www.darkreading.com Open in urlscan Pro
2606:4700::6811:7963 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ift.tt/JxyZvFH
Effective URL:
https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-sprea...
Submission Tags: falconsandbox
Submission: On August 08 via api (August 8th 2022, 4:02:56 pm UTC) from US — Scanned from DE

Summary HTTP 109 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 41 IPs in 5 countries across 28 domains to perform 109 HTTP transactions. The main IP is 2606:4700::6811:7963, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.darkreading.com. The Cisco Umbrella rank of the primary domain is 153218.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 9th 2022. Valid for: a year.

This is the only time www.darkreading.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.87.186.214 54.87.186.214	14618 (AMAZON-AES) (AMAZON-AES)
34	2606:4700::68... 2606:4700::6811:7963	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
9	151.101.66.217 151.101.66.217	54113 (FASTLY) (FASTLY)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.112.14 18.66.112.14	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:440e::6812:2fe6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	18.66.139.47 18.66.139.47	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.193.131 151.101.193.131	54113 (FASTLY) (FASTLY)
1	96.16.149.96 96.16.149.96	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.32.99.16 13.32.99.16	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.97.53 18.66.97.53	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:b800:18:1fcd:351:7bc1	16509 (AMAZON-02) (AMAZON-02)
2	13.32.99.33 13.32.99.33	16509 (AMAZON-02) (AMAZON-02)
1	52.222.236.74 52.222.236.74	16509 (AMAZON-02) (AMAZON-02)
1 2	142.0.173.15 142.0.173.15	7160 (NETDYNAMICS) (NETDYNAMICS)
1	108.138.17.119 108.138.17.119	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.103 13.32.99.103	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:7863	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.139.40 18.66.139.40	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	3.224.3.48 3.224.3.48	14618 (AMAZON-AES) (AMAZON-AES)
2	3.64.221.57 3.64.221.57	16509 (AMAZON-02) (AMAZON-02)
1	54.154.189.229 54.154.189.229	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c09::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	185.221.87.248 185.221.87.248	206998 (NEW-2) (NEW-2)
4	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
2	34.111.234.236 34.111.234.236	15169 (GOOGLE) (GOOGLE)
109	41

1 54.87.186.214 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-87-186-214.compute-1.amazonaws.com

ift.tt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2606:4700::6811:7963 (United States)

ASN13335 (CLOUDFLARENET, US)

www.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
beta.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.66.217 (United States)

ASN54113 (FASTLY, US)

eu-images.contentstack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-14.fra56.r.cloudfront.net

assets.zephr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::6812:2fe6 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.139.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-47.fra60.r.cloudfront.net

informa-dark-reading.preview.zephr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.131 (United States)

ASN54113 (FASTLY, US)

6600d6d98e534115970f9529a45f3195.js.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.149.96 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-149-96.deploy.static.akamaitechnologies.com

img.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-16.fra60.r.cloudfront.net

s.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-53.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:b800:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-33.fra60.r.cloudfront.net

static.iris.informa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-74.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.0.173.15 (United States) 1 redirects

ASN7160 (NETDYNAMICS, US)

trk.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-119.fra56.r.cloudfront.net

assets.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-103.fra60.r.cloudfront.net

cdn.treasuredata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7863 (United States)

ASN13335 (CLOUDFLARENET, US)

c.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.139.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-40.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.224.3.48 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-3-48.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.64.221.57 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-221-57.eu-central-1.compute.amazonaws.com

eu01.in.treasuredata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.189.229 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-189-229.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c09::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.221.87.248 (Ireland)

ASN206998 (NEW-2, IE)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.234.236 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	darkreading.com 1 redirects www.darkreading.com — Cisco Umbrella Rank: 153218 beta.darkreading.com — Cisco Umbrella Rank: 391934 trk.darkreading.com — Cisco Umbrella Rank: 645154 c.darkreading.com — Cisco Umbrella Rank: 439433	711 KB
15	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 222 stats.g.doubleclick.net — Cisco Umbrella Rank: 118	237 KB
9	contentstack.com eu-images.contentstack.com — Cisco Umbrella Rank: 71704	81 KB
8	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com Failed tpc.googlesyndication.com — Cisco Umbrella Rank: 160	196 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 642 script.hotjar.com — Cisco Umbrella Rank: 770 vars.hotjar.com — Cisco Umbrella Rank: 803 in.hotjar.com — Cisco Umbrella Rank: 1526	70 KB
3	google.com www.google.com — Cisco Umbrella Rank: 10 adservice.google.com — Cisco Umbrella Rank: 98	2 KB
3	treasuredata.com cdn.treasuredata.com — Cisco Umbrella Rank: 17008 eu01.in.treasuredata.com — Cisco Umbrella Rank: 42512	20 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52 region1.google-analytics.com — Cisco Umbrella Rank: 2742	20 KB
2	ml314.com ml314.com — Cisco Umbrella Rank: 1492	32 KB
2	nr-data.net bam.eu01.nr-data.net — Cisco Umbrella Rank: 9194	2 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5596 adservice.google.de — Cisco Umbrella Rank: 8117	1 KB
2	informa.com static.iris.informa.com — Cisco Umbrella Rank: 68286	26 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 111	53 KB
2	ubembed.com 6600d6d98e534115970f9529a45f3195.js.ubembed.com — Cisco Umbrella Rank: 291269 assets.ubembed.com — Cisco Umbrella Rank: 10274	48 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 94	135 KB
2	zephr.com assets.zephr.com — Cisco Umbrella Rank: 35409 informa-dark-reading.preview.zephr.com — Cisco Umbrella Rank: 554339	16 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 402	17 KB
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1018	201 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1197	15 KB
1	dpmsrv.com s.dpmsrv.com — Cisco Umbrella Rank: 19195	520 B
1	en25.com img.en25.com — Cisco Umbrella Rank: 5393	3 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1278	41 KB
1	gstatic.com fonts.gstatic.com	20 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1249	5 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2137	15 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 615	24 KB
1	ift.tt 1 redirects ift.tt — Cisco Umbrella Rank: 137613	401 B
109	28

	Domain	Requested by
28	beta.darkreading.com	www.darkreading.com beta.darkreading.com
14	securepubads.g.doubleclick.net	www.darkreading.com beta.darkreading.com
9	eu-images.contentstack.com	www.darkreading.com
5	www.darkreading.com	beta.darkreading.com www.darkreading.com
4	tpc.googlesyndication.com	www.darkreading.com beta.darkreading.com
4	pagead2.googlesyndication.com	beta.darkreading.com tpc.googlesyndication.com
2	ml314.com	beta.darkreading.com
2	bam.eu01.nr-data.net	beta.darkreading.com
2	www.google.com	www.darkreading.com beta.darkreading.com
2	eu01.in.treasuredata.com	beta.darkreading.com
2	c.darkreading.com	beta.darkreading.com
2	trk.darkreading.com	1 redirects www.darkreading.com
2	static.iris.informa.com	beta.darkreading.com
2	www.google-analytics.com	beta.darkreading.com
2	www.youtube.com	beta.darkreading.com
2	www.googletagmanager.com	beta.darkreading.com
1	adservice.google.com	beta.darkreading.com
1	adservice.google.de	beta.darkreading.com
1	js-agent.newrelic.com	beta.darkreading.com
1	www.google.de	www.darkreading.com
1	stats.g.doubleclick.net	beta.darkreading.com
1	in.hotjar.com	beta.darkreading.com
1	ping.chartbeat.net	www.darkreading.com
1	region1.google-analytics.com	www.googletagmanager.com
1	vars.hotjar.com	beta.darkreading.com
1	cdn.treasuredata.com	beta.darkreading.com
1	assets.ubembed.com	beta.darkreading.com
1	script.hotjar.com	beta.darkreading.com
1	static.chartbeat.com	beta.darkreading.com
1	static.hotjar.com	beta.darkreading.com
1	s.dpmsrv.com	beta.darkreading.com
1	img.en25.com	beta.darkreading.com
1	6600d6d98e534115970f9529a45f3195.js.ubembed.com	beta.darkreading.com
1	www.googleoptimize.com	beta.darkreading.com
1	informa-dark-reading.preview.zephr.com	beta.darkreading.com
1	fonts.gstatic.com	www.darkreading.com
1	static.cloudflareinsights.com	www.darkreading.com
1	assets.zephr.com	www.darkreading.com
1	stackpath.bootstrapcdn.com	www.darkreading.com
1	cdnjs.cloudflare.com	www.darkreading.com
1	code.jquery.com	www.darkreading.com
1	ift.tt	1 redirects
0	c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com Failed	beta.darkreading.com
109	43

This site contains links to these domains. Also see Links.

Domain
adclick.g.doubleclick.net

Subject Issuer	Validity	Valid
darkreading.com Cloudflare Inc ECC CA-3	`2022-05-09` - `2023-05-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.contentstack.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-08` - `2023-03-12`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
assets.zephr.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.preview.zephr.com Amazon	`2022-06-12` - `2023-07-11`	a year	crt.sh
*.js.ubembed.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2022-01-04` - `2023-02-05`	a year	crt.sh
*.en25.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-17` - `2023-07-18`	a year	crt.sh
*.dpmsrv.com Amazon	`2022-04-17` - `2023-05-16`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2022-05-06` - `2023-06-03`	a year	crt.sh
static.iris.informa.com Amazon	`2022-08-03` - `2023-09-01`	a year	crt.sh
assets.ubembed.com Amazon	`2022-02-04` - `2023-03-05`	a year	crt.sh
*.treasuredata.com Amazon	`2021-09-17` - `2022-10-16`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
*.in.treasuredata.com Amazon	`2022-06-24` - `2023-07-23`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-24` - `2023-02-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
ml314.com GTS CA 1D4	`2022-06-23` - `2022-09-21`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Frame ID: 3BAFD1C099B7A73E268CEFF36EE103D6
Requests: 103 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-54d18b2ccd1c7fa42c71f18525ba4ad0.html
Frame ID: B2A0BBD5748A96D62F8E8281182BCBB7
Requests: 1 HTTP requests in this frame

Frame: https://c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8D2DE32D39643944E06F6AC50221A4F8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DC64017AB075A615D9D5A7DF92D5238E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9A44FEEAAC2AD19162DAF02756326BC0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ift.tt/JxyZvFH HTTP 302
https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-s... Page URL

Detected technologies

Unbounce (Editors) Expand

Overall confidence: 100%
Detected patterns

ubembed\.com

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

109
Requests

98 %
HTTPS

49 %
IPv6

28
Domains

43
Subdomains

41
IPs

5
Countries

1797 kB
Transfer

5484 kB
Size

29
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsvsphIlGKpyUejXZGXO7uc0e0kLO-1oFoiMjwygIYOOLeYffrnFXHkSH9V93hCp0WBpmJiqEv8GbCu_JlHir8MdZ-Kr8zQ3qd5snZPcWIUT3-aEeG3dc8Tal_CEZ6W8ui8LFKUWffFIR91AqL_RHeEROfc2BkhfkJud4qWJaqFOLkWLQ3Z3m48UNUUKq-jLXfBjTazwH9Lf_AQxF0KtJa0ye7DYC7thdcfxk7TJ81pwsDdngP5f6FlaPwpNoO2uPudp2prCdeVdnu7M421VjuxJsY6g_BrNeuvNWhbOXRCxZr1ZzPk4c-NlsZa5f7VD6WlGEURG-mdGIUBijlIGuZ_1d48mhRa6T3A04wSAGLYYYMwID11M&sai=AMfl-YT6fTyHJd2354jdmx57Pn2fhO-eeU2cyqtZDB47xqhvHCfKcA0Z57KvHkhqjvANNhLeih4DhXhNUVmT4G_YwlEPD0jJyrNhmeQglT6832lNOj4AUrVzyjwR3w5T1Jt72Ok&sig=Cg0ArKJSzJyWIiqqws--EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=https://info.zscaler.com/resources-industry-report-threatlabz-state-of-phishing-report

