKsqCMb1jBWlC2vfjyhvm7LwiH5iT8ihGSf7c0ZvQs_lar97gl1s6H4bDujxTwRM08T3L1FCq0eO_E9WImCNqr_Wy7yvlfPG45Rt7Ro00eEsRD5MVxqXN3KaN7xm6cEflfVzIoOrCKhBzTDVkb_LanbXKVFGVuA1jw&sai=AMfl-YSlpKogK14klN3_2JwCI7VfrQSViesOFJ7WpYAgYCEQvF4LB9QWsDR-atfgMHyPhvBUj95cZtNb9SDSEWtdbqnhkRvbtkqgYlepjLszOA&sig=Cg0ArKJSzBVW8Lzfxc-yEAE&adurl=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 11 Jun 2020 22:04:26 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
jot.html
platform.twitter.com/ Frame 6105
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4191) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
Origin
https://www.securityweek.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
258119
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 11 Jun 2020 22:04:26 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Mon, 08 Jun 2020 22:20:29 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/4191)
X-Cache
HIT
Content-Length
80

Redirect headers

status
302 302 Found
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Thu, 11 Jun 2020 22:04:26 GMT
expires
Tue, 31 Mar 1981 05:00:00 GMT
last-modified
Thu, 11 Jun 2020 22:04:26 GMT
location
https://platform.twitter.com/jot.html
pragma
no-cache
server
tsa_o
strict-transport-security
max-age=631138519
x-connection-hash
106c2a54cc53449818dc7ddde4eb1b24
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-response-time
122
x-transaction
002b6e1700f000a2
x-tsa-request-body-time
0
x-twitter-response-tags
BouncerCompliant
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020060103&jk=3214035775406030&bg=!sLOls6tYR-I19VGadcACAAAAM1IAAAAJmQF8HuoR-Wqa-dPiXN3b58vYjfR0U5yIPKHz7Wh3WfKT1JUV90OWWCLHtyviTGQi2ng40Qds6rBt9ozHOzgIQWr1ojqVjX1m0g-0ZNY2bsW4HmRbk2smsm6CQa-_bCBDa2drYTKQAPc1qRzLxfhgeM023E1rKkOOD_Q82toN6TEb2jh5soPhSYFdhpUhoD5Z07kb5mGN0BQTRIcnOQgZ5EpT-7sUyoJmfGpgiM7WBLNOTlVQOSLWyRhLMHe3Wvqw-tak6MCj7bDOI0ZmwOVdgw3Iakp8Fw7YY9rDCyU5-F3He9Cvk-ZhRbRfKXRpAHbrVKAap3DQaDh6ivcqBRrmSYyHzWbo9OUWt9NbFnw51kzV1mlHxsjLJ3Px4mFfWaz2Xz4PMbrhpcbYW_REyijUDbyU4jr83KRXgWFmBVk69Z8Tk4GDwAjnZpjPffRATqBUNYfLb7F65Yj5r4bTB1eipn7VYyClNYv-Eh39Frq72wuPmDT2jrmfcebVX9xEDH4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:26 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
BrightInfoVersion.aspx
app.brightinfo.com/ 		512 B
943 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.brightinfo.com/BrightInfoVersion.aspx
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
db5cd4ad2eb59b33b990542b7ebd85be5f1d375d9b16bd8ac2e28ef1b7d07994

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Jun 2020 22:04:27 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-cache, no-store
Content-Type
text/javascript; charset=utf-8
Content-Length
504
Expires
-1
activeview
pagead2.googlesyndication.com/pcs/ Frame 87C3 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstbwrBX9jorIj6XlHO2sbDZ7TfLzvOc_QxPIMjzRpWbIUvxbmmFejdyn9Ex9ruxn7HaKjyYyVFTatdEIX3rWteAQCZEFJp8Bktu1qcZ-7s&sig=Cg0ArKJSzExo2zdvgIPXEAE&id=ampim&o=993,632&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=115&tls=1116&g=94.66666579246521&h=94.66666579246521&tt=1116&r=v&avms=ampa&adk=3057893268
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bi.js
app.brightinfo.com/Scripts/ 		260 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/BrightInfoVersion.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
6560672b8835d515bcf43c3ccdec01f8e2b2771d90a985a7e0da9fd1baf0d48c

