securityboulevard.com Open in urlscan Pro
2606:4700:10::6816:39c Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Submission: On July 08 via api (July 8th 2024, 1:54:04 pm UTC) from US — Scanned from DE

Summary HTTP 188 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 50 IPs in 5 countries across 35 domains to perform 188 HTTP transactions. The main IP is 2606:4700:10::6816:39c, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityboulevard.com. The Cisco Umbrella rank of the primary domain is 775967.
TLS certificate: Issued by WE1 on June 12th 2024. Valid for: 3 months.

This is the only time securityboulevard.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
68	2606:4700:10:... 2606:4700:10::6816:39c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
3	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2606:4700:10:... 2606:4700:10::6816:fef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.192.238 151.101.192.238	54113 (FASTLY) (FASTLY)
1	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	172.67.198.8 172.67.198.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	162.159.138.60 162.159.138.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2620:1ec:bdf::60 2620:1ec:bdf::60	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::ac43:29b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.166.151.77 54.166.151.77	14618 (AMAZON-AES) (AMAZON-AES)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
2	142.250.184.200 142.250.184.200	15169 (GOOGLE) (GOOGLE)
2	34.107.133.146 34.107.133.146	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	142.250.186.132 142.250.186.132	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
3	23.96.124.156 23.96.124.156	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700:10:... 2606:4700:10::6816:ca	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.16.160.145 104.16.160.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.142.119 104.18.142.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
10	172.67.39.148 172.67.39.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2	142.250.184.238 142.250.184.238	15169 (GOOGLE) (GOOGLE)
1 3	13.74.129.1 13.74.129.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.239.32.36 216.239.32.36	15169 (GOOGLE) (GOOGLE)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
3	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
3	199.232.196.64 199.232.196.64	54113 (FASTLY) (FASTLY)
1	216.58.206.67 216.58.206.67	15169 (GOOGLE) (GOOGLE)
4	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
188	50

68 2606:4700:10::6816:39c (United States)

ASN13335 (CLOUDFLARENET, US)

securityboulevard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:10::6816:fef (United States)

ASN13335 (CLOUDFLARENET, US)

cloudnativenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.192.238 (San Francisco, United States)

ASN54113 (FASTLY, US)

images.squarespace-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.198.8 (United States)

ASN13335 (CLOUDFLARENET, US)

techstronggroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)

vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::60 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:29b (United States)

ASN13335 (CLOUDFLARENET, US)

assets.apollo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.166.151.77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-151-77.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.133.146 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 146.133.107.34.bc.googleusercontent.com

aplo-evnt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.96.124.156 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

w.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:ca (United States)

ASN13335 (CLOUDFLARENET, US)

www.podbean.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.160.145 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.67.39.148 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.74.129.1 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

security-boulevard-1.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.64.134 (San Francisco, United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.64 (United States)

ASN54113 (FASTLY, US)

tempest.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.67 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.44 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	securityboulevard.com securityboulevard.com — Cisco Umbrella Rank: 775967	883 KB
14	disqus.com security-boulevard-1.disqus.com disqus.com — Cisco Umbrella Rank: 1707 tempest.services.disqus.com — Cisco Umbrella Rank: 12687 referrer.disqus.com — Cisco Umbrella Rank: 7373	58 KB
10	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 6056	34 KB
9	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3576 www.google.com — Cisco Umbrella Rank: 10 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 641	127 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1094 w.clarity.ms — Cisco Umbrella Rank: 9790 c.clarity.ms — Cisco Umbrella Rank: 1823	28 KB
6	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 5543 onesignal.com — Cisco Umbrella Rank: 1425 img.onesignal.com — Cisco Umbrella Rank: 8342	97 KB
6	cloudnativenow.com cloudnativenow.com	556 KB
5	gstatic.com fonts.gstatic.com	247 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 110	504 KB
4	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1193	253 KB
4	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 208 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 279	146 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 671 px4.ads.linkedin.com — Cisco Umbrella Rank: 7218	3 KB
4	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 157	250 KB
4	ml314.com ml314.com — Cisco Umbrella Rank: 3182 in.ml314.com — Cisco Umbrella Rank: 18557	75 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 102 region1.google-analytics.com — Cisco Umbrella Rank: 2949	21 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 9401 forms-na1.hsforms.com — Cisco Umbrella Rank: 15203	4 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6500	189 B
3	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 3539 0.gravatar.com — Cisco Umbrella Rank: 14357	7 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 108 ajax.googleapis.com — Cisco Umbrella Rank: 607	39 KB
2	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1906	28 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 331	4 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 4475 pixel.wp.com — Cisco Umbrella Rank: 4143	3 KB
2	podbean.com www.podbean.com — Cisco Umbrella Rank: 122500
2	aplo-evnt.com aplo-evnt.com — Cisco Umbrella Rank: 105425
2	vimeo.com vimeo.com — Cisco Umbrella Rank: 3110
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 379	773 B
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 128	5 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 346	31 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 14635	156 KB
1	apollo.io assets.apollo.io — Cisco Umbrella Rank: 101458	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1900	14 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1204	7 KB
1	techstronggroup.com techstronggroup.com	3 KB
1	dmca.com www.dmca.com — Cisco Umbrella Rank: 151435	7 KB
1	squarespace-cdn.com images.squarespace-cdn.com — Cisco Umbrella Rank: 8253	27 KB
188	35

	Domain	Requested by
68	securityboulevard.com	securityboulevard.com static.cloudflareinsights.com
10	static.addtoany.com	securityboulevard.com static.addtoany.com
6	cloudnativenow.com	securityboulevard.com
5	referrer.disqus.com
5	fonts.gstatic.com	fonts.googleapis.com securityboulevard.com
5	www.googletagmanager.com	securityboulevard.com www.googletagmanager.com www.google-analytics.com
4	cdn.taboola.com	securityboulevard.com cdn.taboola.com
4	security-boulevard-1.disqus.com	securityboulevard.com security-boulevard-1.disqus.com
4	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
4	pagead2.googlesyndication.com	www.googletagmanager.com pagead2.googlesyndication.com securityboulevard.com
3	onesignal.com	cdn.onesignal.com
3	tempest.services.disqus.com	security-boulevard-1.disqus.com
3	c.clarity.ms	1 redirects www.clarity.ms
3	w.clarity.ms	www.clarity.ms
3	www.google.de	securityboulevard.com
3	region1.analytics.google.com	www.googletagmanager.com
3	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	ml314.com	securityboulevard.com ml314.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	disqus.com	security-boulevard-1.disqus.com
2	forms-na1.hsforms.com
2	platform.twitter.com	securityboulevard.com platform.twitter.com
2	cdnjs.cloudflare.com	securityboulevard.com ajax.googleapis.com
2	cdn.onesignal.com	securityboulevard.com cdn.onesignal.com
2	www.podbean.com	securityboulevard.com ajax.googleapis.com
2	www.google.com	securityboulevard.com
2	aplo-evnt.com	assets.apollo.io
2	www.clarity.ms	securityboulevard.com www.clarity.ms
2	vimeo.com	securityboulevard.com ajax.googleapis.com
2	secure.gravatar.com	securityboulevard.com
2	fonts.googleapis.com	securityboulevard.com
1	img.onesignal.com
1	0.gravatar.com	secure.gravatar.com
1	pixel.wp.com
1	forms.hsforms.com	js.hsforms.net
1	securepubads.g.doubleclick.net	www.googletagservices.com
1	c.bing.com	1 redirects
1	lh3.googleusercontent.com	securityboulevard.com
1	ajax.googleapis.com	securityboulevard.com
1	www.googletagservices.com	securityboulevard.com
1	js.hsforms.net	securityboulevard.com
1	stats.wp.com	securityboulevard.com
1	region1.google-analytics.com	www.googletagmanager.com
1	px4.ads.linkedin.com	securityboulevard.com
1	in.ml314.com	ml314.com
1	assets.apollo.io	securityboulevard.com
1	snap.licdn.com	www.googletagmanager.com
1	static.cloudflareinsights.com	securityboulevard.com
1	techstronggroup.com	securityboulevard.com
1	www.dmca.com	securityboulevard.com
1	images.squarespace-cdn.com	securityboulevard.com
188	52

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
www.facebook.com
www.youtube.com
soundcloud.com
news.google.com
www.mediaopsevents.com
www.techstrongpodcasts.com
www.twitch.tv
techstronggroup.com
cloudnativenow.com
devops.com
techstrongresearch.com
techstrong.tv
devopsdozen.com
www.addtoany.com
tuxcare.com
thehackernews.com
securityaffairs.com
www.techstrongevents.com
webinars.techstronglearning.com
activestate.podbean.com
www.surveymonkey.com
techstrongpodcasts.com
wordpress-1231734-4551572.cloudwaysapps.com
digitalanarchist.com
www.dmca.com
digitalcxo.com
www.techstrongtvpodcast.com

Subject Issuer	Validity	Valid
securityboulevard.com WE1	`2024-06-12` - `2024-09-10`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
cloudnativenow.com GTS CA 1P5	`2024-05-31` - `2024-08-29`	3 months	crt.sh
*.squarespace-cdn.com R3	`2024-05-30` - `2024-08-28`	3 months	crt.sh
www.dmca.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-14` - `2024-10-14`	6 months	crt.sh
techstronggroup.com Cloudflare Inc ECC CA-3	`2023-08-25` - `2024-08-24`	a year	crt.sh
cloudflareinsights.com WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
vimeo.com Cloudflare Inc ECC CA-3	`2023-08-23` - `2024-08-21`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-06-23` - `2024-09-21`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
apollo.io E6	`2024-07-04` - `2024-10-02`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2023-10-16` - `2024-11-12`	a year	crt.sh
*.google.de WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
aplo-evnt.com R10	`2024-06-08` - `2024-09-06`	3 months	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
podbean.com WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
onesignal.com GTS CA 1P5	`2024-05-31` - `2024-08-29`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
hsforms.net WE1	`2024-06-13` - `2024-09-11`	3 months	crt.sh
static.addtoany.com E5	`2024-06-21` - `2024-09-19`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
hsforms.com WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2024-04-16` - `2025-04-16`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
c.msn.com Microsoft Azure RSA TLS Issuing CA 04	`2024-05-21` - `2025-05-16`	a year	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2024 Q2	`2024-06-10` - `2025-07-12`	a year	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-22`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Frame ID: 306F8872EA6E3B555E9F5ABBED7FC96C
Requests: 174 HTTP requests in this frame

Frame: https://vimeo.com/event/4046309/embed?muted=1
Frame ID: 10342C1D1218791DA7D179ED69627E96
Requests: 1 HTTP requests in this frame

Frame: https://www.podbean.com/player-v2/?i=aw5u6-1119a75-pbblog-playlist&pbad=0&share=1&download=0&rtl=0&fonts=Arial&skin=1&font-color=auto&logo_link=episode_page&order=episodic&limit=10&filter=all&ss=a713390a017602015775e868a2cf26b0&btn-skin=1b1b1b&size=250
Frame ID: F5CF55F5FA492D98DA31104CB9D4AF23
Requests: 1 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: 962B86B7F82BD2E79D981F984135C54F
Requests: 1 HTTP requests in this frame

Frame: https://vimeo.com/event/4046309/embed?muted=1
Frame ID: 2693B8EBCC1AFD84148938DE6402BD31
Requests: 1 HTTP requests in this frame

Frame: https://www.podbean.com/player-v2/?i=aw5u6-1119a75-pbblog-playlist&pbad=0&share=1&download=0&rtl=0&fonts=Arial&skin=1&font-color=auto&logo_link=episode_page&order=episodic&limit=10&filter=all&ss=a713390a017602015775e868a2cf26b0&btn-skin=1b1b1b&size=250
Frame ID: 12842C8C0CA7B1E4654C1CD3169CA425
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=security-boulevard-1&t_i=2023467%20https%3A%2F%2Ftuxcare.com%2F%3Fp%3D18196&t_u=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&t_e=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration&t_d=%0AFickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20&t_t=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration&s_o=default
Frame ID: CC67948CE3F29B02ED1432D7D3F37497
Requests: 1 HTTP requests in this frame

Frame: https://tempest.services.disqus.com/ads-iframe/taboola/?position=top&shortname=security-boulevard-1&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%236190bb&colorScheme=light&sourceUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&disqus_version=current
Frame ID: E828F25D86C1A9C919E5CF2DCE5AD72C
Requests: 1 HTTP requests in this frame

Frame: https://tempest.services.disqus.com/ads-iframe/taboola/?position=bottom&shortname=security-boulevard-1&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%236190bb&colorScheme=light&sourceUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&disqus_version=current
Frame ID: 9A2AC8DE6D09EF23112F46D7E427854B
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fsecurityboulevard.com
Frame ID: C19ACDBE83908A30ABFBE2A4E28AEDEF
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=security-boulevard-1&t_i=2023467%20https%3A%2F%2Ftuxcare.com%2F%3Fp%3D18196&t_u=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&t_e=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration&t_d=%0AFickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20&t_t=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration
Frame ID: AAE789A03A5886DD20FCAAF2F814292B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Frame ID: D7D09146F5D783CAD2FD1410966E186A
Requests: 3 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/static/topics/taboola-browsing-topics.html
Frame ID: AB94FC5AC495DDE0F53B2C76B3E68B27
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fickle Malware Leads to UAC Bypass and Data Exfiltration - Security Boulevard

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DataTables (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

dataTables.*\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

188
Requests

98 %
HTTPS

46 %
IPv6

35
Domains

52
Subdomains

50
IPs

5
Countries

3647 kB
Transfer

9505 kB
Size

30
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/securityblvd

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/groups/64292

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groups/24445075146/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC1a8XaAVjQSn_SgIW-rdq0A

Search URL Search Domain Scan URL

URL: https://soundcloud.com/user-540767378

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqMggKIixDQklTR3dnTWFoY0tGWE5sWTNWeWFYUjVZbTkxYkdWMllYSmtMbU52YlNnQVAB?hl=en-US&gl=US&ceid=US%3Aen

Search URL Search Domain Scan URL

URL: https://www.mediaopsevents.com/virtual/upcoming
Title: Upcoming Events

Search URL Search Domain Scan URL

URL: https://www.mediaopsevents.com/virtual/843942
Title: On-Demand Events

Search URL Search Domain Scan URL

URL: https://www.techstrongpodcasts.com/
Title: Techstrong.tv Podcast

Search URL Search Domain Scan URL

URL: https://www.twitch.tv/techstrongtv
Title: TechstrongTV - Twitch

Search URL Search Domain Scan URL

URL: https://techstronggroup.com/
Title: Techstrong Group

Search URL Search Domain Scan URL

URL: https://cloudnativenow.com/
Title: Cloud Native Now

Search URL Search Domain Scan URL

URL: https://devops.com/
Title: DevOps.com

Search URL Search Domain Scan URL

URL: https://techstrongresearch.com/
Title: Techstrong Research

Search URL Search Domain Scan URL

URL: https://techstrong.tv/
Title: Techstrong TV

Search URL Search Domain Scan URL

URL: https://soundcloud.com/devopschat
Title: Devops Chat

Search URL Search Domain Scan URL

URL: https://devopsdozen.com/
Title: DevOps Dozen

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC-zcE077X98oTEDPwKkDQxQ
Title: DevOps TV

Search URL Search Domain Scan URL

URL: https://techstronggroup.com/assets/techstrong-media-kit.pdf
Title: Media Kit

Search URL Search Domain Scan URL

URL: https://techstronggroup.com/tellmemore/
Title: Sponsor

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&title=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20-%20Security%20Boulevard
Title: Teilen

Search URL Search Domain Scan URL

URL: https://tuxcare.com/blog/kubernetes-security-sensitive-secrets-exposed/
Title: sensitive information