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ift.tt/JxyZvFH HTTP 302
https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 64

https://trk.darkreading.com/visitor/v200/svrGP?pps=3&siteid=2150&ref=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&ref2=elqNone&tzo=0&ms=297&optin=disabled&firstPartyCookieDomain=trk.darkreading.com HTTP 302
https://trk.darkreading.com/visitor/v200/svrGP?pps=3&siteid=2150&ref=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&ref2=elqNone&tzo=0&ms=297&optin=disabled&elq1pcGUID=6F026729E8F443F8834DB1B41E7E5A1C

109 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware Show response
www.darkreading.com/vulnerabilities-threats/
Redirect Chain

https://ift.tt/JxyZvFH
https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

395 KB
53 KB

549ms
519ms

Document
text/html

2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Next.js
Resource Hash: efd32b56063c7e59e9c55d70b839d8de8da87ebadd6647b64fe087f7281932a9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: s-maxage=30, stale-while-revalidate
cf-cache-status: DYNAMIC
cf-ray: 73797a86294a9202-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 08 Aug 2022 16:02:50 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
vary: Accept-Encoding, Origin
x-powered-by: Next.js
x-proxy-by: https://www.darkreading.com

Redirect headers

cache-control: no-cache
content-type: text/html; charset=utf-8
date: Mon, 08 Aug 2022 16:02:49 GMT
location: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.18.0
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: 0812a48b-67e6-4ee2-86ca-5a83651303fb
x-runtime: 0.011500
x-xss-protection: 1; mode=block

GET
H2 200 newrelic-browser.js Show response
beta.darkreading.com/js/ 30 KB
11 KB 420ms
408ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/js/newrelic-browser.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b0e0e1532b550e4aa75788c0be84dea157a9e3342eb01e2d5f037cdf638521d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 10:28:09 GMT
server: cloudflare
etag: W/"7736-18234e65ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=7200
cf-ray: 73797a898d069202-FRA
expires: Mon, 08 Aug 2022 18:02:50 GMT

GET
H2 200 adsensebase.js Show response
beta.darkreading.com/js/prebid-ads/ 24 B
196 B 404ms
392ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/js/prebid-ads/adsensebase.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 757c66837cfbe8c2533e8c41099d8e50b20f83fbf84ead6a6d7435dcc2ad0884

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 10:28:09 GMT
server: cloudflare
etag: W/"18-18234e65ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=7200
cf-ray: 73797a898d059202-FRA
expires: Mon, 08 Aug 2022 18:02:50 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 84 KB
29 KB 101ms
25ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

8a36e7301f4fc3c8b896b940a96dc828f21894e98e92eea3118caa7a1dba2ae6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28643
x-xss-protection: 0
server: sffe
etag: "1297 / 633 of 1000 / last-modified: 1659956678"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 08 Aug 2022 16:02:50 GMT

GET
H2 200 52183980cd24f89652ec.css
beta.darkreading.com/_next/static/css/ 433 KB
59 KB 38ms
26ms Stylesheet
text/css 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/css/52183980cd24f89652ec.css
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d4f9a24b30a47c538face82103ae43eaabfd5bdda77480caf5e0b0132b925f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 6508373
etag: W/"628de08b-6c2a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a898d049202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 webpack-7fb052d7c600418576ab.js Show response
beta.darkreading.com/_next/static/chunks/ 3 KB
2 KB 21ms
17ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/webpack-7fb052d7c600418576ab.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 809bfb85f0fe84db235d48e159f6eb86b6ebf69ac613c61d66e7c2aebb868398

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 6508372
etag: W/"628de08b-ce0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c3ffd9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 framework-3af989d3dbeb77832f99.js Show response
beta.darkreading.com/_next/static/chunks/ 129 KB
42 KB 37ms
32ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/framework-3af989d3dbeb77832f99.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dcc17de6c7a4aa95a465d7fbb436e3f4c412dad3aa183fde03fa32f9178c3ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-2025e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c3fff9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 main-4579d29662f3fd692d14.js Show response
beta.darkreading.com/_next/static/chunks/ 90 KB
27 KB 25ms
20ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/main-4579d29662f3fd692d14.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3e34be9443c0ab7eb569e14bc5af571e06d760368b659a0a3a417ff743f785e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-169c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c38039202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 _app-ed3bf26a215597ef97e2.js Show response
beta.darkreading.com/_next/static/chunks/pages/ 449 KB
142 KB 38ms
34ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/pages/_app-ed3bf26a215597ef97e2.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47cb96b05d896668a55f58a1a352f71a53fe50b1ab85a9920e8da3cbe3e20a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Apr 2022 10:53:01 GMT
server: cloudflare
age: 10731727
etag: W/"624d710d-70215"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c38059202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 75fc9c18-84e7ab66c7989b7a8b6f.js Show response
beta.darkreading.com/_next/static/chunks/ 59 KB
20 KB 27ms
23ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/75fc9c18-84e7ab66c7989b7a8b6f.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ac5442585942acb8da8f6fd1e2ef864b68a552686c83484c0044772d6a3ec77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-eb8b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c38079202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 c0ed2f06-8374a19ea75854b54102.js Show response
beta.darkreading.com/_next/static/chunks/ 372 KB
80 KB 31ms
28ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/c0ed2f06-8374a19ea75854b54102.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 403e89bf468c203d1f4887cbc4ab12878370cbade342b65d30c36a38d60894ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-5cf19"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c38089202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 466-a973b8e13a6f2860f90f.js Show response
beta.darkreading.com/_next/static/chunks/ 44 KB
15 KB 32ms
32ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/466-a973b8e13a6f2860f90f.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b30f33afeec62f5aef6d6e927c450c42ed04fa92264342f9a3cf361e3171d16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-b092"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c58229202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 291-55c701e69d5a14f2bfa0.js Show response
beta.darkreading.com/_next/static/chunks/ 8 KB
3 KB 29ms
28ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/291-55c701e69d5a14f2bfa0.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ced09284a1c4ae88949d807100d854ae5afebca35c07dc3d792c937ddbdc472

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 4190124
etag: W/"628de08b-1ee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c58289202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 36-4030719854f3a1daeb7a.js Show response
beta.darkreading.com/_next/static/chunks/ 86 KB
27 KB 32ms
32ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/36-4030719854f3a1daeb7a.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c99565562824219eadf0a860cd9da35ac1d48410d3e65d467968c5af4fb4f62

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-15985"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c783c9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 163-b67d0f660a885f8ad009.js Show response
beta.darkreading.com/_next/static/chunks/ 174 KB
50 KB 28ms
27ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/163-b67d0f660a885f8ad009.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfd4f754e134eb42e45e6bf5e41d05516b5ad6465deb4ca63ac77ffa58292b1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 4190124
etag: W/"628de08b-2b73a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c784a9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 844-74c2dc28aa7c154127ca.js Show response
beta.darkreading.com/_next/static/chunks/ 19 KB
7 KB 24ms
23ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/844-74c2dc28aa7c154127ca.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e14573ba9dd1cb9df5d3676c134f794ff4ff4629365e005b3c1dd79d3457870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 4190124
etag: W/"628de08b-4aa7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-polished: origSize=19111
cf-bgj: minify
cf-ray: 73797a8c784c9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 521-c929240aebd9411602ac.js Show response
beta.darkreading.com/_next/static/chunks/ 7 KB
2 KB 22ms
22ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/521-c929240aebd9411602ac.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3e24d795b082a4439815f85eb8492536f32471869b482f1c4e4754c6fb5261b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 27 Apr 2022 08:38:54 GMT
server: cloudflare
age: 8925287
etag: W/"6269011e-1ad2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c784d9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 302-be658919964d3774c8db.js Show response
beta.darkreading.com/_next/static/chunks/ 112 KB
27 KB 21ms
18ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/302-be658919964d3774c8db.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74f5dbfff8c31d8876ddeb224b893ab65552f596b25b3577cf6d6f519c9e8ac9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Apr 2022 10:53:01 GMT
server: cloudflare
age: 10731727
etag: W/"624d710d-1be0b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-polished: origSize=114187
cf-bgj: minify
cf-ray: 73797a8c885f9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 920-8276df14b36f7124344e.js Show response
beta.darkreading.com/_next/static/chunks/ 131 KB
38 KB 22ms
21ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/920-8276df14b36f7124344e.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8f56a12e38109ef29bb878c56b13963bdc33d48e7deed8a788a24fe0171d9cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-20a77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c88619202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 2-8ae03f4e3e5cb6e3d66a.js Show response
beta.darkreading.com/_next/static/chunks/ 136 KB
43 KB 26ms
26ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/2-8ae03f4e3e5cb6e3d66a.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a6c3d599df1f9652eaead106ccaf3af4eed8645fe10b0791499f8826c4febd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jan 2022 09:44:59 GMT
server: cloudflare
age: 16870585
etag: W/"61dea31b-22107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c98739202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 311-12253774a83c27883651.js Show response
beta.darkreading.com/_next/static/chunks/ 54 KB
14 KB 22ms
21ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/311-12253774a83c27883651.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa329d3b29e8f762376ea2cab848dd2f7fce3f4830763b99bf36f0780df87443

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 6507777
etag: W/"628de08b-d881"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8c98749202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 596-25f9fe51e4bc5e4ddd4f.js Show response
beta.darkreading.com/_next/static/chunks/ 17 KB
6 KB 18ms
18ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/596-25f9fe51e4bc5e4ddd4f.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86646baf6689e8941f4bfd0619eefc77c58b85e7f54dd83d84c8d834a410c4a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 13 Apr 2022 09:17:34 GMT
server: cloudflare
age: 10132000
etag: W/"6256952e-42ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8ca8769202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 470-23c01b4437a512c2fc06.js Show response
beta.darkreading.com/_next/static/chunks/ 13 KB
3 KB 22ms
21ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/470-23c01b4437a512c2fc06.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1813980c6380c04ed03acf13c8c9589024fa19202df34f668bb058fab3e251c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Apr 2022 10:53:01 GMT
server: cloudflare
age: 10731535
etag: W/"624d710d-3308"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8ca8849202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 450-15120495ffb273a10a0a.js Show response
beta.darkreading.com/_next/static/chunks/ 71 KB
14 KB 20ms
20ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/450-15120495ffb273a10a0a.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d2a09a3afcca5fbef5ffa5a5fdd63673e83af9c6f4939541f46366b6adc806e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 6508372
etag: W/"628de08b-11d07"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8ca8889202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 %5BhybidPage%5D-67d494911bcf2b5bffcd.js Show response
beta.darkreading.com/_next/static/chunks/pages/%5Bcategory%5D/ 36 KB
11 KB 17ms
17ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/pages/%5Bcategory%5D/%5BhybidPage%5D-67d494911bcf2b5bffcd.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78916daf46a47129f0fed3287e980faa6403d4ce0801c6448eff5ade12f6f1d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 07:53:47 GMT
server: cloudflare
age: 6508372
etag: W/"628de08b-8eb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8cb88a9202-FRA
expires: Tue, 08 Aug 2023 16:02:50 GMT