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:27 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Content-Length
76327
Expires
Fri, 11 Jun 2021 22:04:27 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
5090
date
Thu, 11 Jun 2020 20:39:38 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18433
expires
Thu, 11 Jun 2020 22:39:38 GMT
bia.aspx
bia.brightinfo.com/ 		19 B
409 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bia.brightinfo.com/bia.aspx?callback=jQuery20309408512414423635_1591913068428&type=biLoad&version=2&jsonString=%7B%22url%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us%22%2C%22cts%22%3A1591913068443%2C%22cid%22%3A%22wiredbusinessmedia-14532-1%22%2C%22pu%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us%22%2C%22ru%22%3A%22%22%2C%22type%22%3A%22biLoad%22%2C%22sid%22%3A%22kFZVigIlddYOhYYCX5MJ%22%2C%22mobile%22%3A0%2C%22browser%22%3A%22chrome%22%2C%22accountId%22%3A%2214532%22%2C%22version%22%3A2%7D&_=1591913068429
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
137.135.51.188 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0e688d02687c4c64094dd0a75f5189ea12b955acf8c91f7bd5ac4948f1429cb9

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:28 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Content-Length
136
bi-animate.min.css
app.brightinfo.com/ui/ 		47 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.brightinfo.com/ui/bi-animate.min.css?bi_ver=132292759840000000&id=wiredbusinessmedia-14532-1&sid=kFZVigIlddYOhYYCX5MJ
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
46cad46571cab06c5901e4e867aba4f0783dc88d3db626cfb73d58f00d130a16

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:28 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 Mar 2020 14:53:24 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
ETag
"04a8a7890ffd51:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
4661
bi.min.css
app.brightinfo.com/ui/ 		47 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.brightinfo.com/ui/bi.min.css?bi_ver=132292759840000000&id=wiredbusinessmedia-14532-1&sid=kFZVigIlddYOhYYCX5MJ
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
810956c722149065eabd5b5c4f62f98cb74cda6fb5e3695ab97958e53d6791ca

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:28 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 Mar 2020 14:53:24 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
ETag
"04a8a7890ffd51:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
7254
bi-custom.css
app.brightinfo.com/ui/custom/wiredbusinessmedia-14532-1/ 		548 KB
91 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.brightinfo.com/ui/custom/wiredbusinessmedia-14532-1/bi-custom.css?bi_ver=132292759840000000&id=wiredbusinessmedia-14532-1&sid=kFZVigIlddYOhYYCX5MJ
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
5690a1bcc83d00312ef6260da791205a71d80bed7b35ca9701c7b29cfd62b3fe

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:28 GMT
Content-Encoding
gzip
ETag
"be182143c531d61:0"
Last-Modified
Sun, 24 May 2020 12:17:15 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Accept-Ranges
bytes
bi.aspx
app.brightinfo.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.brightinfo.com/bi.aspx?method=load&callback=jQuery20309408512414423635_1591913068430&id=wiredbusinessmedia-14532-1&sid=kFZVigIlddYOhYYCX5MJ&u=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&r=&testModeKey=&biSettings=&fip=&fvs=&fcs=&fec=&fic=&force=&forceHide=false&sw=1600&sh=1200&w=1600&h=1200&utma=89563204.kFZVigIlddYOhYYCX5MJ.1591913066.1591913066.1591913066.1&ga=&logId=&iframe=false&startTime=637275098676642800&_=1591913068431
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
9410869b6d54e9f751d9759461f4e4725a7a4e18cb96c3734845ee7e117aefe4

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:29 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private
Content-Type
text/javascript; charset=utf-8
Content-Length
2571
bia.aspx
bia.brightinfo.com/ 		19 B
409 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bia.brightinfo.com/bia.aspx?callback=jQuery20309408512414423635_1591913068430&type=biVisit&version=2&jsonString=%7B%22url%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us%22%2C%22cts%22%3A1591913069364%2C%22cid%22%3A%22wiredbusinessmedia-14532-1%22%2C%22pu%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us%22%2C%22ru%22%3A%22%22%2C%22type%22%3A%22biVisit%22%2C%22sid%22%3A%22kFZVigIlddYOhYYCX5MJ%22%2C%22mobile%22%3A0%2C%22browser%22%3A%22chrome%22%2C%22accountId%22%3A14532%2C%22gatedPromotion%22%3Afalse%2C%22seq%22%3A1%2C%22siteId%22%3A14522%2C%22vs%22%3A%22Hidden%22%2C%22cs%22%3A%22Default+Content%22%2C%22version%22%3A2%2C%22promoId%22%3A0%7D&_=1591913068432
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132292759840000000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
137.135.51.188 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0e688d02687c4c64094dd0a75f5189ea12b955acf8c91f7bd5ac4948f1429cb9