Search URL Search Domain Scan URL

URL: https://thehackernews.com/2024/06/new-rust-based-fickle-malware-uses.html
Title: recent reports

Search URL Search Domain Scan URL

URL: https://securityaffairs.com/164726/malware/fickle-stealer-attack-methods.html
Title: malware targets information

Search URL Search Domain Scan URL

URL: https://www.techstrongevents.com/cloud-native-now-2024?ref=in-article-ad-2&utm_source=Securityboulevard.com&utm_medium=Referral&utm_campaign=in-article-ad

Search URL Search Domain Scan URL

URL: https://techstronggroup.com/tellmemore/?ref=in-article-ad&utm_source=Devops.com&utm_medium=Referral&utm_campaign=in-article-ad
Title: Sponsorships Available

Search URL Search Domain Scan URL

URL: https://webinars.techstronglearning.com/strategies-for-success-developing-a-comprehensive-cloud-vulnerability-management-program?utm_source=Securityboulevard.com&utm_medium=Referral&utm_campaign=in-article-ad

Search URL Search Domain Scan URL

URL: https://activestate.podbean.com/?utm_source=Securityboulevard.com&utm_medium=Referral&utm_campaign=in-article-ad

Search URL Search Domain Scan URL

URL: https://webinars.techstronglearning.com/addressing-the-security-challenges-of-industrial-ot-and-iot?utm_source=Securityboulevard.com&utm_medium=Referral&utm_campaign=in-article-ad

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.com/r/DNKSWZQ

Search URL Search Domain Scan URL

URL: https://techstrongpodcasts.com/?ref=in-article-ad-2&utm_source=do&utm_medium=referral&utm_campaign=digital-banners-1&utm_id=digital-banners-1

Search URL Search Domain Scan URL

URL: https://www.techstrongevents.com/skilup-day-modernizing-devops-and-itil/home/begin-registration?ref=in-article-ad-2&utm_source=securityboulevard.com&utm_medium=Referral&utm_campaign=in-article-ad

Search URL Search Domain Scan URL

URL: https://devops.com/builder-community-hub/?utm_source=securityboulevard.com&utm_medium=Referral&utm_campaign=in-article-ad

Search URL Search Domain Scan URL

URL: https://tuxcare.com/blog/new-truebot-malware-variant-attacks-u-s-organizations/
Title: information stealing malware

Search URL Search Domain Scan URL

URL: https://tuxcare.com/downloadables/how-live-patching-works-with-kernelcare-enterprise/
Title: robust cybersecurity measures

Search URL Search Domain Scan URL

URL: https://tuxcare.com/blog/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Title: Fickle Malware Leads to UAC Bypass and Data Exfiltration

Search URL Search Domain Scan URL

URL: https://tuxcare.com/
Title: TuxCare

Search URL Search Domain Scan URL

URL: https://wordpress-1231734-4551572.cloudwaysapps.com/
Title: TuxCare

Search URL Search Domain Scan URL

URL: https://digitalanarchist.com/
Title: Watch latest episodes and shows

Search URL Search Domain Scan URL

URL: https://techstrongpodcasts.com/
Title: Listen to all of our podcasts

Search URL Search Domain Scan URL

URL: https://www.dmca.com/compliance/securityboulevard.com

Search URL Search Domain Scan URL

URL: https://techstronggroup.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://digitalcxo.com/
Title: Digital CxO

Search URL Search Domain Scan URL

URL: https://www.techstrongtvpodcast.com/
Title: Techstrong.tv Podcast

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5140001&time=1720446838562&url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5140001&time=1720446838562&url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&tm=gtmv2&e_ipv6=AQLZTMNSw3B1TgAAAZCSn2elEsYUKk4RCaKKModmrKNmao1W8sywMPy7KToqEZnh

Request Chain 134

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=BAA18AC270FD4950B9EAD896BF65E9C2&RedC=c.clarity.ms&MXFR=0BFD932598EC6546181487939CEC6B81 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BAA18AC270FD4950B9EAD896BF65E9C2&MUID=38A1767F9FC96E63267C62C99E426F3A

188 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/ 164 KB
33 KB 338ms
286ms Document
text/html 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3503d42441b34f31f1650dc9ae11962bd2d61b74b7a56b0df5eb4db05dba7745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=0, s-maxage=2592000
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 8a0090403a079118-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 08 Jul 2024 13:53:58 GMT
ki-cache-tag: a7da4f50-0916-4160-9d1e-cdae583ed4a0,5c9e3df0096e7ee9dfb530c877b8cd080d84ac6eb7416571f6ac6bc35223e254
ki-cache-type: Edge
ki-cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
ki-edge-o2o: yes
ki-origin: g1p
last-modified: Mon, 08 Jul 2024 13:50:43 GMT
link: <https://securityboulevard.com/wp-json/>; rel="https://api.w.org/", <https://securityboulevard.com/wp-json/wp/v2/posts/2023467>; rel="alternate"; type="application/json", <https://wp.me/p91vu9-8uoz>; rel=shortlink
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KBuV%2FQvsoZ%2B3aO%2BVfCg2jwfcHQII2rh8xRNyhO7uIWDeBxOnoMivD79R8hequTnf61dQtKoQAdVX8gi2OYH9AbYtHkyqPc3W2E1fE9HCSJDcOdj0D%2BHWc4%2BgU6cm1TMDYHkEmUS8qG7l8laYl2xLZsVGWg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, accept, content-type
x-content-type-options: nosniff
x-edge-location-klb: 1
x-frame-options: SAMEORIGIN
x-kinsta-cache: HIT
x-tec-api-origin: https://securityboulevard.com
x-tec-api-root: https://securityboulevard.com/wp-json/tribe/events/v1/
x-tec-api-version: v1

GET
H2 200 sb.css
securityboulevard.com/wp-content/themes/colormag-pro/ 21 KB
5 KB 53ms
50ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/sb.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c9f5960dced0cd174a6f994adefa4cc95334fa92e24587243b0b8a507c963f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655782
cf-polished: origSize=26981
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Wed, 06 Oct 2021 03:28:09 GMT
server: cloudflare
etag: W/"615d17c9-6965"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=erthe1WBWJWnWgVv%2Fu5uhRD%2BfR7uJ5FJJGoid3Rva9HnV3i77Vko8EbKO20KUt8Xo33N%2BExTF7eVzMs8785LIU3H3j7TWRlvxvZOBUTZSzZP57iubPkK2GvmGvxYehzra0iP9N%2FtK%2FXNOVun8oPKFkO2Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c6a9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cv.css
securityboulevard.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/ 85 KB
13 KB 52ms
49ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f18a82b575d329c2b28f288f949be19eb8f493a2202c0ac1cc240babc0767498

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 430125
cf-polished: origSize=86802
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Mon, 24 Jun 2024 22:02:42 GMT
server: cloudflare
etag: W/"6679ed02-15312"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QPe%2BCpCRSp3HswJzLwCONU3WWnIk4Xlr2ubJ3Dwvrdjd7d14fChakppBByXYMqHoeeDnleKyImbMIWjlxOCNnOiGc0pZkM6Z5enKd1j%2Bwo%2BCEbyyGetqmbLlzbIRlWJRVTEV4p2%2Bo0mv%2FpyBW7cb2BDksg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c6d9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cvpro.min.css
securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/css/ 63 KB
16 KB 31ms
28ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/css/cvpro.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53948075293f5d4a1c0a2d48f3b452fd376b415b4ca0699d12a0c5461ea160f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Fri, 12 Apr 2024 02:59:37 GMT
server: cloudflare
etag: W/"6618a399-fc9a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gn91h8Fou4l6DiibIgKqEpSML9uldZogemdqbjyZNO1AUtKyEhZt2iNQ7HRW9fLmwUCFmaOp7cnS95oxE6q9IlisfBI2bfHUVEW%2FhYNrC9Voidk%2BhEkHsSCSKNYQtgBGoXY%2Bn5kQbsVBSST%2ButyKwXKH5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c6f9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tribe-events-pro-mini-calendar-block.min.css
securityboulevard.com/wp-content/plugins/events-calendar-pro/src/resources/css/ 655 B
596 B 48ms
45ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/events-calendar-pro/src/resources/css/tribe-events-pro-mini-calendar-block.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d330f53cdfd25a188faebfc07535a76190bcc529946b09c74d0971e84b53cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 410885
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Tue, 09 Aug 2022 16:24:44 GMT
server: cloudflare
etag: W/"62f28a4c-28f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vI26iJ7kBj7gc0deHLUbs0DJzpoVdZepFTOX4zFTbAhqyDssO1MwYpiMIUypnsCwvvJmthGdyRToG1jCdLWFpaD0t%2Bj%2Bvv6gCFhCYjERv%2FPxPZvHrEqpJSp6l0YFjV51r7L0tGzXwXHyUjotRzKpX4K0%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c709118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
securityboulevard.com/wp-includes/css/dist/block-library/ 111 KB
15 KB 28ms
25ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 578103
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Fri, 12 Apr 2024 03:05:55 GMT
server: cloudflare
etag: W/"6618a513-1bae5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDpSr%2BH%2B8oJXkS6XsqtlDD%2Bz3phhBYN325Mh1m8CIxFSGqMNgcPsxP1PyajopwadjzPYsi2iAylnRC5epvroV6B4CVEdLVitfU6MbJ%2FR9qyuqLIWmc%2BcBBHvkvtyEA4jo5GqVsW9PDLBp0sje2mqOdA8aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c719118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
securityboulevard.com/wp-includes/js/mediaelement/ 11 KB
3 KB 28ms
26ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 410885
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:03:56 GMT
server: cloudflare
etag: W/"60f9dd3c-2bf8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d0lpE5HdaS9yjfejhu0QkVrQSV7AUscXXs8VXQqydXfewOv9qYj8nx7DxwH9V39%2Bl1ItHjqlSuglymG9Jjhawz8xZiKsBodLVXOZRmmtMInkfGVnajcggItm02DFAdMXlSLwOZYE%2BAwBokCAFMmYqbT%2FvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c729118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.css
securityboulevard.com/wp-includes/js/mediaelement/ 4 KB
1 KB 31ms
28ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 763012
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:03:56 GMT
server: cloudflare
etag: W/"60f9dd3c-105a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xbt1Uo%2BoauA%2F1xbhdo15w%2BP%2FxkMgheYkbCyzlDEj0ZZwT5OnUOvmQcWZBCmQkbNd5z8%2F1nxSRc9vgrk5isvM0rK59JwA5mJAgdNqvmR4zY0QdcrrVNCbt2OEalZWnhDvL6ld2KbXkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c749118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 chainwire-public.css
securityboulevard.com/wp-content/plugins/chainwire-integration/public/css/ 175 B
493 B 31ms
28ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/chainwire-integration/public/css/chainwire-public.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

758ec37b307443cb9be2d4f93e40d730eecfaf18a77ec9b071372b1ef64c2ab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655782
cf-polished: origSize=339
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Thu, 02 May 2024 13:11:58 GMT
server: cloudflare
etag: W/"6633911e-153"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zv1bIMSY94z%2BPkmnercNtBVSgrYPo152xPD%2FEYpHribjKsk0EF58tZZhbjrk6p1PmQtTGd86IBVVeXJkhVe3VnBKIV%2F5K3GkhMuFZu%2FBbUlFYlT8L%2Fg4wNvGvNIUeM9JNE8XTlCpNQ%2FnTUARgZ5yDNBspA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c769118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 owl.carousel.min.css
securityboulevard.com/wp-content/plugins/devops_core/assets/ 3 KB
1 KB 31ms
29ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/devops_core/assets/owl.carousel.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 410884
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-b78"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O7YTQ93fMW5cyQsQ5ajzse26qg%2BIpr3M2Qqz5fem27ICAejeZwPia4TES%2FaiXrFPiAbwo%2BJW3E0DQGO7%2FB7xwlv%2BHm%2FB8Q2Qn688%2BKW7J4ZJFr7YGELVU5UoZZ%2FCosVVIN5oj4ZT8Lbtiazz0ScoFVLssA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c789118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 owl.theme.default.min.css
securityboulevard.com/wp-content/plugins/devops_core/assets/ 936 B
879 B 31ms
29ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/devops_core/assets/owl.theme.default.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

296b3d8e9fa36733999a69d6e630bc6361ea23dada8c98a0e48d34ba7f7d0ed2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-3a8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQG9r9Y%2FUJcv2lKUe%2BsEyAS2HMWnUTwjup9e6oAXZnbbljQVL4NOL3GcNUdWdZ74NaTNPDYLqGRZjqh9YCqgUfxBDYJY5tcIawTvFjpzXWG4Yj2OQFkLXjcKH2zjwwesmFUMjRfS9vqcXg4sYTl9UoixhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090421c799118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
securityboulevard.com/wp-content/uploads/maxmegamenu/ 47 KB
4 KB 37ms
34ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/uploads/maxmegamenu/style.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1898554002afcec490975613ba45248ab76af74d151fb84a101d55bc2ca2b70

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655782
cf-polished: origSize=54547
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Thu, 22 Jul 2021 21:03:58 GMT
server: cloudflare
etag: W/"60f9dd3e-d513"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OgfhnCqGyZ7In1YxuLG7iFVZaq1GmPx9ZHBLdq33oRHNQBhU0pQyVrs3WGnTd%2FqAR2j4VQf66G4iVNm9P9ToV1OsqiIW7%2B0ckM6WlDD9WT0Dr0hzrabPkWYdI61Lbcnwadrco4nba5qFfufOnB2ASA0ceA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c879118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dashicons.min.css
securityboulevard.com/wp-includes/css/ 58 KB
35 KB 38ms
35ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/css/dashicons.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:03:57 GMT
server: cloudflare
etag: W/"60f9dd3d-e688"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSpos3H2q%2BpVTKiyd0T5E%2FOzrr%2F2dWudMIuJ3bQawGbw015uDgDOUS4pHVBFL%2BMjrVEm%2BMFcAGyUvRDBu1mQJqyZSnwmQx5zqTSKykhGKAbpIWNRaIk7tMZMAsr83oCCECBInk4x8TGr52%2BpOK%2BZw43SuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c889118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
securityboulevard.com/wp-content/themes/colormag-pro/ 58 KB
11 KB 62ms
59ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/style.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4b3fbc360a34e6b9eb349ee0663dc97fa48ba73f1bb1f8e95438940b2a14dec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4480057
cf-polished: origSize=81033
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Mon, 06 Feb 2023 21:03:34 GMT
server: cloudflare
etag: W/"63e16b26-13c89"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fNaGAmxjvdWmxUGycnrbHZ0RFJPtsAma%2FI22zVAKD5V9bX%2B8GuQGt5C5TS%2F4bX6gZSq50W3LfLTMY4BzpLM8fd59o9oBYeKF5BPhwOWAsSWs6lKw8b5BUsgBNIR6x3uNzG1I%2B0wqMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c899118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 14 KB
2 KB 62ms
34ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%7COpen+Sans%3A400%2C600%7CPT+Sans%7CSource+Sans+Pro&ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

91698821a1603c559e8e255f3e34c2ea63acfcfd23d2394d55b42bb70e1c130c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 08 Jul 2024 13:53:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Jul 2024 13:53:58 GMT

GET
H2 200 magnific-popup.min.css
securityboulevard.com/wp-content/themes/colormag-pro/js/magnific-popup/ 5 KB
2 KB 37ms
35ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/magnific-popup/magnific-popup.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e529245e8867300ffd2b6f6c1e5b36d41ce8c71a9eb7cbdec52360c0be7b0017