GET
H2 200 _buildManifest.js Show response
beta.darkreading.com/_next/static/d3dd00fd0c35a4cd5bf033a6470b217b9b93fe1b/ 3 KB
1 KB 17ms
17ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/d3dd00fd0c35a4cd5bf033a6470b217b9b93fe1b/_buildManifest.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84978f05058d591d3cadc3f61527f30dfcef5ada102582c1a85674a3fdb689e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 10:30:22 GMT
server: cloudflare
age: 1228671
etag: W/"62de70be-b66"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8cc89d9202-FRA
expires: Tue, 08 Aug 2023 16:02:51 GMT

GET
H2 200 _ssgManifest.js Show response
beta.darkreading.com/_next/static/d3dd00fd0c35a4cd5bf033a6470b217b9b93fe1b/ 151 B
233 B 17ms
16ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/d3dd00fd0c35a4cd5bf033a6470b217b9b93fe1b/_ssgManifest.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 293c780b3a79b98415e3b7e1f91d1f08510bfc18e5ab3bbe5fc99676d3c4f024

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 10:30:49 GMT
server: cloudflare
age: 1228671
etag: W/"62de70d9-97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8cc8a09202-FRA
expires: Tue, 08 Aug 2023 16:02:51 GMT

GET
H2 200 google_achinthamb_shutterstock.jpg
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blte5ff1f773d255b95/6206ba14e413e76824f96b8d/ 55 KB
55 KB 66ms
27ms Image
image/webp 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blte5ff1f773d255b95/6206ba14e413e76824f96b8d/google_achinthamb_shutterstock.jpg?quality=80&format=webply&width=690

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

490043c9bbb1dfd407a63552da09513e01495037395d659180f78a67f7b39ccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
via: 1.1 varnish, 1.1 varnish
age: 3208705
x-cache: HIT, HIT
fastly-io-info: ifsz=905173 idim=1000x667 ifmt=jpeg ofsz=56438 odim=690x460 ofmt=webp
filename1: custom
content-disposition: inline; filename=google_achinthamb_shutterstock.webp
fastly-stats: io=1
content-length: 56438
x-request-id: 79087
x-served-by: cache-ams12752-AMS, cache-fra19173-FRA
x-runtime: 101ms
x-timer: S1659974571.958389,VS0,VE15
x-contentstack-organization: blt5948195ac13977b0
etag: "XCRPFWJfPhmZY6BfQ5ZRIlFA+JoDd66SryMc6XNyBK0"
strict-transport-security: max-age=31557600
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 jquery-3.3.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 55ms
16ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1111d"
vary: Accept-Encoding
x-hw: 1659974570.dop127.fr8.t,1659974570.cds281.fr8.hn,1659974570.cds274.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 24038

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ 20 KB
7 KB 31ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4187069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6458
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-500f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVBLmBoi%2BfMoU6BRytgGhWAaLDt3pqYBu%2BlKdaKIGx9axAeomzXLyT0BmyiEk2QJckJ%2FBkz1NWRaTyd09UG4LlpnqU5I6yXQaEkPLT2GlvzGf6xqNfur3Xp9lpFaKi%2FCg87qi8pw2GhqmBZmzG%2ByQBvF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 73797a8c5ba69243-FRA
expires: Sat, 29 Jul 2023 16:02:50 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ 49 KB
15 KB 54ms
24ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 718, 718
age: 13909244
cdn-cachedat: 2021-06-08 18:02:12
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a9c552a6ef500abddb12a9852509d4ed
cf-ray: 73797a8c9ec39153-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Whitelogo_1.png
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt3edeb23396a4b5dc/60b1ea7a9afdef577986633e/ 8 KB
8 KB 8ms
7ms Image
image/png 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt3edeb23396a4b5dc/60b1ea7a9afdef577986633e/Whitelogo_1.png

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2c947fb257287976cf7cd15cd2a488c1cc4093a5c5ff2a40a56ba9a7c9e07c08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
via: 1.1 varnish, 1.1 varnish
age: 3255612
x-cache: HIT, HIT
fastly-io-info: ifsz=7774 idim=336x84 ifmt=png ofsz=7760 odim=336x84 ofmt=png
content-disposition: inline; filename=Whitelogo_1.png
fastly-stats: io=1
content-length: 7760
x-request-id: 99142
x-served-by: cache-ams12754-AMS, cache-fra19173-FRA
x-runtime: 80ms
x-timer: S1659974571.968935,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
etag: "9lnNwdU3SaksRme/Az7CUYHUn98eOJQreS0ZWDc0+sA"
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 4

GET
H2 200 zephr-browser.umd.js Show response
assets.zephr.com/zephr-browser/1.3.10/ 39 KB
15 KB 37ms
8ms Script
application/javascript 18.66.112.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.zephr.com/zephr-browser/1.3.10/zephr-browser.umd.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-14.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d98f3c146304d61e34da5e04cb32b628c58b401b7c01576d6c47f8f1ca6bea02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 02:24:08 GMT
content-encoding: gzip
last-modified: Wed, 10 Nov 2021 11:00:47 GMT
server: AmazonS3
age: 49170
etag: W/"55053cbc5cf4062ebe713185efced2ca"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: -Ps2mR9-hbQe84U9onaSNk6V3MN4wdWKNA1SuDhuD0EoiIB_8LWI-w==

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 57ms
39ms Script
text/javascript 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://www.darkreading.com/
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 73797a8cab4292c9-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 216 KB
64 KB 76ms
38ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T52Z3Z3

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

487ce65aa041f02e14b5d1dd4874bfbe69dd1ae2e784cea5487e0e566ec9c4a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65001
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 08 Aug 2022 16:02:51 GMT

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d44c3403ac31b08a81867bcfdb18981cd3a3e8e42356cf64dd68bead051b64b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 4UaOrEtFpBISc36j2jDu5w.woff2
fonts.gstatic.com/s/exo/v20/ 20 KB
20 KB 67ms
16ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo/v20/4UaOrEtFpBISc36j2jDu5w.woff2

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb657972079f36258237fd79c9b7cf160c82943f31fe5ff1b0e10be49e27be5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.darkreading.com/
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 16:59:11 GMT
x-content-type-options: nosniff
age: 428619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20268
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 19:19:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Aug 2023 16:59:11 GMT

GET
H2 200 pdf.efec47dadbf7da17b090bbdb7ada07ba.png
beta.darkreading.com/_next/static/media/ 8 KB
8 KB 18ms
17ms Image
image/png 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beta.darkreading.com/_next/static/media/pdf.efec47dadbf7da17b090bbdb7ada07ba.png
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/_next/static/css/52183980cd24f89652ec.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e153b77b7b590360c91df38e894d46fd6061ce57cc0bbbc09f4c408a66bd0c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://beta.darkreading.com/_next/static/css/52183980cd24f89652ec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:50 GMT
cf-cache-status: HIT
age: 5300
cf-polished: origSize=11781
last-modified: Mon, 25 Jul 2022 10:30:22 GMT
content-length: 8484
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "62de70be-2e05"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 73797a8c88629202-FRA
expires: Mon, 08 Aug 2022 18:02:50 GMT

GET
H2 200 465.860e9d00e68bf80b4535.js Show response
beta.darkreading.com/_next/static/chunks/ 2 KB
1 KB 15ms
15ms Script
application/javascript 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.darkreading.com/_next/static/chunks/465.860e9d00e68bf80b4535.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8028c67a8d75e527561d4fb6fecbba6993ff48645f0b57d5033809e558e59d13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 May 2022 08:21:50 GMT
server: cloudflare
age: 7069469
etag: W/"6284ac9e-95f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-bgj: minify
cf-ray: 73797a8da98b9202-FRA
expires: Tue, 08 Aug 2023 16:02:51 GMT

GET
H2 200 session Show response
www.darkreading.com/api/auth/ 2 B
405 B 127ms
125ms Fetch
application/json 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.darkreading.com/api/auth/session
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
tracestate: 3288925@nr=0-1-3288925-256687733-f3f263e6ef4d35d4----1659974571166
traceparent: 00-d16f871f37a5e4b1aeffbd28fc359d30-f3f263e6ef4d35d4-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjMyODg5MjUiLCJhcCI6IjI1NjY4NzczMyIsImlkIjoiZjNmMjYzZTZlZjRkMzVkNCIsInRyIjoiZDE2Zjg3MWYzN2E1ZTRiMWFlZmZiZDI4ZmMzNTlkMzAiLCJ0aSI6MTY1OTk3NDU3MTE2Nn19

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
x-proxy-by: https://www.darkreading.com
cf-cache-status: DYNAMIC
server: cloudflare
etag: "2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 73797a8dd9b39202-FRA
content-length: 2

GET
H2 200 session Show response
www.darkreading.com/api/auth/ 2 B
206 B 479ms
476ms Fetch
application/json 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.darkreading.com/api/auth/session
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
tracestate: 3288925@nr=0-1-3288925-256687733-0d305a6536da4eb6----1659974571166
traceparent: 00-7e3920b425125e6df45d6249ccd9d920-0d305a6536da4eb6-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjMyODg5MjUiLCJhcCI6IjI1NjY4NzczMyIsImlkIjoiMGQzMDVhNjUzNmRhNGViNiIsInRyIjoiN2UzOTIwYjQyNTEyNWU2ZGY0NWQ2MjQ5Y2NkOWQ5MjAiLCJ0aSI6MTY1OTk3NDU3MTE2Nn19

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
x-proxy-by: https://www.darkreading.com
cf-cache-status: DYNAMIC
server: cloudflare
etag: "2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 73797a8dd9b79202-FRA
content-length: 2

GET
H2 200 Frame_1728.svg
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt456fd002839bae7e/620377d02be9c249dcea7cc9/ 8 KB
3 KB 10ms
8ms Image
image/svg+xml 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt456fd002839bae7e/620377d02be9c249dcea7cc9/Frame_1728.svg?quality=80&format=webply&width=222

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

958136771bc42c0cbea29f08be65260d0b8b63020d9f41039261fbf26a0cc942

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 varnish, 1.1 varnish
fastly-io-error: not a supported image format
age: 6004346
x-cache: HIT, HIT
filename1: custom
content-disposition: inline; filename=Frame_1728.svg+xml
fastly-stats: io=1
content-encoding: gzip
content-length: 3197
x-request-id: 16312
x-served-by: cache-ams12750-AMS, cache-fra19173-FRA
x-runtime: 78ms
x-timer: S1659974571.173393,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 4

GET
H2 200 Article.svg
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt27dca7fd9a7ec07d/60da98a6537dbc26a0e2a2d3/ 3 KB
1 KB 12ms
10ms Image
image/svg+xml 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt27dca7fd9a7ec07d/60da98a6537dbc26a0e2a2d3/Article.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

de06fea245b0036d21764fcf2b9a4791c0a0f1e927e3916c7d779cb44a1977bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 varnish, 1.1 varnish
fastly-io-error: not a supported image format
age: 2903072
x-cache: HIT, HIT
content-disposition: inline; filename=Article.svg
fastly-stats: io=1
content-encoding: gzip
content-length: 1177
x-request-id: 61755
x-served-by: cache-ams12776-AMS, cache-fra19173-FRA
x-runtime: 70ms
x-timer: S1659974571.173740,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2, 3

GET
H2 200 NathanEddyHeadshot.PNG
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/bltf8b5a94afa71c53a/628e3799daa31875dc0c9fc0/ 3 KB
3 KB 13ms
11ms Image
image/webp 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/bltf8b5a94afa71c53a/628e3799daa31875dc0c9fc0/NathanEddyHeadshot.PNG?quality=80&format=webply&width=100