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Jun 2020 22:04:29 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Content-Length
136
__utm.gif
ssl.google-analytics.com/ 		35 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=1390496695&utmhn=www.securityweek.com&utme=8(WidgetPanelLocation%2FTimestamp*isPromotedContent*BI_ID*SID*ViewSegmentName)9(regular%7C1591913069343*No%20recommended%20content*No%20Value*89563204.kFZVigIlddYOhYYCX5MJ.1591913066.1*Hidden)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Oski%20Stealer%20Targets%20Browser%20Data%2C%20Crypto%20Wallets%20in%20U.S.%20%7C%20SecurityWeek.Com&utmhid=1670746711&utmr=-&utmp=%2Foski-stealer-targets-browser-data-crypto-wallets-us&utmht=1591913069350&utmac=UA-72146139-1&utmcc=__utma%3D89563204.1031815497.1591913066.1591913066.1591913066.1%3B%2B__utmz%3D89563204.1591913066.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmmt=1&utmu=qRAAAAAAIAQAAAAAAAAAAAAE~
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 17 May 2020 05:14:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2220584
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/r/ 		35 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1670746711&t=pageview&_s=1&dl=https%3A%2F%2Fwww.securityweek.com%2Foski-stealer-targets-browser-data-crypto-wallets-us&ul=en-us&de=UTF-8&dt=Oski%20Stealer%20Targets%20Browser%20Data%2C%20Crypto%20Wallets%20in%20U.S.%20%7C%20SecurityWeek.Com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=89563204.1031815497.1591913066.1591913066.1591913066.1&_utmz=89563204.1591913066.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1591913069362&_u=KQBCAEABG~&jid=1341307332&gjid=1759724719&cid=1031815497.1591913066&tid=UA-72146139-2&_gid=1966362377.1591913069&_r=1&cd1=kFZVigIlddYOhYYCX5MJ&cd2=1591913069361&cd3=Hidden&cd4=No%20recommended%20content&cd5=No%20Value&cd6=No%20Value&cd7=No%20Value&cd8=No%20Value&cd9=No%20Value&cd10=No%20Value&cd11=No%20Value&cd12=No%20Value&cd13=No%20Value&cd14=No%20Value&cd15=Default%20Content&z=372982762
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jun 2020 22:04:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
securityweek.disqus.com
URL
http://securityweek.disqus.com/embed.js
Domain
www.securityweek.com
URL
https://www.securityweek.com/ad.html

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Eager object| CloudflareApps object| __cfQR object| Drupal object| jaaulde function| tb_show function| tb_showIframe function| tb_remove function| tb_position function| tb_parseQuery function| tb_getPageSize function| tb_setBrowserExtra function| tb_focusFirstFormElement string| disqus_shortname number| disqus_developer string| disqus_url string| disqus_title string| disqus_identifier function| disqus_config object| disqus_def_name object| disqus_def_email function| quicktabsClick object| Blueprint function| $ function| jQuery object| googletag string| biJsUrl object| _biq object| __core-js_shared__ object| Sslac object| IN object| __twttrll object| twttr object| __twttr object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| gapi object| ___jsl object| gadgets object| osapi object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ object| oauth2 number| google_srt function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing number| __google_ad_urls_id number| google_unique_id object| gaGlobal object| _gaq boolean| __cfRLUnblockHandlers number| xWidth object| _gat object| ampInaboxIframes object| ampInaboxPendingMessages object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| GoogleGcLKhOms object| google_image_requests string| bi_ver string| biSiteUrl string| biUtmaPrefix number| biStartTime function| jQueryBI object| _BI object| jQBrowser boolean| biLoaded string| biUrl string| GoogleAnalyticsObject function| _gabi object| SessionOptionsBI undefined| jQuery20309408512414423635_1591913068428 undefined| jQuery20309408512414423635_1591913068430 object| google_tag_data object| gaplugins object| _BI_ object| gaData

3 Cookies

Domain/Path Name / Value
.securityweek.com/ Name: SESSae1377f0cbe7278b70a9339b7853afbd
Value: bae0cfd0d3f11f2b6b7185c67b90f804
.securityweek.com/ Name: SESSc3f2c9572aa8f3f5ea6f60501affecb3
Value: 2bbb9c4cadd68248d54f0704f3b351fa
.securityweek.com/ Name: __cfduid
Value: dd3cfb6824998bf841ffa6f98f54180c31591913064