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-1463"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTr2Fq1C2TZ%2FG0BgyTjpijAiNN5el0708bsU6by0fUtrvnuKDhyoI%2F0glaLoureMyTLPKjwj9gIJcwyQAWnZQCFkGmSmyHjxWWrN6Tg49zXZX4TmYI%2BIN4xtLb%2BDAFZtNpFo0z37OBrNZayUmSl62KJ%2BuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c8b9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.min.css
securityboulevard.com/wp-content/themes/colormag-pro/fontawesome/css/ 30 KB
7 KB 36ms
34ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/fontawesome/css/font-awesome.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 566960
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L194cFzk8DqRli4BaoKGI2s%2FOLJ1wanOwWESt61iWVcv6wLd1g21LGTl7z4WyqeLs3WUjauzUKcpqAtdz76y3DAFlxr59pfYn4nclkRDDn%2Ba2u4bkSE8aMK5EOUWX7bSZcms0cY3JA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c8c9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.mCustomScrollbar.min.css
securityboulevard.com/wp-content/themes/colormag-pro/css/ 42 KB
4 KB 36ms
34ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/css/jquery.mCustomScrollbar.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-a757"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tEW%2BMqGidDxAxWDPm5qRhNzPeHIY7BPRsmAavFrlG5JlIOvca1HOJSHkyajK5CB2Tth51UC%2FQjKNroAkYSAOOtaHgjPfszAjvWsByEsSRkXj8FPOcLsBDT%2BeThplnwbgwQFH2krbuN883Er4maRv5l9x9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c8e9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 datatables.min.css
securityboulevard.com/wp-content/themes/colormag-pro/css/ 15 KB
3 KB 46ms
44ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/css/datatables.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7670969cdbb95fcd3e9e270b7d63c5ea6c1b3bf44fdebd13215ef8f5098a54b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 406334
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-3ac5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aOmmGP3fNrPseXHSb0Ybty1Uu11VzOUvCwdv3VGFJFsq%2FIaVsURR62VWbN6cOWLPRMwGjpVRHUJg0hbgNPQ91KsxRENj%2B8h5XN0d81Sjsf7N9FR%2B3xCcFk%2FHQWrCpsDI58foIE2vCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c8f9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 themify-icons.min.css
securityboulevard.com/wp-content/plugins/dflip/assets/css/ 14 KB
3 KB 46ms
44ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/dflip/assets/css/themify-icons.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

142ef075542912c4636585b0e581cd0ac6b4a3f818ec43b3fbf3667dd30a6351

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-361b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0x9DrZunjZp5WrzrR%2FvR1UgY8TIHCRPXV%2B8pi%2BB1zXiPdbz7QSqv%2FMzMGgM4XuvbseJz2Ek26uibSQ4WxCbLy6%2BtKBNm4sPkdQxJuhcciUv1sWXgErG71sODpK2q6MmLYS9zdoM%2BJKc8Y0CGdju6qy6fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c909118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dflip.min.css
securityboulevard.com/wp-content/plugins/dflip/assets/css/ 26 KB
6 KB 45ms
44ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/dflip/assets/css/dflip.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

446bafe3e71ba46e4191766edc1d2ce5ed9710d9c6a915d3f3c36c37fe0b9346

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 391814
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-66b0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tT34hGdpZjUvJcXDLDgVTOhsMAynaBEhOmhJiMO1BqvZPeLqlWGPpaEIIi5qxFIVo9ecBG9kIhJam0najCUgOyecYTWALjdFujQfgwTQbcg1JcC1W8Akt%2F%2Fo7HlRQhnIaxwVRJNU2DZAJAw%2BSUJpBZl9dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c929118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.css
securityboulevard.com/wp-content/plugins/add-to-any/ 2 KB
864 B 46ms
45ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/add-to-any/addtoany.min.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 406334
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 02 May 2024 13:12:07 GMT
server: cloudflare
etag: W/"66339127-644"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RtSiJUmNe7wrhjZvAqyd5Bqhq7xskZgJB4x1yRsF8TX%2BvhyYg%2Ff99bmbhlfabrQU7DYn8WS9T%2F9dm36ul%2BKFRYkALkoSaLMtXLE5J%2FHtqWlasdZY1dc5dQfk5XEoZ0QnZL1ijv%2BUdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c949118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
securityboulevard.com/wp-content/plugins/jetpack/css/ 105 KB
20 KB 60ms
59ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/jetpack/css/jetpack.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abc5745cb5012a0fe2537db26934936834c4645f8284846af0a2e629a2d3b9b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655782
cf-polished: origSize=107794
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Fri, 12 Apr 2024 03:01:16 GMT
server: cloudflare
etag: W/"6618a3fc-1a512"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltrREAYh64CdFVpTq%2BJlHok5%2BT8ntI8no0f9wzQMu2B8qY0e9v6tSqzXJCbPxQ1RnF%2FuIwB%2B1WSGUbxFsh%2FawZ5UrMXT2FKkhx%2Fl2oWF%2BvZPZINvMnz6cuhmEV3c3OT55KhDqwxGcg5xTLecg8g9abm38g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c959118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
securityboulevard.com/wp-includes/js/jquery/ 86 KB
30 KB 51ms
50ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 578103
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 16 Nov 2023 02:00:44 GMT
server: cloudflare
etag: W/"655577cc-15601"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXqcTdMKkUsStlERKtI%2FbF1YMf3IlaUIx443FtDl7fDfkxYtsipWSc8nWf36MhQRRv9dnWAbLH4qFZhZQ2jgBLSbvpt0Poi8rRPbWnF5nWL26LFPjQ3BnT4asGZ8RZm2lTScMM1dfRCj9BKXk7nUpzSa3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c999118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
securityboulevard.com/ 18 KB
4 KB 732ms
731ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/?custom-css=7c1b548128

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2863ec1f28569c220d7864d8870001a4f4d461123daed31d11347fefc856ec4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-edge-cache: cache,platform=wordpress
date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-origin: g1p
x-kinsta-cache: BYPASS
ki-edge-o2o: yes
server: cloudflare
vary: Accept-Encoding, accept, content-type
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XZ4sDCEtqhXu6dMqsSirym9y6OJ7bioY8%2BDlrDhZq7Ab8Eru7HX0QmzmnZPRg5thIKu2bayj3rhOxfq7hLPPmCoQ9tBIcLFPFnSMb6pPW6fL2ZVAoWO4IEVbF3s4t5wM8ziwv8IAua3oVwZA5RCu%2FSR8aw%3D%3D"}],"group":"cf-nel","max_age":604800}
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c969118-FRA
x-edge-location-klb: 1
expires: Tue, 08 Jul 2025 13:53:58 GMT

GET
H2 200 security-boulevard-tsg-logo.png
securityboulevard.com/wp-content/themes/colormag-pro/img/ 5 KB
5 KB 62ms
61ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/img/security-boulevard-tsg-logo.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

addd3084e45a2c68ac5b4baf988e0f18f572f213a2930e32d3a79a01ab579278

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655782
cf-polished: origFmt=png, origSize=5545
ki-origin: g1p
content-disposition: inline; filename="security-boulevard-tsg-logo.webp"
content-length: 4968
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Tue, 31 Jan 2023 18:04:17 GMT
server: cloudflare
etag: "63d95821-15a9"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dm4na5LU9KevcCebU2w7KsWzcpB1r1m64YVa%2Fs2KbtidhrFSL3mUZpWTafJ1X9RDNhiIWuKdLvKzf1iC%2BeG%2BAOohbnQgpqkTQk%2BCkr8hqt9Z%2FhDO3sLumo7y63%2FffulBGEZxtvgrZGSmeXRq%2Fs%2BO5obcFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c9a9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 SBNIcon4_512px.png
securityboulevard.com/wp-content/uploads/2017/09/ 19 KB
19 KB 46ms
45ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2017/09/SBNIcon4_512px.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f542387def66d7826b8d923a05312ec681a1389ed09ac29dc34dfe5fb857f992

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4660464
cf-polished: origFmt=png, origSize=57915
ki-origin: g1p
content-disposition: inline; filename="SBNIcon4_512px.webp"
content-length: 19284
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Thu, 22 Jul 2021 21:07:51 GMT
server: cloudflare
etag: "60f9de27-e23b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BbilxWTEu6KsuHij8EDfLGKdjLNXdfOgxNc0oJmxzL6c1ahnNQlU3JMHzo2KGsou2wXPh6EJSgxweBNKeCovqRfRrL3xgxfPinhum2QE1Tm6LUxzyKKIPUCNrN1uQ73GOtLPecSU%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a0090422c9c9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 af5eddb6a4a6f1681fcaec7e94fdbb8f
secure.gravatar.com/avatar/ 911 B
1 KB 68ms
28ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/af5eddb6a4a6f1681fcaec7e94fdbb8f?s=32&d=mm&r=g
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 9ef33605db40f5dd37e194f4af592cd22a8a90f56da1a165b4a97c34efaa09eb

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 08 Jul 2024 13:53:58 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="af5eddb6a4a6f1681fcaec7e94fdbb8f.png"
accept-ranges: bytes
link: <https://gravatar.com/avatar/af5eddb6a4a6f1681fcaec7e94fdbb8f?s=32&d=mm&r=g>; rel="canonical"
content-length: 911
alt-svc: h3=":443"; ma=86400
expires: Mon, 08 Jul 2024 13:58:58 GMT

GET
H2 200 Banner-770x330-2-1.png
cloudnativenow.com/wp-content/uploads/2024/06/ 97 KB
98 KB 125ms
72ms Image
image/webp 2606:4700:10::6816:fef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloudnativenow.com/wp-content/uploads/2024/06/Banner-770x330-2-1.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:fef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7133a3c402920ecff9372b596b50276d4f54d135625b24784cf421ed5fc9eb0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 1689266
cf-polished: origFmt=png, origSize=165782
ki-origin: g1p
content-disposition: inline; filename="Banner-770x330-2-1.webp"
content-length: 99430
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Wed, 19 Jun 2024 00:22:47 GMT
server: cloudflare
etag: "667224d7-28796"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDPR%2FrOp5rI9YscTDC48s%2Bypuz5YVgVDnQP86yZBBAFou1AIc3m7gYYDxPW3EtbXt0Ir9aeIDfLmZE1JWF0GQFNy%2FbmprbZIaID2MvJnEtktCjVcNhe9uZDOMEKOohoTMrUlOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042fcff3603-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2024.07.16-Palo-Alto-Banner-770x330-SB.png
securityboulevard.com/wp-content/uploads/2024/07/ 37 KB
38 KB 29ms
26ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2024/07/2024.07.16-Palo-Alto-Banner-770x330-SB.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7990ff99ee7a31d35f577e204fe18a35ae1fc3529331845f59c785d3602ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 588529
cf-polished: origFmt=png, origSize=55749
ki-origin: g1p
content-disposition: inline; filename="2024.webp"
content-length: 37970
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Mon, 01 Jul 2024 18:11:21 GMT
server: cloudflare
etag: "6682f149-d9c5"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6O%2BaUZxpp1McyfLRRXJJMUz%2FBlHj64v00v5IMS3fVu1iTuV4xL6jnKALkA7lOQn16MItHkI7OVz2q%2B0aFJlwhTaRgPn1Dz1MOQhjFsSq1t%2FuFbwfPVqRpwHVDPLwJJvE19SIqsenRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042bda89118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Copy-of-Video-art-for-opens-active-state-770-x-330-px-4.png
securityboulevard.com/wp-content/uploads/2024/07/ 18 KB
19 KB 46ms
33ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2024/07/Copy-of-Video-art-for-opens-active-state-770-x-330-px-4.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06c87c6d4caba8c5443d96bbedcb8f7713223932097ab40441a6866dc0b33fb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 583365
cf-polished: origFmt=png, origSize=36018
ki-origin: g1p
content-disposition: inline; filename="Copy-of-Video-art-for-opens-active-state-770-x-330-px-4.webp"
content-length: 18604
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Mon, 01 Jul 2024 19:30:58 GMT
server: cloudflare
etag: "668303f2-8cb2"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3%2FmH%2FR2QkrJsOz0JhDFGgv1Le6TipGiO5Pbf%2BDICWd9jhJEPB5W7jeEpmR%2B4l9mAyB9boY4251YkEWF%2FUl37oGeUHQAzRdGrW%2FyKXaIQx0s%2Btzsg%2BuBaPTOZ8ElHLY1%2BORicst9LU9Z2KjIsnbhdl6paQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042ddd89118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2024.07.18-Claroty-Banner-740x400-1.png
securityboulevard.com/wp-content/uploads/2024/07/ 21 KB
21 KB 39ms
28ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2024/07/2024.07.18-Claroty-Banner-740x400-1.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e890e22dfc095f8f941e39a4bd1b5f5425ab0ed14fd21e32e38237040f04a479

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 585713
cf-polished: origFmt=png, origSize=49381
ki-origin: g1p
content-disposition: inline; filename="2024.webp"
content-length: 21034
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Mon, 01 Jul 2024 18:21:54 GMT
server: cloudflare
etag: "6682f3c2-c0e5"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJreCt5y6tNScz6%2FaPXNW5YSpVK%2BfHmGFzUOS5TSaKivEFNPHtCvy8GdLBIrvRPnwDoUJYqH%2BiXNU7IYuIYQ9K9jTNklvYrzPRAH9NsKt8vYoM7m8RXfU0EsYXOKh2Vvff51Hvx97Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042dde09118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Cloud-App-Security.png
cloudnativenow.com/wp-content/uploads/2024/05/ 222 KB
223 KB 77ms
55ms Image
image/webp 2606:4700:10::6816:fef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloudnativenow.com/wp-content/uploads/2024/05/Cloud-App-Security.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:fef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5623906fee48b7eab6237caddc6447a4d0bb05a60f6759f95fafc59ba580a7ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 3416107
cf-polished: origFmt=png, origSize=345965
ki-origin: g1p
content-disposition: inline; filename="Cloud-App-Security.webp"
content-length: 227204
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Tue, 21 May 2024 14:13:37 GMT
server: cloudflare
etag: "664cac11-5476d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6GwLGq33lLkMc55PwKgbalL%2Bcy9Nz8EOAZp5OKfqBcXYzx9x9qqq2pmw4lSu6Z43ssGBqBlI%2BTcmrkPJTvQITHJbFDchqIjqr%2BftGuCo09RirNcVTsGT9T94MlaCJMACHATrj3hCxC3B42lrJyZwgg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042fd053603-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1-4.png
cloudnativenow.com/wp-content/uploads/2024/06/ 30 KB
30 KB 95ms
73ms Image
image/webp 2606:4700:10::6816:fef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloudnativenow.com/wp-content/uploads/2024/06/1-4.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:fef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