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76afb6d60cc897afee2432deba698cec096252516b5706b6a9a76dd1ae3f5d1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 varnish, 1.1 varnish
age: 5409613
x-cache: HIT, HIT
fastly-io-info: ifsz=219304 idim=435x410 ifmt=png ofsz=2872 odim=100x94 ofmt=webp
filename1: custom
content-disposition: inline; filename=NathanEddyHeadshot.webp
fastly-stats: io=1
content-length: 2872
x-request-id: 93405
x-served-by: cache-ams21075-AMS, cache-fra19173-FRA
x-runtime: 125ms
x-timer: S1659974571.173728,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
etag: "y3lWvaOWPCsVmKQXqaicrxRS2cHykmz3ujWy63yHv9A"
strict-transport-security: max-age=31557600
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2, 2

GET
H2 200 Money-pixabay.jpg
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt8211a1ae86e9c4b9/626b034411a67766f42c0725/ 2 KB
3 KB 10ms
8ms Image
image/webp 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt8211a1ae86e9c4b9/626b034411a67766f42c0725/Money-pixabay.jpg?quality=80&format=webply&width=100

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e939e2ae6c313815d2659824e4404c365cdd43fec5a91243dc9dc6397a6904ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 varnish, 1.1 varnish
age: 1777708
x-cache: HIT, HIT
fastly-io-info: ifsz=92366 idim=690x463 ifmt=jpeg ofsz=2356 odim=100x67 ofmt=webp
filename1: custom
content-disposition: inline; filename=Money-pixabay.webp
fastly-stats: io=1
content-length: 2356
x-request-id: 10490
x-served-by: cache-ams12726-AMS, cache-fra19173-FRA
x-runtime: 103ms
x-timer: S1659974571.173731,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
etag: "uveC+XN0045kxjQuM8ySGvgzlFr5Spjrg8mY9QmTYXY"
strict-transport-security: max-age=31557600
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 2

GET
H2 200 office_Wachiwit_shutterstock.jpg
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/bltf9411709a198f267/62e19ee3f6cf3d6bf8fffe90/ 2 KB
3 KB 11ms
9ms Image
image/webp 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/bltf9411709a198f267/62e19ee3f6cf3d6bf8fffe90/office_Wachiwit_shutterstock.jpg?quality=80&format=webply&width=100

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f3e465e09932db45951f460bf7a0f43246d23e90ac1c593f0de7f3e3c03f3d03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 varnish, 1.1 varnish
age: 1021127
x-cache: HIT, HIT
fastly-io-info: ifsz=553696 idim=1000x667 ifmt=jpeg ofsz=2442 odim=100x67 ofmt=webp
filename1: custom
content-disposition: inline; filename=office_Wachiwit_shutterstock.webp
fastly-stats: io=1
content-length: 2442
x-request-id: 98080
x-served-by: cache-ams12767-AMS, cache-fra19173-FRA
x-runtime: 72ms
x-timer: S1659974571.173678,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
etag: "2ZZvk7EvWXSUTagHIrU2IZW2FM6mXlxdBJAGQ4y3K7E"
strict-transport-security: max-age=31557600
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 2

GET
H2 200 escape-fStop-AdobeStock.jpeg
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt1a86a05f8f89e6a9/62cdb208a8afdd74d90c6e02/ 2 KB
2 KB 11ms
9ms Image
image/webp 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt1a86a05f8f89e6a9/62cdb208a8afdd74d90c6e02/escape-fStop-AdobeStock.jpeg?quality=80&format=webply&width=100

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e92729fd9e4cb8b66389dda5ef5ba579f750f3a117c11a3e181350e930f8188c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 varnish, 1.1 varnish
age: 2326946
x-cache: HIT, HIT
fastly-io-info: ifsz=713936 idim=1688x1125 ifmt=jpeg ofsz=2020 odim=100x67 ofmt=webp
filename1: custom
content-disposition: inline; filename=escape-fStop-AdobeStock.webp
fastly-stats: io=1
content-length: 2020
x-request-id: 61779
x-served-by: cache-ams12724-AMS, cache-fra19173-FRA
x-runtime: 95ms
x-timer: S1659974571.173684,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
etag: "0ZBljoNiJonGyDYKd6Pk6QiX88uQm7DiOX0ycza8irY"
strict-transport-security: max-age=31557600
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2, 2

GET
H2 200 super8ball-Diego_Schtutman-alamy.jpg
eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt1284535a6846e5ec/62cc9b6eab34777c22aa4da4/ 1 KB
2 KB 12ms
10ms Image
image/webp 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt1284535a6846e5ec/62cc9b6eab34777c22aa4da4/super8ball-Diego_Schtutman-alamy.jpg?quality=80&format=webply&width=100

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5b354a3347809c7bbf3e19bcbcc4e721b24e70c558115ae19901a02ab2856870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 varnish, 1.1 varnish
age: 2398267
x-cache: HIT, HIT
fastly-io-info: ifsz=560438 idim=7000x4500 ifmt=jpeg ofsz=1334 odim=100x64 ofmt=webp
filename1: custom
content-disposition: inline; filename=super8ball-Diego_Schtutman-alamy.webp
fastly-stats: io=1
content-length: 1334
x-request-id: 95809
x-served-by: cache-ams21030-AMS, cache-fra19173-FRA
x-runtime: 55ms
x-timer: S1659974571.173906,VS0,VE0
x-contentstack-organization: blt5948195ac13977b0
etag: "qeOjf2OdCFYMbGKPwIfeCNq3GUOyofpNTmK20UcV/mQ"
strict-transport-security: max-age=31557600
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 2

GET
H2 200 cookie-close.svg
beta.darkreading.com/icons/ 667 B
472 B 399ms
398ms Image
image/svg+xml 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beta.darkreading.com/icons/cookie-close.svg
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5a1598944cdacee0760775794bff19417c31947033f3b013af8b6ceac45875c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 10:28:09 GMT
server: cloudflare
etag: W/"29b-18234e65ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=7200
cf-ray: 73797a8dd9b89202-FRA
expires: Mon, 08 Aug 2022 18:02:51 GMT

GET
H2 200 features Show response
informa-dark-reading.preview.zephr.com/zephr/ 3 B
844 B 142ms
96ms Fetch
application/json 18.66.139.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://informa-dark-reading.preview.zephr.com/zephr/features
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-47.fra60.r.cloudfront.net
Software: /
Resource Hash: 5984eac0c5c6d947241e29dd5671b81a1546cedf77e08d38438ac47029969afa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-cache: Miss from cloudfront
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: public, max-age=300
access-control-allow-credentials: true
access-control-allow-headers: Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
content-length: 3
x-amz-cf-id: zuH0g3lo0GUnCg1nIWsWrPRuN0EItOTKOD4iXR6JTz5vi8jAvj_q2Q==
x-blaize-request: 67db08c5

GET
H2 200 pubads_impl_2022080301.js Show response
securepubads.g.doubleclick.net/gpt/ 381 KB
130 KB 30ms
29ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080301.js?cb=31068785

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

d6f327e8f217c193d4139ec967dd138dde3958395b06a4e4cd8e346faa27dedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 13:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132985
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 08:38:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 08 Aug 2023 13:51:20 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 95 B
109 B 92ms
48ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.darkreading.com

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

31778d7d5cdf674cb88174d58247acb84fc97239ee406994a646c5d3d0b8cb64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84
x-xss-protection: 0
expires: Mon, 08 Aug 2022 16:02:51 GMT

GET
H2 200 image
www.darkreading.com/_next/ 654 B
876 B 494ms
494ms Image
image/webp 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/_next/image?url=%2F_next%2Fstatic%2Fimage%2Fpublic%2Fimages%2Firibbon-logo.61822a6f728dd50c5ab494ce9936bac3.png&w=96&q=75

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab36b8356d4b7e3e3591b161427e6fb18512a2ccc8a787f8cc03294cf2f30478

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; sandbox;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
x-proxy-by: https://www.darkreading.com
cf-cache-status: DYNAMIC
server: cloudflare
etag: qza4NW1Lfj41kbFhQn5vsYUSoszIp4f4zAMpTPLzBHg=
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Origin, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
content-disposition: inline; filename="iribbon-logo.webp"
cache-control: public, max-age=315360000, immutable
content-security-policy: script-src 'none'; sandbox;
cf-ray: 73797a8e3a179202-FRA

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 104 KB
41 KB 85ms
23ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-W6LRXN3

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5a9089a3b365522f800aa944a12896919d999c378f9d15d1c1d0c7dace304ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41249
x-xss-protection: 0
expires: Mon, 08 Aug 2022 16:02:51 GMT

GET
H2 200 / Show response
6600d6d98e534115970f9529a45f3195.js.ubembed.com/ 485 B
764 B 41ms
7ms Script
application/json 151.101.193.131
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://6600d6d98e534115970f9529a45f3195.js.ubembed.com/
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.131 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7a9c5310db328d2bdce5978fce03e8bbba211fa60e274261888e7abfc92e183b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
x-backend-region: eu_west_1
age: 4673
etag: W/aaab40e12ca91eabbcb0f8f10bd5715a-v0.179.2
vary: Accept-Encoding, Referer
x-cache: Miss from cloudfront, HIT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0, must-revalidate
x-amz-cf-pop: FRA56-C1
accept-ranges: none
x-amz-apigw-id: WjIoqF-8DoEFcxQ=

GET
H/1.1 200
OK elqCfg.min.js Show response
img.en25.com/i/ 6 KB
3 KB 34ms
11ms Script
application/x-javascript 96.16.149.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img.en25.com/i/elqCfg.min.js

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.16.149.96 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-149-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 2183
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Wed, 22 Jun 2022 13:18:58 GMT
Date: Mon, 08 Aug 2022 16:02:51 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-store
ETag: "7795cda13a86d81:0"
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow
Expires: Mon, 08 Aug 2022 16:02:51 GMT

GET
H/1.1 200
OK dpm_8effee409c625e1a2d8f5033631840e6ce1dcb64.min.js Show response
s.dpmsrv.com/ 0
520 B 51ms
7ms Script
application/x-javascript 13.32.99.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.dpmsrv.com/dpm_8effee409c625e1a2d8f5033631840e6ce1dcb64.min.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-16.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 02:35:53 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 Jun 2022 13:48:51 GMT
Server: AmazonS3
Age: 48419
ETag: "4a4dd3598707603b3f76a2378a4504aa"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 f06c87fa57d0c9fd7439d7fdbd148c62.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P3
Accept-Ranges: bytes
Content-Length: 20
X-Amz-Cf-Id: VA5fU64_GZY7j6jDc8yYLQEdQTwfnKqiK10FwW1Mt2lkN-GtTDVP0w==

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
2 KB 105ms
41ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f7d647330ef8b48d3f3c4474cae466809967e6b17c95ff9a0ce4ba90679daf2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 08 Aug 2022 16:02:51 GMT

GET
H2 200 hotjar-2610568.js Show response
static.hotjar.com/c/ 9 KB
4 KB 26ms
8ms Script
application/javascript 18.66.97.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2610568.js?sv=6

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-53.fra56.r.cloudfront.net

Software

Resource Hash

308fc9d5cf66d03a8ef69fe2da22426277712da9e2cbd5d60dd9705c97ad4814

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-origin: *
x-cache-hit: 1
etag: W/8b2c5211d0bbbab06235cef184adc6a3
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
cache-control: max-age=60
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: 2eyHCbEHlJgsFTL6Qd0_lV-Sho-iV1TZvtMsWH-CZLMFV2zaqWEYNw==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 200 KB
71 KB 61ms
32ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1X1EHQ3PFR&l=dataLayer&cx=c