2 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/012005262159000/amp4ads-v0.js(Line 410)
Message:
Powered by AMP ⚡ HTML – Version 2005262159000 https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
console-api warning URL: https://cdn.ampproject.org/rtv/012005262159000/amp4ads-v0.js(Line 21)
Message:
[amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstYyXvXu0cblbZArh62i_i52m2hzZTaz482-JMI9Q-c0NHB1ojz4dPaXYXiITajffhR0rd8IsY23pC-fsKFR-1X_npahmwf1nCMmvUC4VM7FcgttFaaV_LCTKsqCMb1jBWlC2vfjyhvm7LwiH5iT8ihGSf7c0ZvQs_lar97gl1s6H4bDujxTwRM08T3L1FCq0eO_E9WImCNqr_Wy7yvlfPG45Rt7Ro00eEsRD5MVxqXN3KaN7xm6cEflfVzIoOrCKhBzTDVkb_LanbXKVFGVuA1jw&sai=AMfl-YSlpKogK14klN3_2JwCI7VfrQSViesOFJ7WpYAgYCEQvF4LB9QWsDR-atfgMHyPhvBUj95cZtNb9SDSEWtdbqnhkRvbtkqgYlepjLszOA&sig=Cg0ArKJSzBVW8Lzfxc-yEAE&adurl=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
adservice.google.com
adservice.google.de
ajax.cloudflare.com
apis.google.com
app.brightinfo.com
bia.brightinfo.com
cdn.ampproject.org
cse.google.com
ecb79a91d4a6228329213223132f0e04.safeframe.googlesyndication.com
pagead2.googlesyndication.com
platform-src.linkedin.com
platform.linkedin.com
platform.twitter.com
securepubads.g.doubleclick.net
securityweek.disqus.com
ssl.google-analytics.com
syndication.twitter.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.securityweek.com
securityweek.disqus.com
www.securityweek.com
104.244.42.200
137.135.51.188
168.62.202.120
216.58.210.2
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::6818:a103
2606:4700::6810:85e5
2620:119:50e4:101::6cae:b58
2a00:1450:4001:800::200e
2a00:1450:4001:801::2001
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2008
2a00:1450:4001:815::2004
2a00:1450:4001:815::200e
2a00:1450:4001:819::2002
2a00:1450:4001:81a::2001
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::200d
2a00:1450:4001:821::2002
2a02:26f0:10c:39a::25eb
2a03:2880:f11c:8183:face:b00c:0:25de
03253e6108bcbd971960c840c954069278e642928fcfaf9bc4e002fff1d61a0d
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05f4004f999652bf4c69b8b17fd4813363473fabcf89c056d3da5a6d8eac0555
076aea1fe6f6a5870e7478733f90705f6e31085e02597ccab72cb00db3441039
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0deae7d488b0316e0149f1dc2caec46821b2272127b61b4ffadf6f99a303ea16
0e688d02687c4c64094dd0a75f5189ea12b955acf8c91f7bd5ac4948f1429cb9
0eb8c78b4dfa8b3591631c3dc0bc82b82fac561d7f42e735c06bccd28261bfa9
1098ef7fef25a8fd6eac7dbf1442047062c4d1400c601f8ff843742c61de640c
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
19c3d03351d11b3bf4c98af1f0094d0dfc2ed7114d08afb76840333461644e9c
1f649957f4fc091425a4bf4381bbfa94e1b2dd3ed13c3e49e039adfc7a04f2d8
200abde0c426b23abe8a9c501ab4e8e72c048cc0653203817cc9ff96cc6e394d
227fc18b18cb68fa4f1f03736d9237340313f375cb3451a1b11178c7e4d9ca40
2468d5c2d1a7f80ac57cb119957d349af6330773f9faeb7b66aadfdbbf2e617c
2cad15592b75353dd5594a8ddcbbea0cfc663001bd86413990b44956c5fde825
2f1298490f294128f086689a5654a8340ea9ec7c20c8e97f811590d5313edc9e
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
363cb466cb44913b8c880111c017a4bbdd2ab9f83db0fbc9082fffd2752a9998