deccde68e443e09d80d1af437e218cf656b3e2f9b2bf9a4f3231e62768123783

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 583598
cf-polished: origFmt=png, origSize=65928
ki-origin: g1p
content-disposition: inline; filename="1-4.webp"
content-length: 30652
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Mon, 24 Jun 2024 18:54:37 GMT
server: cloudflare
etag: "6679c0ed-10188"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnTNW9RuacqcjZSl7LNjJVW8GDX9lMh6Kp1ckK9%2Fl%2FS5fXywlqmFfxtXeYf20E59u5jiQZN0bjiXP50lKcr9sq20XJ%2BKjLyMEGmTv4JtbkUJloHSB3XU%2FSDIZUmuiPEHBXtKqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042fd123603-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 770x330-no-button-2.png
cloudnativenow.com/wp-content/uploads/2024/06/ 66 KB
67 KB 94ms
73ms Image
image/webp 2606:4700:10::6816:fef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloudnativenow.com/wp-content/uploads/2024/06/770x330-no-button-2.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:fef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d319a3f8913db0238c6a8850a320cb6abff4664206bac8ae288bcd557f5dbbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 1193681
cf-polished: origFmt=png, origSize=130234
ki-origin: g1p
content-disposition: inline; filename="770x330-no-button-2.webp"
content-length: 67366
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Mon, 24 Jun 2024 17:31:05 GMT
server: cloudflare
etag: "6679ad59-1fcba"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YvZDDoB96lWI5WpV3G2KrkoBJvQlVS%2BNYlQ50BaAidn2aFlSCfXgMu7ngf5rJ6YKaIOSsibspJ%2BxuMdK7ECgayfRuN7Bo1q%2BcNyNEPjW2m9AyRrG9sE25mJzMxrVK0656WFvww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042fd0a3603-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Banner_2.png-770.png
cloudnativenow.com/wp-content/uploads/2024/06/ 67 KB
67 KB 93ms
71ms Image
image/webp 2606:4700:10::6816:fef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloudnativenow.com/wp-content/uploads/2024/06/Banner_2.png-770.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:fef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bd32f9383c722b13d3fd423d4f88ab99aede18d67134d514ba882068cd7c6d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 580609
cf-polished: origFmt=png, origSize=137221
ki-origin: g1p
content-disposition: inline; filename="Banner_2.webp"
content-length: 68652
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Mon, 24 Jun 2024 18:32:00 GMT
server: cloudflare
etag: "6679bba0-21805"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MEfObciccPHobAgqsyKXZtawF9EdzLI7LQlWOAjNO8lPxrdG8RQbCLJhqWhnwKqndcel7ehR7P6Xht1DfW09qhV8td1ftmUtRzeHgQELU6LgGq5duWKwPb5tXpVcGpI5Zgtr6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042fd0e3603-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Cloud-App-Security-How-we-secure-apps-in-the-cloud-Join-our-research-300X250-2.png
cloudnativenow.com/wp-content/uploads/2024/05/ 70 KB
71 KB 93ms
72ms Image
image/webp 2606:4700:10::6816:fef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloudnativenow.com/wp-content/uploads/2024/05/Cloud-App-Security-How-we-secure-apps-in-the-cloud-Join-our-research-300X250-2.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:fef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9c9b67ab3c208095e28d4e7f72b1b32144916a8404a126c82b60dd64a4400c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4141507
cf-polished: origFmt=png, origSize=151606
ki-origin: g1p
content-disposition: inline; filename="Cloud-App-Security-How-we-secure-apps-in-the-cloud-Join-our-research-300X250-2.webp"
content-length: 72052
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Tue, 21 May 2024 14:12:31 GMT
server: cloudflare
etag: "664cabcf-25036"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BT7JNGrdwMf8LWKSieMJfj%2B7%2BjlRFxMD31DoU%2Fex8NdxKuOaYYyOhW0ahrlnjpfgmjWhISzxgOaMS3CXBHqy7AUfbud5XHobinCvY3zon6TwGLJR1IlK5UiiT7h28dm9yqDy8XtMPHyr53yEIgOonw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042fd173603-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 routine_maintenance.png
images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/9633d7d7-f49c-4a83-bf12-0235ff3676d0/ 26 KB
27 KB 66ms
19ms Image
image/png 151.101.192.238
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/9633d7d7-f49c-4a83-bf12-0235ff3676d0/routine_maintenance.png?format=1000w
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.238 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f46155f593657f211aec6e88bb0f54bb7a544670baa46c48504e9c20b2d442af

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 24, 1
date: Mon, 08 Jul 2024 13:53:58 GMT
via: 1.1 google, 1.1 varnish, 1.1 varnish
age: 247695
x-cache: HIT, HIT
content-length: 26802
x-served-by: cache-iad-kjyo7100133-IAD, cache-fra-etou8220034-FRA
x-timer: S1720446838.256596,VS0,VE1
etag: CNCly4G+i4cDEAE=
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Timing-Allow-Origin
cache-control: max-age=31536000,s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
x-sqsp-is-public: true
tracepoint: Fastly

GET
H2 200 0320_SB_OpenSourceDangers_v1_Page_01-232x300.jpg
securityboulevard.com/wp-content/uploads/2020/03/ 9 KB
10 KB 40ms
29ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2020/03/0320_SB_OpenSourceDangers_v1_Page_01-232x300.jpg

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92c156bbe318b5b94c2a0b742e4bc7b39d92c78656a7a059a892ae40217fe4ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4651509
cf-polished: qual=85, origFmt=jpeg, origSize=11695
ki-origin: g1p
content-disposition: inline; filename="0320_SB_OpenSourceDangers_v1_Page_01-232x300.webp"
content-length: 9658
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Fri, 06 Aug 2021 01:51:17 GMT
server: cloudflare
etag: "610c9595-2daf"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bF7Rxmym%2B3Msc4A6NZ%2BpubI%2BuP%2BleqI6T3Q%2F0tswcXgsFi%2FssJMaUK8merUthPzrggcShQ6wTxcwkLE4wrrJbPSMxnCj7pxn8v7OXJFMHg%2FYK84s5hsNsirxGHUJrkBOjDKUJDOYAmJEeqiXqg7r3oRCew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042dde29118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 security-boulevard-white.png
securityboulevard.com/wp-content/uploads/2021/10/ 3 KB
3 KB 36ms
26ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2021/10/security-boulevard-white.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b327fc4684de28d40f1fee56aa5a54f24ade43a7eb7c4a5a22fb86b829e2cc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655782
cf-polished: origFmt=png, origSize=3249
ki-origin: g1p
content-disposition: inline; filename="security-boulevard-white.webp"
content-length: 2838
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Oct 2021 17:56:21 GMT
server: cloudflare
etag: "615b4045-cb1"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NfuKn1XYu3XCy00CzIOLIsjsaSlxQAbhyTOf2AvejAdOo4G01%2FMdBdHLlrOefWESzdjyFzcTleIxI6wDWdFqmjPT56RcV2sbPrlCwsuzh0Xgkq8lgoqXiV1tbj2BXbsbWQiruOmMOGRt3Kiuc%2Fj%2FfGNE0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009042dde49118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dmca-compliant-grayscale.png
www.dmca.com/img/ 7 KB
7 KB 137ms
31ms Image
image/png 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dmca.com/img/dmca-compliant-grayscale.png
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f4ed4f3e649cf635824e73f0988b7d838af1c3f6753a16586cd1b64e2cfd1ee0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
last-modified: Wed, 12 Apr 2023 04:06:52 GMT
etag: "633c4b36f46cd91:0"
x-azure-ref: 20240708T135358Z-r195c4c79d98tk7fewc9qncren00000008x000000000gds0
x-cache: TCP_HIT
content-type: image/png
cache-control: public, max-age=7603200
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
content-length: 6745

GET
H3 200 powered-by-techstrong-ftr.png
techstronggroup.com/wp-content/uploads/2021/10/ 2 KB
3 KB 108ms
77ms Image
image/png 172.67.198.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://techstronggroup.com/wp-content/uploads/2021/10/powered-by-techstrong-ftr.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.198.8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

757eb40b82fad431019322ce4d7edfd5f2b0b0a822d74db6066993d6bb472c49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3003490
ki-origin: g1p
alt-svc: h3=":443"; ma=86400
content-length: 2417
ki-edge-o2o: yes
last-modified: Thu, 30 Jun 2022 19:23:35 GMT
server: cloudflare
etag: "62bdf837-971"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NemXoZIDF6EqL%2BGKDpXwVxT%2BGCDrwBALiySaYgHDaYbEqJ8%2FMNV5DWm%2F7ShjVIudjgkFHcGQ4PbvRnqJ2i3HICr8tpoF%2B0r9W5rU2G0mTiqjR%2BgyQTw4arZbRmOfF6IBAWCKKEzKrwHTf%2FKGk5he1eM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a0090430c2c2c26-FRA
priority: u=3,i
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 email-decode.min.js Show response
securityboulevard.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
727 B 30ms
17ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jul 2024 09:57:52 GMT
server: cloudflare
etag: W/"66867220-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 8a009042ddda9118-FRA
expires: Wed, 10 Jul 2024 13:53:58 GMT

GET
H2 200 so-css-colormag-pro.css
securityboulevard.com/wp-content/uploads/so-css/ 37 B
419 B 36ms
23ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/uploads/so-css/so-css-colormag-pro.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c90882cc87cbb7a374871305ccc2b2b420724591a5de7e863f31842fe7c39ddc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655782
cf-polished: origSize=84
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Thu, 22 Jul 2021 21:03:58 GMT
server: cloudflare
etag: W/"60f9dd3e-54"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFyA1bCow5FUAZ3JjNWJc2%2Bkat5x5or%2B7BGYH9V9Uakv0joub8tMctBRQvCQQxSE6s5r8yQ7qex0xM7u80JnbQcjbFxPfkJq%2F5fU5srQVX%2F%2BBHpn8MJoG7jggLa2rKS5DgDu82OApNVsg%2BVaAM2pq0CPpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009042dddb9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 shortcodes.css
securityboulevard.com/wp-content/plugins/shortcodes-ultimate-extra/includes/css/ 18 KB
4 KB 37ms
24ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/shortcodes-ultimate-extra/includes/css/shortcodes.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

471f5e43b94418a2b9b406a02c979eb899ae44f2bfde4dd8613d6b80f50ebf46

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 410885
cf-polished: origSize=19024
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Thu, 22 Jul 2021 21:09:13 GMT
server: cloudflare
etag: W/"60f9de79-4a50"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PoR9HhcPm4mMiiR9CdLgD3jsUagl5cvQL1EcOAZFG%2F0eZ36Xf5auckeSmyhMb1IEmXH2HVuUPnGt3NJr89bYNPPGlJgAufL%2B8nKNFRVit4diSUeNnSmZzZPeolTd6%2Fbidol9TLY4eu7IxNiJrEEM1ZC%2BTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009042dddc9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 shortcodes.css
securityboulevard.com/wp-content/plugins/shortcodes-ultimate/includes/css/ 44 KB
8 KB 47ms
33ms Stylesheet
text/css 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bfc362d61a36174f9e4ef410adee1288b2a9afc839586ed871949c96f7fa0dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655781
cf-polished: origSize=45247
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Thu, 02 May 2024 13:43:57 GMT
server: cloudflare
etag: W/"6633989d-b0bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=633gcSqLH3jFX68RC%2Bkbn2X0VuREGyPLSvRcKhU8TOnxL3QTH0VDNUfv2b0BpmBRH%2Fb6yWUuak9Qu31hUdqMgQiPIcrShdkGPiT1PEht17UVojhiRzMqRV4kI15ibGhmGXENjekeevUEM2YBZHhpdapn4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009042dddd9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dflip.min.js Show response
securityboulevard.com/wp-content/plugins/dflip/assets/js/ 127 KB
40 KB 39ms
27ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/dflip/assets/js/dflip.min.js?ver=1.5.6

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dddbbb11e0d6a306b1a27ed5d693f859dad8c17ccb08d5b9e9d663eae570821

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4659344
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-1facd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfdeBQpXNt9gxPbkWEEeyOH7qt0EE0b4dodsefEK09G%2Fgtz8tkyVPdJ%2BnGiSt%2FMJM4CFJw75zkfrM4ifgZHI7DHWroMEutwjwzEX1JVBLQS3gCGUBOLaYOulgixNnIQYUkMmu74ZVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009042ddde9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rocket-loader.min.js Show response
securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 25ms
13ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jul 2024 09:57:52 GMT
server: cloudflare
etag: W/"66867220-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 8a009042dde59118-FRA
expires: Wed, 10 Jul 2024 13:53:58 GMT

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 194ms
61ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer: https://securityboulevard.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8a0090441a3c9b1b-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 312 KB
106 KB 105ms
58ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5VL4PHQ

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f4b105f6d55e55752fc54964b2b594bfb01ebaa3dcefb199f14b5419c4d0e2cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108355
x-xss-protection: 0
last-modified: Mon, 08 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 08 Jul 2024 13:53:58 GMT

GET
H/1.1 200
OK embed
vimeo.com/event/4046309/ Frame 1034 0
0 1224ms
1188ms Document
text/html 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vimeo.com/event/4046309/embed?muted=1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Age: 0
CF-Cache-Status: DYNAMIC
CF-RAY: 8a0090431e389255-FRA
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jul 2024 13:53:59 GMT
Server: cloudflare
Transfer-Encoding: chunked
content-security-policy-report-only: default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp
expires: Mon, 08 Jul 2024 14:08:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: User-Agent,Accept-Encoding,x-http-method-override
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
x-backend-proxy: webproxy26
x-bapp-server: pweb-6b8888d45f-kw58h
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-iad-kjyo7100169-IAD, cache-fra-eddf8230105-FRA
x-timer: S1720446838.276582,VS0,VE1148
x-ua-compatible: IE=edge
x-varnish-cache: 0
x-vimeo-device: d
x-vserver: web-varnish-prod-varnish-25
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 321 KB
106 KB 48ms
47ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FB70FYBEHB&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VL4PHQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

57a3d5cf6628442511d1e49cd47b2e13b5e9d5646c85a61dc364f1041dc6a3bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108069
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jul 2024 13:53:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
94 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5EVV7GV4Q5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VL4PHQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3a4f1881b7f46b2d4d1bd9417094f373ea68cff51aaaccc1c1913c280d705dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96093
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jul 2024 13:53:58 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VL4PHQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 08 Jul 2024 13:41:01 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 777
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 08 Jul 2024 15:41:01 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 38ms
10ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VL4PHQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=15663
accept-ranges: bytes
content-length: 14004

GET
H2 200 tag.aspx Show response
ml314.com/ 37 KB
37 KB 43ms
12ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?862024
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:39:44 GMT
via: 1.1 google
age: 854
x-guploader-uploadid: ACJd0Nq5JoyeUqAUr7r-rVSk-_gnPTx6RrWfI-f30Q9B-XGgbnsREPtj8CgCCr1VvaWL-veN98M2UlbtYA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37568
last-modified: Wed, 12 Jun 2024 23:47:10 GMT
server: UploadServer
etag: "611c769b568a169ba0179bc0e4fb3d9e"
x-goog-generation: 1718236030191817
x-goog-hash: crc32c=jdP4zA==, md5=YRx2m1aKFpugF5vA5Ps9ng==
content-type: application/javascript
cache-id: FRA-1209ea83
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 37568
accept-ranges: bytes

GET
H2 200 j1vwi9tiia Show response
www.clarity.ms/tag/ 637 B
1003 B 224ms
187ms Script
application/x-javascript 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/j1vwi9tiia
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d709ae0a85c673c43c98147f2c84393d4e027ac7a2b2abc0d0fa9e1a78d5c8e7

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: -1
date: Mon, 08 Jul 2024 13:53:58 GMT
x-azure-ref: 20240708T135358Z-r195c4c79d9prdfjt9hw354bwg00000008sg0000000118c7
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 637
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 181 KB
53 KB 77ms
59ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VL4PHQ

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

85dcfc1a2474de812eb5218cc1f0e7ad4ce43b85919bdc4c8284e9b943c296ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54482
x-xss-protection: 0
server: cafe
etag: 16265633716972109552
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 08 Jul 2024 13:53:58 GMT

GET
H2 200 tracker.iife.js Show response
assets.apollo.io/micro/website-tracker/ 3 KB
2 KB 88ms
52ms Script
application/javascript 2606:4700:10::ac43:29b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=7hay9q
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:29b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1750
x-guploader-uploadid: ABPtcPqyiA_6DmAbIrHsFpMGMjLhsG5a8Rasz2Bp2_AF26mnkw8BYzy9w7Iyj9tgqWZHkqeOS1u7mqhasg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 1168
last-modified: Mon, 12 Feb 2024 19:05:14 GMT
server: cloudflare
etag: "482eb3be75b60ec86f88e9bc33337e88"
vary: Accept-Encoding
x-goog-generation: 1707764714580510
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=I3tUEw==, md5=SC6zvnW2DshviOm8MzN+iA==
access-control-expose-headers: *
cache-control: max-age=3600, no-transform
x-goog-stored-content-length: 1168
accept-ranges: bytes
cf-ray: 8a009044af09973c-FRA
expires: Tue, 08 Jul 2025 12:36:38 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 15 KB
15 KB 83ms
40ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%7COpen+Sans%3A400%2C600%7CPT+Sans%7CSource+Sans+Pro&ver=6.5.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 02 Jul 2024 14:47:38 GMT
x-content-type-options: nosniff
age: 515180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Jul 2025 14:47:38 GMT