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cfcdb31470827837b2f4fb43052ab8d0ad443ac400aea801a0e40e426189916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72932
x-xss-protection: 0
expires: Mon, 08 Aug 2022 16:02:51 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 50ms
14ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 3651
date: Mon, 08 Aug 2022 15:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 08 Aug 2022 17:02:00 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 37 KB
15 KB 67ms
8ms Script
application/x-javascript 2600:9000:223c:b800:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:b800:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 300706e57de1a7af148bd670379c4b39bb36dda8160e42d92747a3139af37816

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 14:54:46 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 00:50:34 GMT
server: nginx
age: 4085
etag: W/"62d7515a-933f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: snu9KsmpqKeiQez0mJWAr2ZRtMtYa5PTmCEyStF0jULOR0wm4M3YvQ==
expires: Mon, 08 Aug 2022 16:54:46 GMT

GET
H2 200 iris-t.js Show response
static.iris.informa.com/widgets/v3.0/ 8 KB
4 KB 45ms
8ms Script
application/javascript 13.32.99.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.iris.informa.com/widgets/v3.0/iris-t.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-33.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 70ed3cea0f6235d66dbc4a6ed3932bc3a95c19b306479a9609db9839312bb0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 08 Aug 2022 14:43:04 GMT
content-encoding: br
last-modified: Tue, 26 Jul 2022 10:27:14 GMT
server: AmazonS3
age: 4788
etag: W/"a6949cae4f1e1ef1a6e6aac5ec746dc9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: mZG8_arNLkGYm1UgyMX8LqZC6DjL12sz
via: 1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-type: application/javascript
x-amz-cf-id: Si89XG14WJ1NhCurfoDv6Q2QE5Pfd3yfF-gjQhi_E_6csYbLCJU0dQ==

GET
H2 200 modules.0e32ccb9bfd67090f5ca.js Show response
script.hotjar.com/ 249 KB
64 KB 27ms
9ms Script
application/javascript 52.222.236.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0e32ccb9bfd67090f5ca.js

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-74.fra56.r.cloudfront.net

Software

Resource Hash

b8ea26b655664c090e9458919e81401c39f87d2e8a675663b1da92351840f067

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 16:18:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 344684
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains
content-length: 64991
access-control-allow-origin: *
last-modified: Thu, 04 Aug 2022 16:17:15 GMT
etag: "1c50abd15784ee393d3fe4003e188eef"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 71c4b07776e0b6812900664940c9d7a6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: hU2nqgnFgvVM_kE0UNIZjE4SNhjIYacv4c3p_PpbJeqnZhyNjmy7Rw==

GET
H/1.1

200
OK

svrGP
trk.darkreading.com/visitor/v200/
Redirect Chain

https://trk.darkreading.com/visitor/v200/svrGP?pps=3&siteid=2150&ref=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to...
https://trk.darkreading.com/visitor/v200/svrGP?pps=3&siteid=2150&ref=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to...

49 B
504 B

247ms
247ms

Image
image/gif

142.0.173.15
NETDYNAMICS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trk.darkreading.com/visitor/v200/svrGP?pps=3&siteid=2150&ref=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&ref2=elqNone&tzo=0&ms=297&optin=disabled&elq1pcGUID=6F026729E8F443F8834DB1B41E7E5A1C

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

HTTP/1.1

Server

142.0.173.15 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Aug 2022 16:02:51 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 49
X-Xss-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Date: Mon, 08 Aug 2022 16:02:51 GMT
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location: https://trk.darkreading.com/visitor/v200/svrGP?pps=3&siteid=2150&ref=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&ref2=elqNone&tzo=0&ms=297&optin=disabled&elq1pcGUID=6F026729E8F443F8834DB1B41E7E5A1C
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 442
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H2 200 bundle.js Show response
assets.ubembed.com/universalscript/releases/v0.179.2/ 174 KB
48 KB 37ms
8ms Script
application/javascript 108.138.17.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ubembed.com/universalscript/releases/v0.179.2/bundle.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b318b179b35ca92c87626801798f3bce3864172926ae10288f0460a53f30177c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 25 May 2022 02:45:33 GMT
content-encoding: gzip
last-modified: Tue, 05 Apr 2022 16:31:05 GMT
server: AmazonS3
age: 6527838
etag: W/"359008fe01078c59c66e034866170bd2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P7
x-amz-cf-id: sEB3qh4KDyVVyfxvUAoeS08WMSc3PaOidaDwHfNRSaqNkWpHBs8B-Q==

GET
H2 200 f23io39d.js Show response
static.iris.informa.com/ 70 KB
23 KB 8ms
7ms Script
application/javascript 13.32.99.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.iris.informa.com/f23io39d.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-33.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4f381ccb6f965e2011700b253aa446e84060a338cc416055eabca3b62fa35435

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: r.70SgccGRmRk8cXfo6q55SZB1TmHyVy
content-encoding: gzip
etag: W/"a790df23a63287b42b6e7324cb81afd9"
last-modified: Thu, 02 Sep 2021 16:02:23 GMT
server: AmazonS3
age: 50846
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront)
date: Mon, 08 Aug 2022 01:55:49 GMT
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: Xm5t1dYXS9x6KVeO8T0g7195dV63SeG0jMkgvQUrpUGbfOon7jZxRg==

GET
H/1.1 200
OK td.min.js Show response
cdn.treasuredata.com/sdk/3.0/ 58 KB
20 KB 39ms
9ms Script
application/javascript 13.32.99.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.treasuredata.com/sdk/3.0/td.min.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-103.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 262f87d47643975a4633b675fc224c7a178d99e579e5d767f4a43ca7cc0bb9de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 10 May 2022 23:11:40 GMT
Content-Encoding: gzip
Age: 7750272
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Last-Modified: Mon, 05 Jul 2021 08:58:13 GMT
Server: AmazonS3
Etag: W/"4b9abb36767431f05495228eb82edf01"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Cache-Control: public, max-age=315360000
X-Amz-Cf-Pop: FRA60-P3
X-Amz-Cf-Id: FGO1M5UiG0yhbtNUiE7OIMoR5cgfWr3egbmPQffsdI8YWZhhhfxkoA==

OPTIONS
H2 200 ed0
c.darkreading.com/com.iiris/ Frame 0
0 162ms
129ms Preflight 2606:4700::6811:7863
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.darkreading.com/com.iiris/ed0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7863 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.darkreading.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.darkreading.com
access-control-max-age: 5
cf-cache-status: DYNAMIC
cf-ray: 73797a8f2fb6bb43-FRA
content-length: 0
date: Mon, 08 Aug 2022 16:02:51 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare

POST
H2 200 ed0 Show response
c.darkreading.com/com.iiris/ 2 B
376 B 134ms
133ms XHR
text/plain 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.darkreading.com/com.iiris/ed0
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 73797a8ffc019202-FRA
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://www.darkreading.com
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
content-length: 2

GET
H2 200 box-54d18b2ccd1c7fa42c71f18525ba4ad0.html Show response
vars.hotjar.com/ Frame B2A0 2 KB
1 KB 32ms
8ms Document
text/html 18.66.139.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-54d18b2ccd1c7fa42c71f18525ba4ad0.html

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.139.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-139-40.fra60.r.cloudfront.net

Software

Resource Hash

3b534eeaf216d2e54730d1c9bb15344f4b78712e6c781d31555585c51651e989

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://www.darkreading.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 612884
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 01 Aug 2022 13:48:07 GMT
etag: "b310868fbdb4c8ee7d37e1b85ae269fa"
last-modified: Mon, 01 Aug 2022 13:47:35 GMT
strict-transport-security: max-age=86400; includeSubDomains
vary: Accept-Encoding
via: 1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-id: jvyWSXb5a8d82Usg2VT_hYZ4lVxgDeqgaXFgneYoCTJnZEujzaUnqg==
x-amz-cf-pop: FRA60-P4
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H2 204 collect
region1.google-analytics.com/g/ 0
350 B 47ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-1X1EHQ3PFR&gtm=2oe830&_p=762459213&_z=ccd.v9B&cid=1462897485.1659974571&ul=en-us&sr=1600x1200&_s=1&sid=1659974571&sct=1&seg=0&dl=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&dt=VirusTotal%3A%20Threat%20Actors%20Mimic%20Legitimate%20Apps%2C%20Use%20Stolen%20Certs%20to%20Spread%20Malware&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pageType=article&ep.authorByline=nathan%20eddy&ep.publishDate=Aug%2002%2C%202022&ep.primaryCategory=vulnerabilities-threats&ep.pageId=bltae455f0c4d39218e&ep.adUnit=3834%2Fdarkreading.home%2Farticle%2Fvulnerabilities-threats&ep.sponsor=&ep.contentLabel=News&ep.secondaryTerms=application-security%2Cattacks-breaches%2Cendpoint&ep.gtmContainerId=scm%20-%20116&ep.primaryTermRealText=Vulnerabilities%2FThreats
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1X1EHQ3PFR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Aug 2022 16:02:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 305ms
98ms Image
image/gif 3.224.3.48
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=darkreading.com&p=%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&u=BI09FBD2xxOmB9NzyM&d=darkreading.com&g=53678&g0=vulnerabilities-threats&g1=nathan%20eddy&g4=article&n=1&f=00001&c=0&x=0&m=0&y=3953&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2079&t=Ciq9i-WgLLFDUbeZdCA_EGaB1dtqL&V=136&i=VirusTotal%3A%20Threat%20Actors%20Mimic%20Legitimate%20Apps%2C%20Use%20Stolen%20Certs%20to%20Spread%20Malware&tz=0&sn=1&sv=ChwZFY3SrEIBLo2xXDKW9JoBWBhcX&sd=1&im=067b2fff&_
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.3.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-3-48.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Aug 2022 16:02:51 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 50ms
20ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=762459213&t=pageview&_s=1&dl=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&dp=%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&ul=en-us&de=UTF-8&dt=VirusTotal%3A%20Threat%20Actors%20Mimic%20Legitimate%20Apps%2C%20Use%20Stolen%20Certs%20to%20Spread%20Malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDACEABRAAAAC~&jid=1308492675&gjid=153401661&cid=1462897485.1659974571&tid=UA-135180592-2&_gid=1385668578.1659974571&_r=1&gtm=2wg830T52Z3Z3&cg1=article&cg2=News&cg3=Vulnerabilities%2FThreats&cd1=article&cd2=nathan%20eddy&cd3=&cd4=News&cd5=Aug%2002%2C%202022&cd6=vulnerabilities-threats&cd9=application-security%2Cattacks-breaches%2Cendpoint&cd10=0&cd16=bltae455f0c4d39218e&cd17=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&cd18=3834%2Fdarkreading.home%2Farticle%2Fvulnerabilities-threats&cd20=vanguard%20-%20116&z=1051648673

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Aug 2022 16:02:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/2fd212f2/www-widgetapi.vflset/ 158 KB
51 KB 45ms
15ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/2fd212f2/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7641b6626459a876451588bb7b10ed335864a772059289d20d974d27da3edd14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 14:13:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6571
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52536
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 00:21:08 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 08 Aug 2023 14:13:20 GMT

POST
H2 200 js_pageviews_itcyber_darkreading Show response
eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/ 16 B
478 B 25ms
9ms Fetch
application/json 3.64.221.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/js_pageviews_itcyber_darkreading?modified=1659974571478

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.64.221.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-221-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

56587cffbb30e338497c9114f74803a530a713ebe374b69fcfa8551ad8dad1e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

X-TD-Write-Key: 100/bb9cbe21de3db7a5428506d7528e45b2c801a48c
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
X-TD-Fetch-Api: true
Content-Type: application/json