38fddc9062d968d14ab085099d5de0f3ef3900d8db2ba7d0f0f67cfd3dc64732
39b67a626bf990ef239c8f32322b0fea0df01ec6d13257ff06f4a7fbd7215ccf
3b77f667be88cf8c1006b3f0effe0cb6be203c9e45ef8ae620838bcd249d7398
3dd0ae4c75772a426709fce9cae5b2f12fb303783325cb30b10d0fa7bbcd8e8e
46cad46571cab06c5901e4e867aba4f0783dc88d3db626cfb73d58f00d130a16
4986aea94d23482c38fb06749a6a5c5c6ab95db97aa3bcc9feaf7eda6cbf6626
4b4b65dc5e87ed8215fb3d74834cd100069e7eb8aaf903a4665e26079fb0777d
52138cc28f477230cbf123ded239cefd00ad25f81ae65bf7b0c8c9752a0f86e4
54d6b160853e82e8543a0ba21ecfb80acc0313dd7cbfafe5fd636cf0186b0728
5690a1bcc83d00312ef6260da791205a71d80bed7b35ca9701c7b29cfd62b3fe
592e35a583c401384ba6166b860a346ea7853f17287296c6a7c0c2468567330c
5e9f1c88100e1e9b1e9f112e4e1839a32ce9d8f5694ebd4bb4ed64308d731abe
623ed90799463fc0a17bf17a4063abd3b7cb36cf4dcafb27633729a0fd20f17e
6560672b8835d515bcf43c3ccdec01f8e2b2771d90a985a7e0da9fd1baf0d48c
6b009637beabb9f494ef15cf6c4303652428789993effe3911dbac52d55d516b
7281df0fc37f02952ecbff4b9f47640a7f193aac19c97f89e3e276b20d47e454
810956c722149065eabd5b5c4f62f98cb74cda6fb5e3695ab97958e53d6791ca
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
879e759654d4384f0609f8ac2b59fd13d1d90fcaeed2b6d5c4d34dbd550621c9
8c9b185e1e937971dfedaafecf01bc14813a2ece31cc9af4a2097f9b3ecb061d
8df0ba2d8af3e602eaba8677fe2c57228955b28868c91c2850a4c3c1ad8c7f68
913e0bff2ebdfd8aa46e82e8282910638f68fdb9f56f447f1f6b259f3fe5e539
9410869b6d54e9f751d9759461f4e4725a7a4e18cb96c3734845ee7e117aefe4
99f599f5ce506f5157d56040e57c4379648c7ec0c1ae8e339c74854d12fd51be
9b72dd7e2a01859f433e7aee18008c9b522f0b2e0396d5656edd9fb29a305cdb
a0052405943de6e39694e6f192e6e96ae8f7f3fdfcedef5c2f1a14477daf9ca2
a3600ffb31cb95ff8bde6122686eb5ee9262d169ad8585eadfe97c5b8ad04a10
aa76185f417cf85d7029b35e3a6544d4495402e17f76a32633b5ba80a81faa26
aad13bf04035f24eb4ffbbddd432dfb8dd0cdeac853943a26b9cd451ed517edc
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b54675d0c78b4247cd5ae2ab6b4ab96a280ae2bbdaf4f46dff6b95ca109840a5
bd1269826869d0c6a68b2e044154b30de102543375603e51402fd0e626d1e378
bdb594f8ca784f89cb065b46eec86f19cd6e56b0019c3f6f109193bf20c330c0
ce067079b922cfecb694c5e6289e92bf7b68ebd97dc5d6e4840628a8b33bcf38
d10a778caafc69e25249f7b7fa00a1bfaa240991b6c7cdedb7f562fff418eb21
d28483d8562547a0465e8356d45822faaa4a1319a0cb818dd736a554ffe78a6a
d700d6487ef4b0198e9a669c9ec89dd2d633302b7c82808b08f37ff9d38e98b8
d7794297f58b6f9ca9c212991022065f8d8d11d4eb9095c342570f81340585fd
da5006f287712ece88e6e6696e60983401d0a23f23df66abf6c0680a82e572fb
db5cd4ad2eb59b33b990542b7ebd85be5f1d375d9b16bd8ac2e28ef1b7d07994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6875c134ddb19f931881caf2eb4cbcd8290bf898e84c3606f33ccc897f2a851
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f39737400b9fff7929cc96a77232dcbe045a000499b47c4adca4de8579860482
f48155f11a2ab68fe1544f625c5692d20863eedb6ae86b09d68503c7181e213b
f48a93ab79e97cebdb0a614f94a9a9ef592729dd86b58db65c84c50776a9ed26
f8dd5483dc29044f06c3a45f8fd05d0f122a2b4315292df6da919775189351c9
fbef11bff1d217c890ec20d5759379b8879cc1b44943b7200a41aeab7293743b
ff1ef9fd6b885be870cc572c7c79bfae34bd6d4c2368c342003ba13df0f192dd