GET
H2 200 fontawesome-webfont.woff2
securityboulevard.com/wp-content/themes/colormag-pro/fontawesome/fonts/ 75 KB
76 KB 35ms
31ms Font
font/woff2 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/wp-content/themes/colormag-pro/fontawesome/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/wp-content/themes/colormag-pro/fontawesome/css/font-awesome.min.css
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655781
ki-origin: g1p
content-length: 77160
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: "60f9de73-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pU0pIpc6xy2dKxIEoKMfMEQngYaQYJx6H6lDALhE6upV7hAG%2FsZ88tF4qg7Wf3miK44efCKA3RIE71mQd9QbV%2FY5kUdztbiT5lm2p%2BXvUCCdINQutj%2F4KNDyiVBaGe4mhoWlHiNCVLWj6BbfWGKJ3%2Bby%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a009044f8389118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f

Request headers

Referer
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v17/ 44 KB
45 KB 67ms
24ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%7COpen+Sans%3A400%2C600%7CPT+Sans%7CSource+Sans+Pro&ver=6.5.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 20:27:10 GMT
x-content-type-options: nosniff
age: 322008
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45300
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 20:27:10 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 23ms
21ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1788095169&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&ul=de-de&de=UTF-8&dt=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20-%20Security%20Boulevard&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1202684709&gjid=753425667&cid=889304103.1720446839&tid=UA-106313158-1&_gid=1062825351.1720446839&_r=1&_slc=1&gtm=45He4730n815VL4PHQv850968773za200&cg2=sbn&cg3=bypass-user-account-control-uac%2Ccybersecurity-news%2Cinformation-stealer%2Cinformation-stealing-malware%2Crust-malware%2Crust-malware-analysis%2Crust-based-malware&cd1=Wajahat%20Raja&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&z=1492271927

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
85 B 22ms
17ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1788095169&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&ul=de-de&de=UTF-8&dt=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20-%20Security%20Boulevard&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAACAAI~&jid=1858767993&gjid=2138533098&cid=889304103.1720446839&tid=UA-48656547-8&_gid=1062825351.1720446839&_r=1&_slc=1&gtm=45He4730n815VL4PHQv850968773za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&z=1889070551

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5c341b95e676dcc1605933bf9ee67e792e487966cf882401d14aad56a3f044b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
705 B 163ms
125ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: ADF62783EE734835B734045B3D76F9A0 Ref B: FRAEDGE1919 Ref C: 2024-07-08T13:53:58Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://securityboulevard.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYcvL6sLEw6g13zFB9WwQ==

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
255 B 36ms
36ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=89831&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&pv=1720446838556_9rwf26frh&bl=de-de&cb=2651517&return=&ht=&d=&dc=&si=1720446838556_9rwf26frh&cid=&s=1600x1200&rp=&v=2.7.3.180
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?862024
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
482 B 468ms
162ms Script
application/javascript 54.166.151.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=862024&v=2.7.3.180
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?862024
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.166.151.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-166-151-77.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:53:58 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 138
Expires: Tue, 09 Jul 2024 13:53:58 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
817 B 255ms
210ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=5140001&time=1720446838562&url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8D8CE681F0004E349825B50567A437C0 Ref B: FRAEDGE1207 Ref C: 2024-07-08T13:53:58Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lor1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYcvL6tDD8aDPBRFNMIuQ==
x-fs-uuid: 00061cbcbead0c3f1a0cf05114d308b9

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5140001&time=1720446838562&url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&tm=gtmv2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5140001&time=1720446838562&url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&tm=g...

0
267 B

235ms
195ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5140001&time=1720446838562&url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&tm=gtmv2&e_ipv6=AQLZTMNSw3B1TgAAAZCSn2elEsYUKk4RCaKKModmrKNmao1W8sywMPy7KToqEZnh
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: AAAEBE357E664393AC9CD302DA5CB964 Ref B: FRAEDGE1810 Ref C: 2024-07-08T13:53:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYcvL6wNDry0r0oVM+hvw==

Redirect headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: E573CBF1CD8A46588CBDC3DBAC1110C3 Ref B: FRAEDGE1919 Ref C: 2024-07-08T13:53:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5140001&time=1720446838562&url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&tm=gtmv2&e_ipv6=AQLZTMNSw3B1TgAAAZCSn2elEsYUKk4RCaKKModmrKNmao1W8sywMPy7KToqEZnh
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYcvL6svzeL/rInVyEhXg==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 77ms
22ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5EVV7GV4Q5&gtm=45je4730v876171631z8850968773za200zb850968773&_p=1720446838196&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=889304103.1720446839&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720446838&sct=1&seg=0&dl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&dt=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20-%20Security%20Boulevard&en=page_view&_fv=1&_ss=1&tfd=842&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5EVV7GV4Q5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
354 B 87ms
27ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-106313158-1&cid=889304103.1720446839&jid=1202684709&gjid=753425667&_gid=1062825351.1720446839&npa=1&_u=YEBAAEAAAAAAACAAI~&z=937254841

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 77ms
20ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-FB70FYBEHB&gtm=45je4730v873694773z8850968773za200zb850968773&_p=1720446838196&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=889304103.1720446839&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1720446838&sct=1&seg=0&dl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&dt=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20-%20Security%20Boulevard&en=page_view&_fv=1&_ss=1&ep.Post_Category=Postsbn&tfd=864&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FB70FYBEHB&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
48 B 68ms
29ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FB70FYBEHB&cid=889304103.1720446839&gtm=45je4730v873694773z8850968773za200zb850968773&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FB70FYBEHB&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 85ms
50ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FB70FYBEHB&cid=889304103.1720446839&gtm=45je4730v873694773z8850968773za200zb850968773&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&z=1167688394

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
71 B 61ms
29ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-48656547-8&cid=889304103.1720446839&jid=1858767993&gjid=2138533098&_gid=1062825351.1720446839&npa=1&_u=YEDAAEABAAAAACAAI~&z=356363785

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 261 KB
92 KB 46ms
46ms Script
application/javascript 142.250.184.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-R6WDMEKGWJ&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

31718d31fed34f97c3250adfe78704df139e8b2d7a6bee663b1a67a60a65ec17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94277
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jul 2024 13:53:58 GMT

POST
H2 204 track_request
aplo-evnt.com/api/v1/intent_pixel/ 0
0 136ms
132ms Fetch 34.107.133.146
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66323a9f5cdfe70439fa011d

Requested by

Host: assets.apollo.io
URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=7hay9q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

146.133.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn .salesforce.com .lightning.force.com
Strict-Transport-Security	max-age=3600
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
strict-transport-security: max-age=3600
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com
via: 1.1 google
server: nginx
vary: Origin
access-control-max-age: 7200
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
status: 204 No Content
x-transaction-id: 0d8c863159510ae12e421968a3a31c86
cache-control: no-cache
access-control-allow-origin: *
x-frame-options: ALLOWALL
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 track_request
aplo-evnt.com/api/v1/intent_pixel/ Frame 0
0 165ms
125ms Preflight 34.107.133.146
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66323a9f5cdfe70439fa011d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 146.133.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://securityboulevard.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: *
access-control-max-age: 7200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-length: 0
date: Mon, 08 Jul 2024 13:53:58 GMT
server: nginx
status: 200 OK
via: 1.1 google

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406270101/ 425 KB
144 KB 70ms
70ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2091799172090865&plah=securityboulevard.com&aplac=true&bust=31084927

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

2404f26279afa262bab5f18e706fc810576247740047a610581bbc66147250d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146939
x-xss-protection: 0
server: cafe
etag: 17453910577411288007
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jul 2024 13:53:58 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 57ms
40ms Image
image/gif 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-106313158-1&cid=889304103.1720446839&jid=1202684709&npa=1&_u=YEBAAEAAAAAAACAAI~&z=1680955901

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 58ms
57ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-106313158-1&cid=889304103.1720446839&jid=1202684709&npa=1&_u=YEBAAEAAAAAAACAAI~&z=1680955901

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 48ms
32ms Image
image/gif 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-48656547-8&cid=889304103.1720446839&jid=1858767993&npa=1&_u=YEDAAEABAAAAACAAI~&z=106825944

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 35ms
34ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-48656547-8&cid=889304103.1720446839&jid=1858767993&npa=1&_u=YEDAAEABAAAAACAAI~&z=106825944

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.32/ 61 KB
26 KB 23ms
23ms Script
application/javascript 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/j1vwi9tiia
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
last-modified: Fri, 10 May 2024 17:30:20 GMT
etag: W/"0x8DC7116DE09E645"
vary: Accept-Encoding
x-azure-ref: 20240708T135358Z-r195c4c79d9prdfjt9hw354bwg00000008sg0000000118d1
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 5175eca8-701e-0001-5aa8-cc7107000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 ca-pub-2091799172090865 Show response
fundingchoicesmessages.google.com/i/ 199 KB
66 KB 68ms
35ms Script
application/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-2091799172090865?href=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration&ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2091799172090865&plah=securityboulevard.com&aplac=true&bust=31084927

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6bb26230023620bfa51823d90ad65a3099c9b6345b4f87b155dc046e6fb666b9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-73Yp1cmdLqFV7WAkXi91XQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-73Yp1cmdLqFV7WAkXi91XQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjCtDikmLw05BiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiD8_Psf6G4iT_p1nLQHiJREXWY8kXmQ9-Pgi60kgFuLh-HZv_RY2gRX_7m5mVtJIyi-MT87PKynKTCotyS9KS05LLU4tKkstijcyMDIxMDcw1DMwjy8wAAAhpDqy"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
285 B 2661ms
2304ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://securityboulevard.com
Date: Mon, 08 Jul 2024 13:54:01 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 /
www.podbean.com/player-v2/ Frame F5CF 0
0 434ms
382ms Document
text/html 2606:4700:10::6816:ca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.podbean.com/player-v2/?i=aw5u6-1119a75-pbblog-playlist&pbad=0&share=1&download=0&rtl=0&fonts=Arial&skin=1&font-color=auto&logo_link=episode_page&order=episodic&limit=10&filter=all&ss=a713390a017602015775e868a2cf26b0&btn-skin=1b1b1b&size=250

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8a0090476d74bb3d-FRA
content-encoding: br
content-type: text/html
date: Mon, 08 Jul 2024 13:53:59 GMT
last-modified: Mon, 08 Jul 2024 02:17:52 GMT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 2024.08.14-Contrast-LandingPage-1540x660-SB.png
securityboulevard.com/wp-content/uploads/2024/06/ 210 KB
211 KB 33ms
33ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2024/06/2024.08.14-Contrast-LandingPage-1540x660-SB.png

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f987eb81f0c7cdd9548e119f3c0598ae8d72a192bc58254b00d5121842ad6a1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 560745
cf-polished: origFmt=png, origSize=487174
ki-origin: g1p
content-disposition: inline; filename="2024.webp"
content-length: 215382
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Wed, 05 Jun 2024 18:32:04 GMT
server: cloudflare
etag: "6660af24-76f06"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJFPQti2h79IlKG3X6A9DOV1eFJDa7lqj5P93682wmee%2FqVurdj66wpRxTpvySxsLUm9FD5k54ohiobaqYsw3RyLyTKa9tVvnlb9ctwH0w1HEKd3ibv%2BzQDYyeJWPV6LTSGLveLeWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a0090470aa09118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 photo_2024-03-27_11-50-18_1711634249BAYRGDETen.jpg
securityboulevard.com/wp-content/uploads/2024/03/ 34 KB
34 KB 36ms
36ms Image
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityboulevard.com/wp-content/uploads/2024/03/photo_2024-03-27_11-50-18_1711634249BAYRGDETen.jpg

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e16986622c696a801f3ebfba9649dae03e94c9c7a2b48a82b5e0da3652770ba0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4655781
cf-polished: qual=85, origFmt=jpeg, origSize=140044
ki-origin: g1p
content-disposition: inline; filename="photo_2024-03-27_11-50-18_1711634249BAYRGDETen.webp"
content-length: 34770
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Thu, 28 Mar 2024 16:29:24 GMT
server: cloudflare
etag: "66059ae4-2230c"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJVDx9ou2fX8iFunObQdQFVu%2FEb1TI%2BuptrPXf2jX1CETNrZRv01ebcJzABZpnZ0SYxvknWfCp6lKgrj07yFhBinBZSkwyM9rC5BwZYVI0vSQkq%2Fb%2ByLV%2Bj%2Fm%2FBBZ607aPQJGfwHRGcKyRkQX3BPl3X0Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a0090470aa59118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 54ms
30ms Script
application/javascript 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=1.0.0

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1411
etag: W/"a87c48d211877c49b878679b2e3cdab8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8a009047ae699729-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Thu, 11 Jul 2024 13:53:59 GMT

GET
H2 200 maxmegamenu.js Show response
securityboulevard.com/wp-content/plugins/megamenu/js/ 21 KB
5 KB 34ms
23ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=3.3.1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44394924f44ae4405bc484891a6b53301751b540b8c07276e0e8d8e504f75c2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 403745
cf-polished: origSize=33450
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Sat, 10 Feb 2024 18:42:02 GMT
server: cloudflare
etag: W/"65c7c37a-82aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wSYvD5AHizl36n6MxIXodiBdN9PEBY7LwHNW1p9%2BKkq5noSuMPaYNzQfCgVhbHHETCKxLnfQsC8dNz0Jrm0wFUShKobB8COAdHRbzPXN%2BHBeOYvwVSCp2wayrhd%2BHfSSBZUtjxipCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab679118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hoverIntent.min.js Show response
securityboulevard.com/wp-includes/js/ 1 KB
1 KB 35ms
25ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 391811
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Mon, 13 Jun 2022 16:39:09 GMT
server: cloudflare
etag: W/"62a7682d-5db"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1eLQ6LKhP6F%2FkdOb28nEmVYO3g8CKTtWqjHqvnk9E%2FWBdrckEWbRCJbOnePSd0w36BnLCIUP%2FEfF3b%2BunFxf9uRRQuvz2k7%2FD%2FtvSViANRGsyvapaCfvuxpVvS0KtUeGISlyd7MZFFZTVcI1B4pOyBYA9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab6a9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202428.js Show response
stats.wp.com/ 7 KB
3 KB 37ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202428.js
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/14421-1717166113530.9253
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Sun, 29 Jun 2025 08:45:26 GMT

GET
H2 200 twitter-timeline.min.js Show response
securityboulevard.com/wp-content/plugins/jetpack/_inc/build/ 265 B
717 B 45ms
36ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68002d1756ab74bbd8c95d977ff8af585ab56706e59b0524a56a9788acf8e482

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4659250
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Fri, 12 Apr 2024 03:01:16 GMT
server: cloudflare
etag: W/"6618a3fc-109"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GIW%2FatqCGkyeJkdNHGK1PyW6lCJPgrSKzUIKgfgVeI5LML%2BCcAtktqu%2BkHbv7nyvszE7mz2sb6TBYDSHlgqeU5%2FSP05jXTMll4ISDofdNEXXDduGCOKiXq4cen%2BlwzrdLcIuL3oNaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab6b9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 datatables.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/ 99 KB
33 KB 46ms
36ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/datatables.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

431ebfe08cafe8dbb9139a8e7632abc824c6fa276ab1037868ae598474062151

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 403745
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-18c20"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vYhhjAhnc0SkblrDuKpNyptFU5xQPOHUp9V1iFoVDyiHSMlRuhYgoL0lfwOJemPMGd%2F733P844fFsIO3pyQ9EdpOwD9g8Zvsd46aMu9Of%2FANkOrtKH1KC2sngSji94XZ7b1eL4k%2Btg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab6d9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.mCustomScrollbar.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/ 56 KB
14 KB 40ms
31ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/jquery.mCustomScrollbar.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