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST
p3p: CP="This is not a P3P policy! See https://docs.treasuredata.com/articles/p3p"
access-control-allow-origin: https://www.darkreading.com
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: Authorization, X-Requested-With, X-TD-Write-Key, X-TD-Fetch-Api, Content-Type
content-length: 16

OPTIONS
H2 204 js_pageviews_itcyber_darkreading
eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/ Frame 0
0 33ms
8ms Preflight 3.64.221.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/js_pageviews_itcyber_darkreading?modified=1659974571478

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.64.221.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-221-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-td-fetch-api,x-td-write-key
Access-Control-Request-Method: POST
Origin: https://www.darkreading.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, X-Requested-With, X-TD-Write-Key, X-TD-Fetch-Api, Content-Type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.darkreading.com
access-control-max-age: 7200
date: Mon, 08 Aug 2022 16:02:51 GMT
strict-transport-security: max-age=31536000

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2610568/ 147 B
322 B 104ms
35ms XHR
application/json 54.154.189.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2610568/visit-data?sv=6
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.189.229 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-189-229.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a82fc6cdeed37975df9de2eb175b204a15a04b4d7d7ac579a2beb538d18bbca9

Request headers

Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 08 Aug 2022 16:02:51 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
445 B 62ms
19ms XHR
text/plain 2a00:1450:400c:c09::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-135180592-2&cid=1462897485.1659974571&jid=1308492675&gjid=153401661&_gid=1385668578.1659974571&_u=aCDACEAARAAAAC~&z=1154764032

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 08 Aug 2022 16:02:51 GMT
content-type: text/plain
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 85ms
39ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-135180592-2&cid=1462897485.1659974571&jid=1308492675&_u=aCDACEAARAAAAC~&z=525942949

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Aug 2022 16:02:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 85ms
39ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-135180592-2&cid=1462897485.1659974571&jid=1308492675&_u=aCDACEAARAAAAC~&z=525942949

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Aug 2022 16:02:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-spa-1212.min.js Show response
js-agent.newrelic.com/ 44 KB
17 KB 135ms
6ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding: gzip
etag: "8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id: VG6YBKXNYMJ05RRS
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16636
x-amz-id-2: CN/OtP3A9z0ShcwSC84Dp2716OPSVqHtXjTa3tL4kDFfrY9FTweTMDz1ynWsKHz8NETzizCEpEw=
x-served-by: cache-fra19167-FRA
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1659974572.227271,VS0,VE0
date: Mon, 08 Aug 2022 16:02:52 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 427

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 128ms
27ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.darkreading.com

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 122ms
21ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.darkreading.com

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
13 KB 67ms
66ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=1&adks=3533079339&sfv=1-0-38&fsapi=false&prev_scp=pos%3Dwelcome_v%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572158&lmt=1659974572&dlt=1659974570463&idt=822&adxs=0&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=1600x3952&msz=0x0&fws=132&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

c9221ce509332cf9d8dc90f5469a8802fbc226a3f686761b5380a63e3b911fbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13298
x-xss-protection: 0
google-lineitem-id: 5970012169
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138400482234
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 9 KB
4 KB 68ms
67ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=2&adks=1271228514&sfv=1-0-38&ists=1&fsapi=false&prev_scp=pos%3Dwallpaper_v%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572162&lmt=1659974572&dlt=1659974570463&idt=822&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=1600x3952&msz=0x0&fws=132&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

fa66fdedf34a988802cec7d8edf2c91cd622f83ca280406947277cb1a0c5fd9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4310
x-xss-protection: 0
google-lineitem-id: 6052405391
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138390472472
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 454 B
274 B 75ms
74ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=3&adks=4254284387&sfv=1-0-38&ists=1&fsapi=false&prev_scp=pos%3Doop_v%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572163&lmt=1659974572&dlt=1659974570463&idt=822&adxs=0&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=1600x3952&msz=0x0&fws=132&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

37b12a46cc863aca31a64ed5010914343bc6f8f0f18fe8636583fe514e061b0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 244
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
271 B 74ms
74ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=4&adks=3146341140&sfv=1-0-38&fsapi=false&prev_scp=pos%3Dfloor_v%26gdpr_banner%3Don%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572165&lmt=1659974572&dlt=1659974570463&idt=822&adxs=0&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=1600x3952&msz=0x0&fws=132&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

5368f5e6377dada34ca87a24a8eece788c900942c19cb366bc6c2f702ea247d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 460 B
277 B 55ms
54ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=7x7&ifi=5&adks=1012153901&sfv=1-0-38&fsapi=false&prev_scp=pos%3Dadhesion_v%26gdpr_banner%3Don%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572167&lmt=1659974572&dlt=1659974570463&idt=822&adxs=0&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=1600x3952&msz=7x0&fws=132&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

9d49da3bbfb5169f3e0cafac64c8992b270783e441cb5696df6b8d82554f2a8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 119ms
61ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022080301&st=env

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6fa1160317b007261c626b2fc2ef97ab39baccbe4ed52844a284ef64f8ee4321

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10518
x-xss-protection: 0

GET container.html
c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8D2D 0
0

POST
H2 200 rum Show response
www.darkreading.com/cdn-cgi/ 0
212 B 15ms
14ms XHR
text/plain 2606:4700::6811:7963
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/cdn-cgi/rum?

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7963 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
tracestate: 3288925@nr=0-1-3288925-256687733-389397fdb70e9cb2----1659974572183
traceparent: 00-3cd4de1a73745a1fb803a38504cba6a0-389397fdb70e9cb2-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjMyODg5MjUiLCJhcCI6IjI1NjY4NzczMyIsImlkIjoiMzg5Mzk3ZmRiNzBlOWNiMiIsInRyIjoiM2NkNGRlMWE3Mzc0NWExZmI4MDNhMzg1MDRjYmE2YTAiLCJ0aSI6MTY1OTk3NDU3MjE4M319
content-type: application/json

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.darkreading.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 73797a9428cb9202-FRA
vary: Origin

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
13 KB 75ms
74ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=300x250%7C300x600&ifi=6&adks=982684991&sfv=1-0-38&fsapi=false&prev_scp=pos%3D300_1v_article%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572187&lmt=1659974572&dlt=1659974570463&idt=822&adxs=654&adys=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=300x0&msz=300x0&fws=4&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

fc42eb07ab9918792ae92a634b3a89e4d74b664965111815f3bee8ab24513a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12830
x-xss-protection: 0
google-lineitem-id: 6053314455
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138399540728
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 75ms
75ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=300x600%7C300x250%7C5x5&ifi=7&adks=3727799169&sfv=1-0-38&fsapi=false&prev_scp=pos%3D300_1v%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572191&lmt=1659974572&dlt=1659974570463&idt=822&adxs=988&adys=126&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=308x0&msz=300x0&fws=4&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

395d6e2e2945852e1f745e2e265565f9771c6a8c6bdc0f3c1197754fb203f2df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11672
x-xss-protection: 0
google-lineitem-id: 6052405391
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138356340571
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
13 KB 68ms
67ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=300x250%7C300x600&ifi=8&adks=546120096&sfv=1-0-38&fsapi=false&prev_scp=pos%3D300_2v%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572194&lmt=1659974572&dlt=1659974570463&idt=822&adxs=988&adys=126&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=308x0&msz=300x0&fws=4&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

755f35d45c7845b40db9d5a644c527150947cac6d1ef1c8623cffd9255e0cfc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12888
x-xss-protection: 0
google-lineitem-id: 6052405391
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138391030048
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 74ms
74ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=9&adks=2691689891&sfv=1-0-38&fsapi=false&prev_scp=pos%3Dvideo_v%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572197&lmt=1659974572&dlt=1659974570463&idt=822&adxs=308&adys=935&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=646x1824&msz=646x0&fws=4&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

f249d5dc3800877f42429c64f2351a94fa571d8b021547660db5f224991e0cf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10373
x-xss-protection: 0
google-lineitem-id: 5674929725
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138347225724
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
13 KB 85ms
84ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1123523422944293&correlator=2942852095739044&eid=31068745%2C31068785%2C42531605%2C21065725&output=ldjh&gdfp_req=1&vrg=2022080301&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Cvulnerabilities-threats&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=970x90%7C970x250%7C728x90&ifi=10&adks=4244912254&sfv=1-0-38&fsapi=false&prev_scp=pos%3D728_1v%26ptype%3Darticle%26pageid%3Dbltae455f0c4d39218e%26aid%3D919579%26reg%3Danonymous&sc=1&cookie_enabled=1&abxe=1&dt=1659974572201&lmt=1659974572&dlt=1659974570463&idt=822&adxs=315&adys=86&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&frm=20&vis=1&psz=984x0&msz=970x0&fws=4&ohw=1600&ga_vid=1462897485.1659974571&ga_sid=1659974572&ga_hid=762459213&ga_fc=true

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7da9ab6cb45d2f332a7afa9a9d0ea6af8da5fb9a6b050096a32d79dc6ca59073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13019
x-xss-protection: 0
google-lineitem-id: 6070513916
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138399288462
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK NRJS-4eee28fd5f21ed85217 Show response
bam.eu01.nr-data.net/1/ 49 B
1 KB 63ms
36ms Script
text/javascript 185.221.87.248
NEW-2

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/1/NRJS-4eee28fd5f21ed85217?a=256687733&sa=1&v=1212.e95d35c&t=Unnamed%20Transaction&rst=2882&ck=1&ref=https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&be=1534&fe=2740&dc=1848&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1659974569355,%22n%22:0,%22f%22:557,%22dn%22:557,%22dne%22:567,%22c%22:567,%22s%22:573,%22ce%22:587,%22rq%22:587,%22rp%22:1106,%22rpe%22:1199,%22dl%22:1108,%22di%22:1582,%22ds%22:1847,%22de%22:1848,%22dc%22:2735,%22l%22:2739,%22le%22:2822%7D,%22navigation%22:%7B%7D%7D&fp=1566&jsonp=NREUM.setToken
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.248 , Ireland, ASN206998 (NEW-2, IE),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 16:02:52 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 3
cross-origin-resource-policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Connection: keep-alive
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7u6eysc5hQHEnW9JXPDO18kJmT6dAWNRzh5k5lcqm%2B54ovFUOVf7sdHEpqL2jAIgw9ESqzF56dXn%2B1DsuHflwCgQyFvM6x0apFDt2pwdwMYJ%2FvIvmdf0RFRBV634VLVBnndP0vs"}],"group":"cf-nel","max_age":604800}
Content-Type: text/javascript
Access-Control-Allow-Origin: *
access-control-allow-credentials: true
CF-Ray: 73797a94ae01bb3d-FRA

GET
H2 200 10641930786518885399
tpc.googlesyndication.com/simgad/ 159 KB
160 KB 83ms
17ms Image
image/jpeg 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10641930786518885399?