302dad2d165b5b7849d5fc1db1fea894f35dec4c4f64e77ec4865fd4f3a90a62

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 1178436
cf-polished: origSize=93484
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-16d2c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CPba9zIP8yynyyvxhFidoH6%2BfHksIG0wKrfsbXa4Pi2KAI4X1iylny0uzLpu2YeRClzAxG2iliNAbvy5lGWpYVTEDLE83ySo3HZej21xM9saJV41%2B1dSP2NtK2hdeun3IvvZoIRG%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab709118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 colormag-custom.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/ 6 KB
2 KB 37ms
28ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/colormag-custom.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7c91d82539279bcc48324d9cdecfaad418f2720a2e40de04a6d975465aa07a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1178436
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-19ee"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m9p8lCKyXo1HFl4orZSKO8US64%2B6O7Q1U7Hzdt0XEq%2FigFwHwW4hpjzS5wOuKGopuSscbuu%2B57IYHYe0xROHPvY%2BSQWLwCvcLLU%2FZQZVretBBAwNXz%2BSyMJsAjojjFNlAg8TBN4cSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab719118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ResizeSensor.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/theia-sticky-sidebar/ 2 KB
1 KB 38ms
29ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/theia-sticky-sidebar/ResizeSensor.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bb987c509cc9d8cddb3a3d729818016e7831788ececc4b736a23c66d22161e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 642679
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-8b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iynw%2FxYYsAR2ifNWU%2FfAxFpvf%2FT8UX38nSKJ6hk4eKP5xq3acNQGIpZay0PWsfPcenJa4twJISXrwwBmnpuaW7ibqkK0zpzfYin5b%2BVLKmGs0OBlAjb%2BvvIJ7snY2tIv0PxsDtCFFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab729118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 theia-sticky-sidebar.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/theia-sticky-sidebar/ 5 KB
2 KB 60ms
51ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/theia-sticky-sidebar/theia-sticky-sidebar.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

101f7a6b30db45e2af5f4c16ec0e1ed7584c45260801abdeaa09731ba3abd6c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1178436
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-14f5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Kb83Zr583Blpb%2B3xbmRiC1CGmJimYdfMY7%2FmM%2FXVGppfW0lhinQlFqggOi%2BNP9Ghz7c%2BoRnS1Q76P9ROvsS0wKryeg0t8vz8i2ZuNGgiumgr%2B%2BHwQHxpTLZG8NwD5seVpauFi8hjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab789118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fitvids.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/fitvids/ 2 KB
1 KB 39ms
31ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/fitvids/jquery.fitvids.min.js?ver=20150311

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28b0b03f51551de0682bed42b4cb9d56508a09f636ff48e3f97df64473d311d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 406335
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-7d0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Ff%2BS%2BU7uvMY0azmUfCc2MWQBb2VdwiJktVEalOzEQEMziZPENARWvQ8b1d9ZpGuEGSVNmSRRAFqJEXyI7KTWw2MLiMOc%2BihB90UN2XyN8bmKRskTp7uUmTp6WAqR6JxqAzu486GCIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab7b9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 navigation.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/ 1015 B
783 B 50ms
41ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/navigation.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41f3fe4ce62f3d3f75f6ca8d5c801832f4dc941028ed09cd2ddf5a5b9f0712d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1178436
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-3f7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4fRXV%2FHcWttta4P5xKcMzUzRFHxFQY%2FkR7i6a3QVrx5aEfpFIdIPWfPPXHIZBH902%2Bi2BN7rmYW5FYYfU4GI%2B7bMvRDoBS0rpyRCzsWKIMWiSbNpenTTjz4wecipf4lq2Izf0ye9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab7e9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.magnific-popup.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/magnific-popup/ 20 KB
8 KB 47ms
37ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/magnific-popup/jquery.magnific-popup.min.js?ver=20150310

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64ab8dbf18e5a9150941c352022b6e14e983a679cee5bd6bc92f6fca7e6426bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-4ee9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dzsAyuzqRfCF97IPkXmBua0AdNguNSCb8sIXlPMkqTD%2FZHKNaJH7C4Kk4h2%2B3EztYUdZWn%2BWpJ7TWG2625gCWHGWHnR8lLJV8gvC44hrM0xRP2FsyOO2ewrFJCn52Cqfvjwz7JFAKidzwhpgW8QhCUPQPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab849118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.sticky.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/sticky/ 4 KB
2 KB 38ms
28ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/sticky/jquery.sticky.min.js?ver=20150309

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed5187fd3a8124b6137295fd2b2e0e1451ed9250b6ad989d48e16ea736e5bddc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4659180
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-f65"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zvViY%2FSNyCEiEv%2Fe8S4q3ne4erhqEzi1SXydusLHrSX%2B2L0PP2xbGDN8Jy1PWF998lzstqssx0ZatXEUaCum5q469x9qbSzyb1fYjIlkAv33OqKiZOrQ%2F3S%2F5%2F8l8UoeVAHWnTzXBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab879118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 comment-reply.min.js Show response
securityboulevard.com/wp-includes/js/ 3 KB
2 KB 58ms
49ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/js/comment-reply.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19459
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Mon, 13 Jun 2022 16:39:09 GMT
server: cloudflare
etag: W/"62a7682d-ba5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YkLSpWA1nSWuI9PUSTBYjdX4A%2F1Ot8zC1zBV10l79HyBGHy%2FsqAEhRPOvChLj6eZFQy6Apu2iJ8uiHsIy%2FzNxfzq1qxSKG50LhkyWgeoWJp7FyAxm4VHWRCAr4y2OCXcXRSIpQJ%2F%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab899118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.marquee.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jQuery.Marquee/1.6.0/ 9 KB
3 KB 45ms
30ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jQuery.Marquee/1.6.0/jquery.marquee.min.js?ver=1.6.0

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

feade23a47f6041e6d1008885642dd7ab7cc4f12d94b0c7191c9cf8ca55df97d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2142431
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2000
last-modified: Thu, 25 Feb 2021 18:29:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6037ec91-2345"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZItqXhnTPtMo1b%2FcByAcfVmmhg7fw%2FuiT7%2Bos%2BX8m8UjOtnUeNeyws3u%2BTutI19TjHcKSZN3Lo7f20TqQlcqYpvBCJJqicRRQppwOmClhP%2FuGr5hx%2Fz0CL4dzSDcAHFbsY7lzObA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a009047ae083638-FRA
expires: Sat, 28 Jun 2025 13:53:59 GMT

GET
H2 200 wpgroho.js Show response
securityboulevard.com/wp-content/plugins/jetpack/modules/ 1 KB
1000 B 59ms
49ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=13.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ef5e5f0b35765664c2306f623928124ac103d8e218ad9bd64da51e319d0cc5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 1178436
cf-polished: origSize=1953
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Mon, 24 Jun 2024 22:04:02 GMT
server: cloudflare
etag: W/"6679ed52-7a1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eyIZ2rzXWltWkvQ2PggqfQ%2FCsdBZL5w5dcbaHpZq8LVSRPgZZ6yBUDAzQ7mwRrV7PFgQcX3yZa5RH4OiCQwQaYrhra%2F5QAusPsniatiWtVUeHQOAZ3a7WXMMSayMn%2BHmUWk%2FjwtCGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab8a9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 13 KB
5 KB 14ms
4ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.gravatar.com/js/gprofiles.js?ver=202428

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b46853b388ab997de6bfa04c1e397b91783aa2d3e125eb7f62b2f41b95dd5e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Tue, 02 Jul 2024 12:40:50 GMT
server: nginx
etag: W/"6683f552-3317"
content-type: application/javascript
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Mon, 15 Jul 2024 13:53:58 GMT

GET
H2 200 comment_embed.js Show response
securityboulevard.com/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
977 B 58ms
49ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

527628b0b48cdb56aa208afc676f408aadb429c97933384643ea7805b1b327f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 19459
cf-polished: origSize=1729
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Fri, 12 Apr 2024 02:59:54 GMT
server: cloudflare
etag: W/"6618a3aa-6c1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66aIJKiy2fr5%2BbB83dk8W4fsMhnwv84pn6F%2F0WjJiEaKyJwSE9U73jMYv8bZ7XzOb3y1LyV4FeSPmCiyNsbyFQPZwdToJJ8ZweBkOjLhwQ7WNULleJW%2F1Xy6Mp0VrvpPKD6Bs2E4xg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab8c9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 comment_count.js Show response
securityboulevard.com/wp-content/plugins/disqus-comment-system/public/js/ 708 B
719 B 45ms
37ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 20083
cf-polished: origSize=889
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Fri, 12 Apr 2024 02:59:54 GMT
server: cloudflare
etag: W/"6618a3aa-379"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFZkgXhNzz1O%2FvRkjlN5%2FOts2xQCnogUj%2Bu%2FZQVNmTQ7PgrgHYup7yHpm76XYs8xqZDzSIMXqpbP786ctVMrxZB%2BdRztqDVUPASdw6Q%2F%2BA%2B%2FyIJEezOeszlrTBzSeArGMVDVkvsf1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab8d9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cvpro.min.js Show response
securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/js/ 161 KB
46 KB 52ms
44ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js?ver=6.3.0.1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f33880a7bc942dd2f2218dec8e129e44ba5bf999e793805ff7200cae46917bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 410885
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Fri, 12 Apr 2024 02:59:37 GMT
server: cloudflare
etag: W/"6618a399-2831e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2VYdnPC%2BP6zF0XEEPB3or%2B4jvuQyWnZub8WCL8d%2FldZ96llR1GViZprJM5BmqRUEXmQDb9tGmOoxbqR1qJTqjuxqHXf6SYWmVJ08oNffMWH7CNrAiQ9rHidX8NaUD%2B3VFJ0Cl8%2BfsgEGischuHW4MPIdsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab8e9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cv.js Show response
securityboulevard.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/ 23 KB
7 KB 57ms
48ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=3.8.0

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71c2cdda21d2cc80531d66df07f025dc82c4f79fd90e6a07648695cc6af58b8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 410884
cf-polished: origSize=23772
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Mon, 24 Jun 2024 22:02:42 GMT
server: cloudflare
etag: W/"6679ed02-5cdc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tj6V%2BgmkyzhhKwXgB8L1HhOhUhl5azG%2Br7LnTBMam2PYchBzpuaQDbMkpKgMXHJE6W3VIjJoYEP3yu8WDkV33wtiXdWp9AbK%2BXD2xsz91rsxY3ugSw47onvgBZfsX24WU7kdD0LF0NqgG3YqwYbQpGIypQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab909118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 181 KB
0 6ms
6ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

85dcfc1a2474de812eb5218cc1f0e7ad4ce43b85919bdc4c8284e9b943c296ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54482
x-xss-protection: 0
server: cafe
etag: 16265633716972109552
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 08 Jul 2024 13:53:58 GMT

GET
H3 200 v2.js Show response
js.hsforms.net/forms/ 482 KB
156 KB 67ms
44ms Script
application/javascript 104.18.142.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 85
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a008e33bb3a6931-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Mon, 08 Jul 2024 13:53:59 GMT
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 96e97ce2-0ea6-4fd8-a58c-9b1d853b3793
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 96e97ce2-0ea6-4fd8-a58c-9b1d853b3793
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DlULgF7LuVqC%2FZp%2Fy3c22Qlo4xZbePAUPESIi13kz2LpD10GgLEQe11udpFDENuPxmp5X9Qbngik0f%2FssvMKZsTeFCCveM1mW9tA74DowcE324xyrYDMgCvPv65FxJMJ"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-jxxbv
cf-ray: 8a009047cd9d2bf7-FRA
x-amz-cf-id: 0c-44nPQfivXkZr5g0aZd3_AC8sbTcY8Uf6n7qCLKf1XkT2kaZ7RxA==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 97 KB
31 KB 89ms
55ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f0cce422ac2c6506f9d32c29be64eb376ae7e8ebb5b4ad80ad64a45d3dd399e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31356
x-xss-protection: 0
server: cafe
etag: 244 / 19912 / m202407020101 / config-hash: 18195161965586865016
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jul 2024 13:53:59 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 180 KB
53 KB 72ms
56ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865&host=ca-host-pub-2644536267352236

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

3fdfa66c3b6b14341e3a8aa74796d51bd769aa7fe60e75a869d1df3f66053ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54431
x-xss-protection: 0
server: cafe
etag: 11403971839860807206
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 08 Jul 2024 13:53:59 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 321 KB
106 KB 56ms
52ms Script
application/javascript 142.250.184.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FB70FYBEHB

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

47726b6fca2f43d833a726230154e42bb37ab6adf53da9116a6d17576e4a0724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108056
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jul 2024 13:53:59 GMT

GET
H2 200 loadmore.min.js Show response
securityboulevard.com/wp-content/themes/colormag-pro/js/ 1 KB
833 B 55ms
49ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/themes/colormag-pro/js/loadmore.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

534c262276166217d4ea9b047de9addc67bdab27d749899d098935a58d65940f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1178434
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:07 GMT
server: cloudflare
etag: W/"60f9de73-470"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8hK4Hnz8zcDdiqS48ipQf4d1bMGUF5mamVq1Ca77MjTqaCMGhB15kQtTIbqh1Z8OlfG9%2FmZhQePMYMuNp5tQ87fRokqr84XFmr0o4DK1lmre63rV%2BHU4x79r2IFvfL8g%2BeICG1IS%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab929118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 custom.js Show response
securityboulevard.com/wp-content/plugins/devops_core/assets/ 1 KB
1000 B 48ms
41ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/devops_core/assets/custom.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e9217a20b1f4bec7ec61cb0d3b1ae23a759df26ac6856f15d57e841caa4f0a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 413383
cf-polished: origSize=2913
ki-origin: g1p
ki-edge-o2o: yes
cf-bgj: minify
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-b61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fH2E6mob6kirEk2Xahsf4DJlpJzN3XyQYSh7nSrzva1mlK2fSNgXZ5uZWt%2F1EqP5WQeSDqmLHKbJxQN3n5lArPcSPsbGCm4V1UGZ7sWgUdcCd5D4m7E%2F%2Fe1zbXNrkMPM32Da0DQ9sQtG4uZNoLTt%2BMe1dw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab959118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 isotope.pkgd.min.js Show response
securityboulevard.com/wp-content/plugins/devops_core/assets/ 34 KB
10 KB 55ms
49ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/devops_core/assets/isotope.pkgd.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f96151453bf5b861219fab32920589c930580c4f1c427f2e023e7429e7e9f482

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1178434
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-89f1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L2Bj3AyDQcz9PofFU9X0iSzoBV7JppEj6wmoUPA9T9hn%2B92qSD%2FFZ6ahz5IsJurmXMHtnAYMcUEMzExycBeRMYHs0W7J4sEgH1k1XXpUqiKcJdkwwGRh7N31%2F8liR62s3cGbfFlYZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab979118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 owl.carousel.min.js Show response
securityboulevard.com/wp-content/plugins/devops_core/assets/ 42 KB
11 KB 45ms
40ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/devops_core/assets/owl.carousel.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1178434
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-a70e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=afg3OGV3bKmkx4QvajxK%2B5vmv0x9HcUZ5FnrBUkpEbA7A6PliZICYwCRRD9PJEeDui9VHTJnyXkqPyDSC1pU1tMBxnV3Fn2l7pt%2B6FbVcg%2BP6oiHugeyXS%2Bo3GFLPg41AAhSErTEag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab999118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 list.min.js Show response
securityboulevard.com/wp-content/plugins/devops_core/assets/ 18 KB
6 KB 38ms
33ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/devops_core/assets/list.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62a388a7833280dc7dfe5716af9969711f3c2a2fcc34c5af249907d1e2be7c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1178434
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 22 Jul 2021 21:09:18 GMT
server: cloudflare
etag: W/"60f9de7e-46b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9cQydGbOwJcqMnVavHwEg0huft%2F1q28YRMMQMP2usF5Cy%2Bt1i2b2y4r%2BCKVSfY0B2zdk9X4XGPF9MUqEgoXvV8K4ZYN1%2BYppEI9pkGVZrUADCLmyXeaolsptYr6mG7kp7pX%2FECdmhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab9a9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.js Show response
securityboulevard.com/wp-content/plugins/add-to-any/ 129 B
497 B 42ms
36ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Thu, 02 May 2024 13:12:07 GMT
server: cloudflare
etag: W/"66339127-81"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H5weiWrmzyMKTZ3eGx3Ds3tTet%2Bw7wkGfKH0wULYgqSUUcgEqHUC03gMIYs%2FIFIfX2EmTpINxg2EdLcJ0LRjKBPcQEOEg5vuCOvkrcNnuuluXuKMTS%2BVFyGrrOG9TmG5aqVJfWNVUavLmqUMxkgzp6IVgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab9c9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
securityboulevard.com/wp-includes/js/jquery/ 13 KB
5 KB 46ms
40ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4655782
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Fri, 08 Sep 2023 23:54:07 GMT
server: cloudflare
etag: W/"64fbb41f-3509"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IsemvzTv3KhvbhBaUsJ3CrVwYI427adCGtD6iJnxTILRFAIHjOwDNBCLp27S%2B3Y7YjuQ4g2zbsj3GYVEz8%2BdUFElv9SwwbJkJUOJV%2FHVSAEQdorlm6HsQM8Yi0QaSSjkQm1ykmML5zrtdljtobPw0jHOMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a009047ab9e9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 56ms
40ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23766
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"e346c2841e4abbb66ee259e9540abb61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2k2Yl9WQEwE5ZwRduqqbZSLMAE8c%2BuooWenZOcZWpT08toWIfO8DFRGau5wceTYOe5YZ1ncgL5Wu50ZIiVBpE7uWlb0g7ZLZ294N%2FG%2Bv3x9qEoNqjbHodf9tMjb299WFdwsHniMFPliG3quU4k275INR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 8a009047bb313623-FRA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 48ms
16ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 06 Jul 2024 07:31:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195777
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Jul 2025 07:31:02 GMT

GET
H3 200 tag.aspx Show response
ml314.com/ 37 KB
37 KB 13ms
11ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?86
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:39:44 GMT
via: 1.1 google
age: 854
x-guploader-uploadid: ACJd0Nq5JoyeUqAUr7r-rVSk-_gnPTx6RrWfI-f30Q9B-XGgbnsREPtj8CgCCr1VvaWL-veN98M2UlbtYA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37568
last-modified: Wed, 12 Jun 2024 23:47:10 GMT
server: UploadServer
etag: "611c769b568a169ba0179bc0e4fb3d9e"
x-goog-generation: 1718236030191817
x-goog-hash: crc32c=jdP4zA==, md5=YRx2m1aKFpugF5vA5Ps9ng==
content-type: application/javascript
cache-id: FRA-1209ea83
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 37568
accept-ranges: bytes

GET
H2 200 AGSKWxWt_REGZQLbfsyV07LhHI9SiV1aiDwkdOxyj9asETMhHrjMP-4HK-vdnahTKftwsTd3q_d5yOjmeObDzLkZCXG3bXcIvmLPPPvagH4VsYEPOtdVDSqDVbOTVxzhfPs1VHDs8szLWw== Show response
fundingchoicesmessages.google.com/f/ 386 KB
61 KB 216ms
214ms Script
application/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWt_REGZQLbfsyV07LhHI9SiV1aiDwkdOxyj9asETMhHrjMP-4HK-vdnahTKftwsTd3q_d5yOjmeObDzLkZCXG3bXcIvmLPPPvagH4VsYEPOtdVDSqDVbOTVxzhfPs1VHDs8szLWw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzIwNDQ2ODM5LDEwMDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3NlY3VyaXR5Ym91bGV2YXJkLmNvbS8yMDI0LzA3L2ZpY2tsZS1tYWx3YXJlLWxlYWRzLXRvLXVhYy1ieXBhc3MtYW5kLWRhdGEtZXhmaWx0cmF0aW9uLyIsbnVsbCxbWzgsIktwd1c4QlQ1eENJIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzIyLCJmYWxzZSJdLFsyMCwiW251bGwsbnVsbCxbMzEwODIyNTMsMzEwODQyNjldLG51bGwsMF0iXSxbMTksIjEiXSxbMTcsIlswXSJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.KpwW8BT5xCI.es5.O/am=GAY/d=1/rs=AJlcJMyrnTC3hXUIb3fvi6z2pjrkFxZp4Q/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bff75ca67509c05ce198670f2fb9b5aae5b5422b9bc2b204fbe3f4e2cb61d8a8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DbjeoohHaW7ERDRkUN_bYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-security-policy: script-src 'report-sample' 'nonce-DbjeoohHaW7ERDRkUN_bYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjCtDikmJw1ZBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiD8_Psf6G4iT_p1nLQHiJREXWY8kXmQ9-Pgi60kgFuLm-H5v_RY2gQ19u9OUNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTAzMDQz1DMzjCwwAyxU5zw"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 109 KB
6 KB 20ms
20ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.KpwW8BT5xCI.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMyEaRdbKr0jWeawhCGDFz9sw2N29g/m=web_iab_tcf_v2_wall_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

26b9e3e98b9415b99775a736fa1a3af32402746c2bf7746411bea496c44e4b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 08 Jul 2024 13:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 08 Jul 2024 13:53:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Jul 2024 13:53:59 GMT

GET
H2 200 KlcdZVi62qdS3FYrkRzqUccR9j1ZdW6luq4M1RmNdo44Ta508mSFzzdF9djv1qlawYl3a7PPDlgtxpurzxqTDPzP67WQhk7NXTdyfzahx9orClPkUIbMug=h60
lh3.googleusercontent.com/ 5 KB
5 KB 44ms
9ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KlcdZVi62qdS3FYrkRzqUccR9j1ZdW6luq4M1RmNdo44Ta508mSFzzdF9djv1qlawYl3a7PPDlgtxpurzxqTDPzP67WQhk7NXTdyfzahx9orClPkUIbMug=h60

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bb0aa07e7e9d959935e65d8970b84268b326e69f29e8ab6677afad7cfaa321d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:40:43 GMT
x-content-type-options: nosniff
age: 796
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5240
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 09 Jul 2024 13:40:43 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%7COpen+Sans%3A400%2C600%7CPT+Sans%7CSource+Sans+Pro&ver=6.5.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 09:37:33 GMT
x-content-type-options: nosniff
age: 360986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 09:37:33 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/ 125 KB
126 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 02 Jul 2024 14:42:02 GMT
x-content-type-options: nosniff
age: 515517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Jul 2025 14:42:02 GMT

POST
H3 204 AGSKWxW87bKdv1es2rhB_RY2ZKr5a27AkdGYnJ3OkC3SQJDYcXkHYjeN-AlCE0CGGUZ5HHuJ2lqJeg_gYlysUpAIr3pFMgwt1DhnJghigWLywjqnII73u-kpJ1txz1uVz7-1D3yZbgw4zg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 49ms
20ms XHR
text/html 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxW87bKdv1es2rhB_RY2ZKr5a27AkdGYnJ3OkC3SQJDYcXkHYjeN-AlCE0CGGUZ5HHuJ2lqJeg_gYlysUpAIr3pFMgwt1DhnJghigWLywjqnII73u-kpJ1txz1uVz7-1D3yZbgw4zg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AxbaEJUlIC_40BgthiVUPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-security-policy: script-src 'report-sample' 'nonce-AxbaEJUlIC_40BgthiVUPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw15BicEqfwRoCxJ8fn2P9DcRLIi6yHkm8yCrEw_H93votbAIb-n4vYVRyScovjE_OzytJzSvRTUwp1gWxizKTSkvyi1DYqWUgFTn56emZeenxRgZGJgbmBoZ6BubxBQYAdN8sNg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxW87bKdv1es2rhB_RY2ZKr5a27AkdGYnJ3OkC3SQJDYcXkHYjeN-AlCE0CGGUZ5HHuJ2lqJeg_gYlysUpAIr3pFMgwt1DhnJghigWLywjqnII73u-kpJ1txz1uVz7-1D3yZbgw4zg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-b_mLeh6_k8bsfrBXNFUOFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-b_mLeh6_k8bsfrBXNFUOFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1ZBicEqfwRoCxJ8fn2P9DcRLIi6yHkm8yCrEw_H93votbAIPDj9ZwqjkkpRfGJ-cn1eSmleim5hSrAtiF2UmlZbkF6GwU8tAKnLy09Mz89LjjQyMTAzMDQz1DMzjCwwAitIsgg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
285 B 1406ms
1193ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://securityboulevard.com
Date: Mon, 08 Jul 2024 13:54:00 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=BAA18AC270FD4950B9EAD896BF65E9C2&RedC=c.clarity.ms&MXFR=0BFD932598EC6546181487939CEC6B81
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BAA18AC270FD4950B9EAD896BF65E9C2&MUID=38A1767F9FC96E63267C62C99E426F3A

42 B
442 B

41ms
40ms

Image
image/gif

13.74.129.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BAA18AC270FD4950B9EAD896BF65E9C2&MUID=38A1767F9FC96E63267C62C99E426F3A
Protocol: H2
Server: 13.74.129.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:59 GMT
last-modified: Tue, 25 Jun 2024 19:30:12 GMT
server: Microsoft-IIS/10.0
etag: "7473f1936c7da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E7D23242973B479EB47580E97423B827 Ref B: FRA31EDGE0605 Ref C: 2024-07-08T13:54:00Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BAA18AC270FD4950B9EAD896BF65E9C2&MUID=38A1767F9FC96E63267C62C99E426F3A
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 24ms
22ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-FB70FYBEHB&gtm=45je4730v873694773z8850968773za200zb850968773&_p=1720446838196&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=889304103.1720446839&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sid=1720446838&sct=1&seg=0&dl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&dt=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20-%20Security%20Boulevard&_s=2&tfd=2110&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FB70FYBEHB&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sm.25.html
static.addtoany.com/menu/ Frame 962B 0
0 47ms
31ms Document
text/html 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 4509
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 8a00904d3a6a9f2f-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 08 Jul 2024 13:53:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MCVUE8JdS0WxGNoDD08y1mWwKSMdXTUh%2FQvce1hlPe%2FwsdrgQfuF9szBPGddPko4%2Fi%2Bs2gPSn4Ku2nuaKZA72FJb1RggxtIdIIO0MhkgaIhtTqAL%2Fs6Pq4KjcxKqdZ4DMGolX3Us"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.BRQnzO8v.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 85ms
67ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11010
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"25da5432b1057724b8210f17e9b9db05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpPyfLVJ4Vh4j7Bx%2BKdWZJkXTcDhy4MrO2vy6uiWVBAS7R7XnDFq5zYiu1SORzGB44SDsmxEPf8Nv5Z77kdr9o3EMDVBchpR8rgTZod8hcODca8n1zt56fahzD6OfHX6R2FJeU6YG5UkXr0FxRUrYuEN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 8a00904d3f169960-FRA

GET
BLOB 200
OK e290779a-9953-43ed-8d25-d521521a2a11
https://securityboulevard.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://securityboulevard.com/e290779a-9953-43ed-8d25-d521521a2a11
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 android-chrome-256x256-1-32x32.png
securityboulevard.com/wp-content/uploads/2021/10/ 916 B
1 KB 29ms
29ms Other
image/webp 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-content/uploads/2021/10/android-chrome-256x256-1-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9477347715e11007b443bf2be67df96a108b575f76c4ddb6ca18d8b2fcf39b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:53:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-edge: v=20.2.7;mv=3.0.6
age: 4659823
cf-polished: origFmt=png, origSize=1357
ki-origin: g1p
content-disposition: inline; filename="android-chrome-256x256-1-32x32.webp"
content-length: 916
ki-edge-o2o: yes
cf-bgj: imgq:85,h2pri
last-modified: Tue, 05 Oct 2021 21:59:29 GMT
server: cloudflare
etag: "615ccac1-54d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=frpXFjo%2Byspyi3FVxK5fond5eof%2F6QSZ02DW2mLDRrXjA%2Fpe3TPo0iPnLuShLCwMv0zkACPc7NFPZcaIZpAh3p4pRycWbxiX34KAwKmGdkQB24PLnYcrpYUKjoZU8RpHZuihCxW3kg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
accept-ranges: bytes
ki-cf-cache-status: BYPASS
cf-ray: 8a00904d2b399118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
0 45ms
45ms Fetch
text/plain 216.239.32.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-FB70FYBEHB&gtm=45je4730v873694773z8850968773za200zb850968773&_p=1720446838196&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tcfd=10001&tag_exp=0&cid=889304103.1720446839&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=3&sid=1720446838&sct=1&seg=0&dl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&dt=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20-%20Security%20Boulevard&en=10%25%20Scroll&ep.Post_Category=Postsbn&_et=1237&tfd=2151&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FB70FYBEHB&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityboulevard.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202407020101/ 467 KB
145 KB 92ms
24ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202407020101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

4416286665bbc024eb7d80114a57625e9f57ea495844950d060293b230599af5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 12:28:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5131
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148860
x-xss-protection: 0
server: cafe
etag: 3071004405367439963
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 08 Jul 2025 12:28:28 GMT

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/1628905/4b9a2bbd-665c-447b-81df-233280dc689e/ 3 KB
2 KB 183ms
151ms XHR
application/json 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/1628905/4b9a2bbd-665c-447b-81df-233280dc689e/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

817f6455872b724886b45987caf19460833f3e2b293680a5de8ca1b956e63043

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 08 Jul 2024 13:54:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 151759f5-d0b2-4d91-9371-6d5cc3486dbc
x-envoy-upstream-service-time: 20
alt-svc: h3=":443"; ma=86400
content-length: 1385
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 151759f5-d0b2-4d91-9371-6d5cc3486dbc
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://securityboulevard.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8a00904e0cff047a-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-tb6vg

GET
H/1.1 200
OK count.js Show response
security-boulevard-1.disqus.com/ 1 KB
2 KB 61ms
17ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://security-boulevard-1.disqus.com/count.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=300; includeSubdomains
X-Amz-Cf-Pop: DFW56-P1
Age: 165
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 27 Jun 2024 14:25:10 GMT
Server: nginx
ETag: "667d7646-367"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: Jy76puj37jyWpVqb0yTkoAy_bUz3EPWjwpgEdnY4jkyxmq_5ihynuQ==

GET
H/1.1 200
OK embed.js Show response
security-boulevard-1.disqus.com/ 81 KB
26 KB 55ms
17ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://security-boulevard-1.disqus.com/embed.js

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

15948b2bc60f8e9847b22836b8a58b13943bbc848a0ca1966a0ec6a8d65b2f14

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
content-encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
server: openresty
Age: 37
Vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
x-service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 26410

GET
H/1.1 200
OK count-data.js Show response
security-boulevard-1.disqus.com/ 272 B
853 B 132ms
132ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://security-boulevard-1.disqus.com/count-data.js?1=2023029%20https%3A%2F%2Fsecurityboulevard.com%2F%3Fp%3D2023029&1=2023191%20https%3A%2F%2Fsecurityboulevard.com%2F%3Fp%3D2023191&1=2023202%20https%3A%2F%2Fsecurityboulevard.com%2F%3Fp%3D2023202&1=2023313%20https%3A%2F%2Fsecurityboulevard.com%2F%3Fp%3D2023313&1=2023467%20https%3A%2F%2Ftuxcare.com%2F%3Fp%3D18196&1=2023475%20https%3A%2F%2Fsecurityboulevard.com%2F%3Fp%3D2023475&1=2023521%20https%3A%2F%2Fsecurityboulevard.com%2F%3Fp%3D2023521