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40e3c49bbaac9950f6c20a4cdc4a97a593dca4859b1cd660ca844573cc422ad9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 13:01:37 GMT
x-content-type-options: nosniff
age: 356475
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 163200
x-xss-protection: 0
last-modified: Tue, 03 May 2022 14:13:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 04 Aug 2023 13:01:37 GMT

GET
DATA 200
OK truncated
/ 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2809c87a8b44021ec6fa7f0fb3b9be530446188be0e993b3d72f0cfef95f1776

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ 0
29 B 50ms
49ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTonfIwaPtPpOHkFgrE1Qg3c0Yw4QCXZEHen7YP7_3emkgqxGuLjzoxH6wXkz9V9KZyEqe2bXM6ohkCK_3Vh_052xnOaljvdj2suZw041sWKtocggmFfinklHK-v88iJClNGF8JsQkFpoWg3klWmD6kWLbHOq0Hh3Pw8fqr9YcBTKtGSde0KGqUXv1CkpqZOZotUM3Kx45PLaGoFyGEu2fyQlWzgKfklDaorgVZvmRQYuFyh680K_wX919eArzIQybUCcNLRmvrwu1YYuZE022xEDbvVkwGA98F1nw6Qi-BCagn1xH2NHPiXlQ5wORNiQ3DRjha-qid6CYbvIODYNlo1085Y86V7p-dEnT1vhVC0k3ZPahn0HXRW5k&sai=AMfl-YRvdJDUAwopkzih2qQpdjHW_fB3CW3cylQe-fO1PTeQXgl62grW2u16dXL58bjH011fOH2iEH91jf92aYzhFyMYVL1tp6KfCz-VL8kQ-dHvWVBjWJeJgFYXemlj4qCUfi0&sig=Cg0ArKJSzGmQLN-Bw9CEEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Aug 2022 16:02:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 08 Aug 2022 16:02:52 GMT

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
32 KB 49ms
15ms Script
application/javascript 34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?87
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 15:33:45 GMT
age: 1747
x-guploader-uploadid: ADPycdsQ-ZiRpGb3swUjGM97nGTyFL92ELTzVh68QCvMC9YhHK-gReZs3WqiXL1ZF72KdliMJLI97dqfkKcQNO7yZrvPtg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32025
last-modified: Mon, 04 Apr 2022 15:43:44 GMT
server: UploadServer
cache-control: public,max-age=3600
etag: "25b1f355dd487bdf5381a749056080c4"
x-goog-hash: crc32c=dPpbog==, md5=JbHzVd1Ie99TgadJBWCAxA==
x-goog-generation: 1649087024620619
cache-id: AMS-cba56054
x-cache-hit: hit
x-goog-stored-content-length: 32025
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 83ms
61ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Aug 2022 16:02:52 GMT

POST
H/1.1 200
OK NRJS-4eee28fd5f21ed85217 Show response
bam.eu01.nr-data.net/events/1/ 24 B
871 B 34ms
34ms XHR
image/gif 185.221.87.248
NEW-2

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/events/1/NRJS-4eee28fd5f21ed85217?a=256687733&sa=1&v=1212.e95d35c&t=Unnamed%20Transaction&rst=2980&ck=1&ref=https://www.darkreading.com/vulnerabilities-threats/virustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.248 , Ireland, ASN206998 (NEW-2, IE),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: text/plain

Response headers

Date: Mon, 08 Aug 2022 16:02:52 GMT
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.darkreading.com
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bz1ryJv72YaeqEw6etMPJ%2BHwZtYtwStqJubyVyDYo4Mk%2BxFt5uGs7dTVMr4Aewock9avbvwnq4Xo1TK46lFYpKGgq4gGfWKX1FyIR2kUUQKEOw6JabzvuwTeQ%2BmDS1alK97M9Sx"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
Connection: keep-alive
CF-Ray: 73797a951eb7bb3d-FRA
Content-Length: 24

GET
H3 200 utsync.ashx Show response
ml314.com/ 62 B
81 B 70ms
39ms Script
application/javascript 34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=62439&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fvirustotal-threat-actors-mimic-legitimate-apps-use-stolen-certs-to-spread-malware&pv=1659974572343_tyxkncj0l&bl=en-us&cb=6020045&return=&ht=&d=&dc=&si=1659974572343_tyxkncj0l&cid=&s=1600x1200&rp=&v=2.5.1.2
Requested by: Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Aug 2022 16:02:52 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62
expires: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DC64 13 KB
5 KB 43ms
13ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.darkreading.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 122
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Aug 2022 16:00:50 GMT
expires: Tue, 08 Aug 2023 16:00:50 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9A44 783 B
534 B 53ms
23ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: beta.darkreading.com
URL: https://beta.darkreading.com/js/newrelic-browser.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3059b0fe528bffdc40b30967c40bde2d48846506c14cd3a8cd1b9ca60248c77f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3YrcraEc5l0bjfs0C9PJ-Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.darkreading.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-3YrcraEc5l0bjfs0C9PJ-Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Aug 2022 16:02:52 GMT
expires: Mon, 08 Aug 2022 16:02:52 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 jjp8A9boDrBmSAr_yfbeEM1ThbAhpFVxRN30ZpHEy3Q.js Show response
pagead2.googlesyndication.com/bg/ Frame DC64 36 KB
14 KB 64ms
14ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jjp8A9boDrBmSAr_yfbeEM1ThbAhpFVxRN30ZpHEy3Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e3a7c03d6e80eb066480affc9f6de10cd5385b021a4557144ddf46691c4cb74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 05:17:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14162
x-xss-protection: 0
last-modified: Fri, 29 Jul 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 08 Aug 2023 05:17:13 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9A44 0
0 92ms
48ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022080301&jk=1123523422944293&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DC64 0
9 B 13ms
13ms Image
text/plain 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?V0kikg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:02:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 50ms
50ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022080301&jk=1123523422944293&bg=!29il2JzNAAZGjrx1Zo47ACkAdvg8Wiyg4cYDXAWieyQ3iZ5c2Rvy_T4NufRqGHX6BYUMYdaNhYup1QIAAABOUgAAAAJoAQcKAKdDnml7Ow2pJrZ63ZfzmVtWt0zk72CCw86uZK0zdmYq4yTOw-aVnrpP4Eclcn7GTlSlDnDKXxKT2Or5SmLzjk43uniHl4cZf_LHTmC9SGqMpBelobaqMR5y3aUKhD9cTnGyNAwEVrliP34TLz_mGo_awiOXXne3VoN4xpqcWZRwOZXqzlCn8oHaxhkib7XMa6CQxhjVF3YwQkii8ASnAPlSqNQBvGj80JkCx8-gerW07Cs4xNKlFJz0zxCqO4jO4KMA_UgfbB45rAcD3thgcK5bikeqmuUX0R8E-HZZHOaLpJn2x_kKy1mZaXi2zXPo0OrwINl7_s_eNiC0XKcLVZ3cN2uocpx3Qx-H_47gg7mrMPLdFmBFgAPBOxLMLxiHyv_kDCOnuqW1J9iimtbz-aKHlnsRk6RShdeozpizgyJA5rb5P4eYUgMhxqvLrAkw-xQ0kBbRbWCc-7M43qyOW5xpfQga8aZELR733xsgsgHhtnBIDQiHB4xlv5CCi41i7x2Vqxy3yr1JqnfyvmRaCDVoEpjB6x0wpY7jzmxi-Nfxsfy0VZg5WPYv5R2S7BMhPIP6KHEtGxK1Wh-9pSKQbK1vifv2G5joB7IUcxHP8hQQeXgbI_uT8S5rLQH8miHEmvpfxdGQTCed_16mn5rtpGeNTDkhfROTAFk_I9-6VZTiLhICdkGG_vEpn6_rxZhz0eYul5U5QapVmwExtpTYY0RbOKh0_8RemYK-Gmh01cSW1bGODjgRDphcwYmkRAZo-71xoi6nKxBQDf8gzDanb_XVUgPIOR3lriNy8uXi-LO5kOzVc4CFUQd6C9-zCEc90xlThzIifzJZJPSy_ZjMhDgbbwU87EOYKJmzhekDoO_tdQfdK_552usGbRlBU75OND2li9_I5Wk39OrGri4VwMxiOPt0LyVIUDPXf0YVe13s8cSaNiUmrBIHf0vX3_1UVXkPlxg_mNvmryzlJpW2DU6yO1rrTJdr0ZSu8iloTbKBFtbIXB81ky4OvgULot-KQ6zqfiBKQzFqV-umYpck_S3pNmtGzykboO3QJ8_zie3VbMKpUH-hFECX7c9hB58YqI6Hm8tk4Z3GTQGv9cIfMseqLRMriw_K_ak-acmARD_zGaRP1NK_1UZqYdIIwIHsBZHEma_Tku5i2CggNFME-1-G7g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com
URL: https://c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.darkreading.com/	1970-01-20 07:15:50	Name: _gcl_au Value: 1.1.94095757.1659974571
.darkreading.com/	1969-12-31 23:59:59	Name: __Secure-next-auth.callback-url Value: https%3A%2F%2Fwww.darkreading.com
.darkreading.com/	1970-01-20 05:06:16	Name: _sp_ses.94c4 Value: *
.darkreading.com/	1970-01-20 14:42:14	Name: _sp_id.94c4 Value: c2df39fd-469e-4372-a017-726def6cf17d.1659974571.1.1659974571.1659974571.1109471d-e4b6-442f-872d-08d6535d0c62
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: mq09EZqWgV0
.youtube.com/	1970-01-20 09:25:26	Name: VISITOR_INFO1_LIVE Value: LoRnKxd1CZE
.darkreading.com/	1970-01-20 14:42:14	Name: _ga_1X1EHQ3PFR Value: GS1.1.1659974571.1.0.1659974571.0
.darkreading.com/	1970-01-20 14:35:02	Name: _cb Value: BI09FBD2xxOmB9NzyM
.darkreading.com/	1970-01-20 14:35:02	Name: _chartbeat2 Value: .1659974571425.1659974571425.1.ChwZFY3SrEIBLo2xXDKW9JoBWBhcX.1
.darkreading.com/	1970-01-20 05:06:16	Name: _cb_svref Value: null
.darkreading.com/	1970-01-20 14:42:14	Name: _ga Value: GA1.2.1462897485.1659974571
.darkreading.com/	1970-01-20 05:07:40	Name: _gid Value: GA1.2.1385668578.1659974571
.darkreading.com/	1970-01-20 05:06:14	Name: _gat_UA-135180592-2 Value: 1
.darkreading.com/	1970-01-20 14:42:14	Name: __td_signed Value: true
.darkreading.com/	1970-01-20 14:42:14	Name: _td Value: 69a0445d-83a2-4547-907a-5d0c8950f39d
.darkreading.com/	1970-01-20 13:51:50	Name: _hjSessionUser_2610568 Value: eyJpZCI6IjEzZDU1ZjRlLWRhODItNTk3Mi04NDc5LTM5YzYxYTExM2I0MSIsImNyZWF0ZWQiOjE2NTk5NzQ1NzEzODEsImV4aXN0aW5nIjpmYWxzZX0=
.darkreading.com/	1970-01-20 05:06:16	Name: _hjFirstSeen Value: 1
www.darkreading.com/	1970-01-20 05:06:14	Name: _hjIncludedInSessionSample Value: 0
.darkreading.com/	1970-01-20 05:06:16	Name: _hjSession_2610568 Value: eyJpZCI6ImQ0MWY2YmExLTM1OGYtNGI1OC1hM2UzLThhNWRkNDI1Mjc0YiIsImNyZWF0ZWQiOjE2NTk5NzQ1NzE0ODIsImluU2FtcGxlIjpmYWxzZX0=
www.darkreading.com/	1970-01-20 05:06:14	Name: _hjIncludedInPageviewSample Value: 1
.darkreading.com/	1970-01-20 05:06:16	Name: _hjAbsoluteSessionInProgress Value: 0
.in.treasuredata.com/	1970-01-20 14:42:14	Name: _td_global Value: cf6fc7aa-eb2f-442f-a3d6-fa4d13853b69
www.darkreading.com/	1969-12-31 23:59:59	Name: __Host-next-auth.csrf-token Value: f6153310628fcf5b09da978a8049bc703f92a0acfe53fbdbaf3d6110f72c3661%7C139c6f9dc30b127cd49d3d08e625c5d8eebd6378cd04603b758b303c95624e8a
.darkreading.com/	1970-01-20 13:51:50	Name: sp Value: a4fe6d6e-cdf6-4881-87fa-f295a64a54dc
.darkreading.com/	1970-01-20 14:36:28	Name: ELOQUA Value: GUID=6F026729E8F443F8834DB1B41E7E5A1C
www.darkreading.com/	1970-01-20 13:51:50	Name: informa_gdpr_cookie Value: 1
.darkreading.com/	1970-01-20 14:27:50	Name: __gads Value: ID=5768b4435b8261e4-225e905fe9cd001a:T=1659974572:S=ALNI_MZEE5tWDnu8dkrU4jjqHKHXVK4G_A
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: a2dc392a0afd172e
.doubleclick.net/	1970-01-20 14:27:50	Name: IDE Value: AHWqTUkI9D6WXoZXjUNIC9WW9wC7DKscMf_20HcNefvt5jTkJFhM2KA17MYPMswm5Ao

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6600d6d98e534115970f9529a45f3195.js.ubembed.com
adservice.google.com
adservice.google.de
assets.ubembed.com
assets.zephr.com
bam.eu01.nr-data.net
beta.darkreading.com
c.darkreading.com
c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com
cdn.treasuredata.com
cdnjs.cloudflare.com
code.jquery.com
eu-images.contentstack.com
eu01.in.treasuredata.com
fonts.gstatic.com
ift.tt
img.en25.com
in.hotjar.com
informa-dark-reading.preview.zephr.com
js-agent.newrelic.com
ml314.com
pagead2.googlesyndication.com
ping.chartbeat.net
region1.google-analytics.com
s.dpmsrv.com
script.hotjar.com
securepubads.g.doubleclick.net
stackpath.bootstrapcdn.com
static.chartbeat.com
static.cloudflareinsights.com
static.hotjar.com
static.iris.informa.com
stats.g.doubleclick.net
tpc.googlesyndication.com
trk.darkreading.com
vars.hotjar.com
www.darkreading.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.youtube.com
c2ba8d94ca85a8fdeb4157d6b66156d7.safeframe.googlesyndication.com
108.138.17.119
13.32.99.103
13.32.99.16
13.32.99.33
142.0.173.15
142.250.186.162
151.101.193.131
151.101.66.137
151.101.66.217
18.66.112.14
18.66.139.40
18.66.139.47
18.66.97.53
185.221.87.248
2001:4860:4802:34::36
2001:4de0:ac18::1:a:2b
2600:9000:223c:b800:18:1fcd:351:7bc1
2606:4700:440e::6812:2fe6
2606:4700::6811:180e
2606:4700::6811:7863
2606:4700::6811:7963
2606:4700::6812:acf
2a00:1450:4001:801::2003
2a00:1450:4001:806::200e
2a00:1450:4001:809::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2001
2a00:1450:4001:811::2002
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:400c:c09::9a
3.224.3.48
3.64.221.57
34.111.234.236
52.222.236.74
54.154.189.229
54.87.186.214
96.16.149.96
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0a6c3d599df1f9652eaead106ccaf3af4eed8645fe10b0791499f8826c4febd7
0ac5442585942acb8da8f6fd1e2ef864b68a552686c83484c0044772d6a3ec77
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0e153b77b7b590360c91df38e894d46fd6061ce57cc0bbbc09f4c408a66bd0c7
1813980c6380c04ed03acf13c8c9589024fa19202df34f668bb058fab3e251c4
1d2a09a3afcca5fbef5ffa5a5fdd63673e83af9c6f4939541f46366b6adc806e
1dcc17de6c7a4aa95a465d7fbb436e3f4c412dad3aa183fde03fa32f9178c3ca
262f87d47643975a4633b675fc224c7a178d99e579e5d767f4a43ca7cc0bb9de
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2809c87a8b44021ec6fa7f0fb3b9be530446188be0e993b3d72f0cfef95f1776
293c780b3a79b98415e3b7e1f91d1f08510bfc18e5ab3bbe5fc99676d3c4f024
2c947fb257287976cf7cd15cd2a488c1cc4093a5c5ff2a40a56ba9a7c9e07c08
300706e57de1a7af148bd670379c4b39bb36dda8160e42d92747a3139af37816
3059b0fe528bffdc40b30967c40bde2d48846506c14cd3a8cd1b9ca60248c77f
308fc9d5cf66d03a8ef69fe2da22426277712da9e2cbd5d60dd9705c97ad4814
31778d7d5cdf674cb88174d58247acb84fc97239ee406994a646c5d3d0b8cb64
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
37b12a46cc863aca31a64ed5010914343bc6f8f0f18fe8636583fe514e061b0d
395d6e2e2945852e1f745e2e265565f9771c6a8c6bdc0f3c1197754fb203f2df
3b534eeaf216d2e54730d1c9bb15344f4b78712e6c781d31555585c51651e989
403e89bf468c203d1f4887cbc4ab12878370cbade342b65d30c36a38d60894ee
40e3c49bbaac9950f6c20a4cdc4a97a593dca4859b1cd660ca844573cc422ad9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47cb96b05d896668a55f58a1a352f71a53fe50b1ab85a9920e8da3cbe3e20a23
487ce65aa041f02e14b5d1dd4874bfbe69dd1ae2e784cea5487e0e566ec9c4a5
490043c9bbb1dfd407a63552da09513e01495037395d659180f78a67f7b39ccf
4f381ccb6f965e2011700b253aa446e84060a338cc416055eabca3b62fa35435
5368f5e6377dada34ca87a24a8eece788c900942c19cb366bc6c2f702ea247d0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56587cffbb30e338497c9114f74803a530a713ebe374b69fcfa8551ad8dad1e9
5984eac0c5c6d947241e29dd5671b81a1546cedf77e08d38438ac47029969afa
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5b354a3347809c7bbf3e19bcbcc4e721b24e70c558115ae19901a02ab2856870
5e14573ba9dd1cb9df5d3676c134f794ff4ff4629365e005b3c1dd79d3457870
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6fa1160317b007261c626b2fc2ef97ab39baccbe4ed52844a284ef64f8ee4321
70ed3cea0f6235d66dbc4a6ed3932bc3a95c19b306479a9609db9839312bb0b4
74f5dbfff8c31d8876ddeb224b893ab65552f596b25b3577cf6d6f519c9e8ac9
755f35d45c7845b40db9d5a644c527150947cac6d1ef1c8623cffd9255e0cfc9
757c66837cfbe8c2533e8c41099d8e50b20f83fbf84ead6a6d7435dcc2ad0884
75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9
7641b6626459a876451588bb7b10ed335864a772059289d20d974d27da3edd14
76afb6d60cc897afee2432deba698cec096252516b5706b6a9a76dd1ae3f5d1d
78916daf46a47129f0fed3287e980faa6403d4ce0801c6448eff5ade12f6f1d0
7a9c5310db328d2bdce5978fce03e8bbba211fa60e274261888e7abfc92e183b
7da9ab6cb45d2f332a7afa9a9d0ea6af8da5fb9a6b050096a32d79dc6ca59073
8028c67a8d75e527561d4fb6fecbba6993ff48645f0b57d5033809e558e59d13
809bfb85f0fe84db235d48e159f6eb86b6ebf69ac613c61d66e7c2aebb868398
84978f05058d591d3cadc3f61527f30dfcef5ada102582c1a85674a3fdb689e2
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86646baf6689e8941f4bfd0619eefc77c58b85e7f54dd83d84c8d834a410c4a0
8a36e7301f4fc3c8b896b940a96dc828f21894e98e92eea3118caa7a1dba2ae6
8b0e0e1532b550e4aa75788c0be84dea157a9e3342eb01e2d5f037cdf638521d
8b30f33afeec62f5aef6d6e927c450c42ed04fa92264342f9a3cf361e3171d16
8c99565562824219eadf0a860cd9da35ac1d48410d3e65d467968c5af4fb4f62
8ced09284a1c4ae88949d807100d854ae5afebca35c07dc3d792c937ddbdc472
8d4f9a24b30a47c538face82103ae43eaabfd5bdda77480caf5e0b0132b925f1
8e3a7c03d6e80eb066480affc9f6de10cd5385b021a4557144ddf46691c4cb74
958136771bc42c0cbea29f08be65260d0b8b63020d9f41039261fbf26a0cc942
9d49da3bbfb5169f3e0cafac64c8992b270783e441cb5696df6b8d82554f2a8a
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a82fc6cdeed37975df9de2eb175b204a15a04b4d7d7ac579a2beb538d18bbca9
aa329d3b29e8f762376ea2cab848dd2f7fce3f4830763b99bf36f0780df87443
ab36b8356d4b7e3e3591b161427e6fb18512a2ccc8a787f8cc03294cf2f30478
b318b179b35ca92c87626801798f3bce3864172926ae10288f0460a53f30177c
b8ea26b655664c090e9458919e81401c39f87d2e8a675663b1da92351840f067
c5a9089a3b365522f800aa944a12896919d999c378f9d15d1c1d0c7dace304ff
c9221ce509332cf9d8dc90f5469a8802fbc226a3f686761b5380a63e3b911fbf
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfcdb31470827837b2f4fb43052ab8d0ad443ac400aea801a0e40e426189916c
cfd4f754e134eb42e45e6bf5e41d05516b5ad6465deb4ca63ac77ffa58292b1f
d44c3403ac31b08a81867bcfdb18981cd3a3e8e42356cf64dd68bead051b64b4
d6f327e8f217c193d4139ec967dd138dde3958395b06a4e4cd8e346faa27dedc
d98f3c146304d61e34da5e04cb32b628c58b401b7c01576d6c47f8f1ca6bea02
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
de06fea245b0036d21764fcf2b9a4791c0a0f1e927e3916c7d779cb44a1977bd
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e34be9443c0ab7eb569e14bc5af571e06d760368b659a0a3a417ff743f785e
e5a1598944cdacee0760775794bff19417c31947033f3b013af8b6ceac45875c
e92729fd9e4cb8b66389dda5ef5ba579f750f3a117c11a3e181350e930f8188c
e939e2ae6c313815d2659824e4404c365cdd43fec5a91243dc9dc6397a6904ee
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd32b56063c7e59e9c55d70b839d8de8da87ebadd6647b64fe087f7281932a9
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f249d5dc3800877f42429c64f2351a94fa571d8b021547660db5f224991e0cf2
f3e24d795b082a4439815f85eb8492536f32471869b482f1c4e4754c6fb5261b
f3e465e09932db45951f460bf7a0f43246d23e90ac1c593f0de7f3e3c03f3d03
f7d647330ef8b48d3f3c4474cae466809967e6b17c95ff9a0ce4ba90679daf2c
f8f56a12e38109ef29bb878c56b13963bdc33d48e7deed8a788a24fe0171d9cb
fa66fdedf34a988802cec7d8edf2c91cd622f83ca280406947277cb1a0c5fd9f
fb657972079f36258237fd79c9b7cf160c82943f31fe5ff1b0e10be49e27be5b
fc42eb07ab9918792ae92a634b3a89e4d74b664965111815f3bee8ab24513a59
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

www.darkreading.com Open in urlscan Pro 2606:4700::6811:7963 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

109 Requests

98 %HTTPS

49 %IPv6

28 Domains

43 Subdomains

41 IPs

5 Countries

1797 kBTransfer

5484 kBSize

29 Cookies

1 Outgoing links

Page URL History

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.darkreading.com Open in urlscan Pro
2606:4700::6811:7963 Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

98 %
HTTPS

49 %
IPv6

28
Domains

43
Subdomains

41
IPs

5
Countries

1797 kB
Transfer

5484 kB
Size

29
Cookies

109 HTTP transactions
3 data transactions