Requested by

Host: security-boulevard-1.disqus.com
URL: https://security-boulevard-1.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f93e70f7ef43b952159e1a0bae3f928b43fc272a08a2a99c73548a185c83a98d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 272
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK recommendations.js Show response
security-boulevard-1.disqus.com/ 65 KB
22 KB 137ms
137ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://security-boulevard-1.disqus.com/recommendations.js

Requested by

Host: security-boulevard-1.disqus.com
URL: https://security-boulevard-1.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

50b91e81a4f364a97e7b6534b2e908fb73401cd426d5baf07ea80240864ee31a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
content-encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
server: openresty
Age: 0
Vary: Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
content-type: application/javascript; charset=utf-8
cache-control: stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
x-service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21483

GET
H3 200 jquery.mousewheel.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 3 KB
2 KB 40ms
40ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1540988
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1046
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-ad3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7Z3nYvbZ9vN0Zo6CQdI101JVLivGGbebKxCT1zaanRJ%2F%2F8MKaiwjqDbMrci3ij9CiiflMpZA8vKFZhEkpEogawE3okCz4wFfXB3j%2BmQZamW2hKwd7REpiXQViyJqAY8b7la%2BAEg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a00904f98e13638-FRA
expires: Sat, 28 Jun 2025 13:54:00 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 107ms
29ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6762) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
Content-Encoding: gzip
Age: 730
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/6762)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 22ms
17ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=133346385&post=2023467&tz=-4&srv=securityboulevard.com&j=1%3A13.5&host=securityboulevard.com&ref=&fcp=1218&rand=0.587807970972587
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jul 2024 13:54:00 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H3 200 de.js Show response
static.addtoany.com/menu/locale/ 750 B
1007 B 41ms
41ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/locale/de.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6898
cf-polished: origSize=902
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"86610d84a116a5704d658324728b063f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOhLgr6kCFwjwnL0P05vR4PSu%2BVCUV9TLEpmpTX%2FTWGNOeUth%2BdUPZW%2B9hfKlUG27pKPTr2XBuyDoRaC811Vgzibb70cvlz1LNnpmQT4YDSZiZVoaEJSh4gOzoLbQQD5EITfNx1P"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 8a00904fc86c3623-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 645 B
935 B 35ms
35ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9721
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"af2b829f9b79fabec7c0148a8b7e444b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xizNMLNzWZJjocB4EX4XbvdgF7DXwJufZQ7%2F51XmmJHj0VhiTR2Htm%2B%2F63ZK2KTTowjgUJ7ZPyu67dQ%2FUN%2BOZaefRgwEArvx9FsyLwMXmsFZr1xoU5gL1ZooWNJHZjnURAU04FZUAHbGTs64e8qzEk1g"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8a00904fc9f89960-FRA

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 435 B
820 B 38ms
37ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18226
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"00b1b78053ab07c79bfea2e5a1db9d70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4UX16HcDsi9nJeUfG4sh9TA9KjUkpQtGZ7nMSQaLd5rAAYBmBmZV0HFeCEwNR58MeD%2FTGhbGedrYVZC%2FmWoWUDV0Lr2a7nOnzPpa9AXLXSYlFJAuQA6H3tFQf88xFo2CikE4eTW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8a00904fc9fa9960-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 429 B
826 B 41ms
41ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9721
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"68925fa8e347041c6006837e73c518bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADZQbD6EEmyM2fjMmxaQTGLXZuW1Brdira5Ja%2BPjWMqnI%2FXhhGaXhxqssK%2BwnVvYJzvg4u%2FeI6Ide9R%2F3Q%2FV12FAsesoFyYE607FE3rakzgd934ee2N2K0YS8dMCQoLsEn0vB8bK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8a00904fc9fc9960-FRA

GET
H3 200 reddit.js Show response
static.addtoany.com/menu/svg/icons/ 893 B
985 B 56ms
56ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/reddit.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68ed9b82b62d45cf5d12587a7e9566a4ddeb94d69bcb225e9e3c7268c76b3cbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9721
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"1fe5b5008de689ce6464d7bcb07e742c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AlGyOMvffXZhaNn3pVMkhW5ZpJ%2BZV0aIQ6h0%2FmRhSc%2BDLYVwLx7fSCormjstoqTSd%2FGKJYcaaCNBHIO5z5sYXlJfbvaPOr48bZ0DnhcpqYqg7PPhWeBnA5h%2FlCd58oEH2jjBfZP4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8a00904fc9fe9960-FRA

GET
H3 200 email.js Show response
static.addtoany.com/menu/svg/icons/ 415 B
817 B 40ms
40ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/email.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9721
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"eb2119ad4221a9d01abc336e06962867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oIYUlIaW%2BBQQOUlzc3w6%2B5xqxINXx2BocfzQsnk0fp72EzPvY0rvrFzhZu%2FEgvdd1TIYIDtuU9U5TtzSmkXMKItCkdTJD9tONaGz8EqUXW25thr%2FeBTdXpgxd%2B0js5Eqyydbmgui"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8a00904fc9ff9960-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
693 B 40ms
40ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"0aca4ea1e5f8f250126a8e0c597dd969"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rf7y7mO93%2FuV3q2T%2FRKvsXglRYamvZL5sEpM1TTq8VESNAWc7IvpPKWf%2FzWJQ%2BAGjKK%2B6UMylfgI0pkgg3wmIUp9OBPaqhBmOAk7shWn3WePvxh6%2FSSrP81Fd9wHg9tqZvgKkLig1TZL6Vlwz4PInaqz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8a00904fca009960-FRA

GET
H2 200 hovercards.min.css
0.gravatar.com/js/hovercards/ 4 KB
1 KB 19ms
14ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.css?ver=0.8.0-1

Requested by

Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202428

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4dc4b084ef936f389a16afec35651270dec229425176c8a76cf24257226ca4ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Thu, 20 Jun 2024 16:31:59 GMT
server: nginx
etag: W/"6674597f-e29"
content-type: text/css
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Mon, 15 Jul 2024 13:54:00 GMT

GET
H2 200 c.gif
c.clarity.ms/ 42 B
81 B 40ms
39ms Image
image/gif 13.74.129.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/j1vwi9tiia
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.74.129.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 13:53:59 GMT
last-modified: Tue, 25 Jun 2024 19:30:12 GMT
server: Microsoft-IIS/10.0
etag: "7473f1936c7da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
886 B 175ms
145ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1d997202-1ed3-45a8-87ea-a66d8e53adff
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1d997202-1ed3-45a8-87ea-a66d8e53adff
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-9q5kl
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8a0090501efb363e-FRA

GET
H2 200 wp-emoji-release.min.js Show response
securityboulevard.com/wp-includes/js/ 18 KB
5 KB 29ms
29ms Script
application/javascript 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.5

Requested by

Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
ki-edge: v=20.2.7;mv=3.0.6
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1152795
ki-origin: g1p
ki-edge-o2o: yes
last-modified: Fri, 12 Apr 2024 03:05:55 GMT
server: cloudflare
etag: W/"6618a513-4926"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8Avhce2Ty7gRKxnBhSGsDn2Ja3OriHP6j%2BnFGDx1MKS3l3PyzqBT5mrlbppvD%2Be5yaC5YResPFZZt2itBPGrF7J8Lj%2By5LweW3Nj7XVi9kMC3tCAE80E5IXFROhM4aw%2BFmgb%2Boetg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
ki-cache-type: None
ki-cf-cache-status: BYPASS
cf-ray: 8a00904fdf0d9118-FRA
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
69 KB 40ms
39ms Script
application/javascript 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 85
etag: W/"e3be409ac3c100e2a5d3f264ec260551"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8a00904ff9829729-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Thu, 11 Jul 2024 13:54:00 GMT

GET
H/1.1 200
OK embed
vimeo.com/event/4046309/ Frame 2693 0
0 1287ms
1286ms Document
text/html 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vimeo.com/event/4046309/embed?muted=1

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Age: 0
CF-Cache-Status: DYNAMIC
CF-RAY: 8a0090503f369255-FRA
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jul 2024 13:54:01 GMT
Server: cloudflare
Transfer-Encoding: chunked
content-security-policy-report-only: default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp
expires: Mon, 08 Jul 2024 14:09:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: User-Agent,Accept-Encoding,x-http-method-override
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
x-backend-proxy: webproxy26
x-bapp-server: pweb-6b8888d45f-zs2rk
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-iad-kjyo7100099-IAD, cache-fra-eddf8230132-FRA
x-timer: S1720446840.370821,VS0,VE1252
x-ua-compatible: IE=edge
x-varnish-cache: 0
x-vimeo-device: d
x-vserver: web-varnish-prod-varnish-25
x-xss-protection: 1; mode=block

GET
H2 200 /
www.podbean.com/player-v2/ Frame 1284 0
0 0ms
0ms Document
text/html 2606:4700:10::6816:ca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8a0090476d74bb3d-FRA
content-encoding: br
content-type: text/html
date: Mon, 08 Jul 2024 13:53:59 GMT
last-modified: Mon, 08 Jul 2024 02:17:52 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H2 204 rum Show response
securityboulevard.com/cdn-cgi/ 0
163 B 287ms
283ms XHR
text/plain 2606:4700:10::6816:39c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityboulevard.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:39c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://securityboulevard.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8a0090509ff89118-FRA

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame CC67 0
0 210ms
151ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=security-boulevard-1&t_i=2023467%20https%3A%2F%2Ftuxcare.com%2F%3Fp%3D18196&t_u=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&t_e=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration&t_d=%0AFickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20&t_t=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration&s_o=default

Requested by

Host: security-boulevard-1.disqus.com
URL: https://security-boulevard-1.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2958
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 08 Jul 2024 13:54:00 GMT
ETag: W/"lounge:view:10247644305.8e08bec6b08c29491ba2c7d1dae5dfed.2"
Last-Modified: Fri, 05 Jul 2024 08:38:47 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H/1.1 200
OK /
tempest.services.disqus.com/ads-iframe/taboola/ Frame E828 0
0 216ms
146ms Document
text/html 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/taboola/?position=top&shortname=security-boulevard-1&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%236190bb&colorScheme=light&sourceUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&disqus_version=current
Requested by: Host: security-boulevard-1.disqus.com
URL: https://security-boulevard-1.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Age: 0
Connection: keep-alive
Content-Length: 10384
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 08 Jul 2024 13:54:00 GMT
Vary: Accept-Encoding,
access-control-allow-origin: *
cache-control: public, max-age=300
content-encoding: gzip
content-type: text/html; charset=utf-8
server: openresty
x-service: router

GET
H/1.1 200
OK /
tempest.services.disqus.com/ads-iframe/taboola/ Frame 9A2A 0
0 215ms
147ms Document
text/html 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/taboola/?position=bottom&shortname=security-boulevard-1&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%236190bb&colorScheme=light&sourceUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&disqus_version=current
Requested by: Host: security-boulevard-1.disqus.com
URL: https://security-boulevard-1.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Age: 0
Connection: keep-alive
Content-Length: 10386
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 08 Jul 2024 13:54:00 GMT
Vary: Accept-Encoding,
access-control-allow-origin: *
cache-control: public, max-age=300
content-encoding: gzip
content-type: text/html; charset=utf-8
server: openresty
x-service: router

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 254ms
195ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=bu6et62odh6dp&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=security-boulevard-1&zone=thread&version=6c27b7b2e58aef7c0a19eb6da9bdf7b0&page_url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5250265

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 179ms
120ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=bu6et62odh6dp&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=security-boulevard-1&zone=thread&version=6c27b7b2e58aef7c0a19eb6da9bdf7b0&page_url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5250265

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
852 B 366ms
365ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0a65b0bc-c44f-4084-bdfe-4212fc3d3d5a
x-envoy-upstream-service-time: 66
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0a65b0bc-c44f-4084-bdfe-4212fc3d3d5a
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-2kp2w
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8a009050d82d363e-FRA

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame C19A 0
0 95ms
25ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fsecurityboulevard.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 9104509
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Jul 2024 13:54:00 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 web Show response
onesignal.com/api/v1/sync/2a5b19ce-fd37-41d6-a5e8-693d5a580b3e/ 3 KB
2 KB 66ms
56ms Script
text/javascript 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/2a5b19ce-fd37-41d6-a5e8-693d5a580b3e/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

980ce9ebda027a4e00a6881af2260637b7bcbc00aea43ae53476dd51a4f25174

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
age: 841
cf-polished: origSize=3405
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 901b4946-7469-49f2-b378-51ffdfb461f8
x-runtime: 0.030266
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"c0aea5dbd49295507f393a42729d32dd"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 8a0090512b319729-FRA
access-control-allow-headers: SDK-Version
expires: Mon, 08 Jul 2024 14:54:00 GMT

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 49ms
48ms Stylesheet
text/css 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1152
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 8a0090519bff9729-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Wed, 07 Aug 2024 13:54:00 GMT

GET
H/1.1 200
OK /
disqus.com/recommendations/ Frame AAE7 0
0 134ms
122ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/recommendations/?base=default&f=security-boulevard-1&t_i=2023467%20https%3A%2F%2Ftuxcare.com%2F%3Fp%3D18196&t_u=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&t_e=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration&t_d=%0AFickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration%20&t_t=Fickle%20Malware%20Leads%20to%20UAC%20Bypass%20and%20Data%20Exfiltration

Requested by

Host: security-boulevard-1.disqus.com
URL: https://security-boulevard-1.disqus.com/recommendations.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Age: 0
Cache-Control: stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2362
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 08 Jul 2024 13:54:00 GMT
Last-Modified: Thu, 30 May 2024 08:00:31 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H/1.1 200
OK / Show response
tempest.services.disqus.com/ads-iframe/taboola_1x1/ 17 KB
6 KB 184ms
130ms XHR
text/html 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/taboola_1x1/?position=recommendations&shortname=security-boulevard-1&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%236190bb&colorScheme=light&sourceUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&disqus_version=current
Requested by: Host: security-boulevard-1.disqus.com
URL: https://security-boulevard-1.disqus.com/recommendations.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: bb361ff51d785228d0d3fcd08a07d70fb4103e84ddd3a20dfd6b2b0d157525f7

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
content-encoding: gzip
server: openresty
Age: 0
Vary: Accept-Encoding,
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
x-service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 6070

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 111ms
111ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=bu6f5kl11h4r&experiment=network_default&variant=fallthrough&service=dynamic&area=recommendations&product=recommendations&forum=security-boulevard-1&zone=thread&version=7b62f6ec6c566a910cbdacab6e31cc7e&page_url=https%3A%2F%2Fsecurityboulevard.com%2F2024%2F07%2Ffickle-malware-leads-to-uac-bypass-and-data-exfiltration%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5250265

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/2a5b19ce-fd37-41d6-a5e8-693d5a580b3e/ 184 B
760 B 164ms
63ms Fetch
application/json 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/2a5b19ce-fd37-41d6-a5e8-693d5a580b3e/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

297ba0fd2c33be9b8f9e85897adf5b3b86ab7864116c483b4bcdbcf651e71005

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 13:54:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 717c6565-f458-4b85-91c0-34610e775ea2
x-runtime: 0.039452
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"297ba0fd2c33be9b8f9e85897adf5b3b"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept, Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cf-ray: 8a009052accf929c-FRA
access-control-allow-headers: SDK-Version

GET
H3 200 2123c787-03d7-45cf-a5e7-6d80231ec354
img.onesignal.com/permanent/ 13 KB
14 KB 36ms
27ms Image
application/octet-stream 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.onesignal.com/permanent/2123c787-03d7-45cf-a5e7-6d80231ec354

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f08f50720b2d6b5d1bba8663b3ad20e2da80102ac493f7f3c3278f901019d480

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-goog-encryption-kms-key-name: projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
date: Mon, 08 Jul 2024 13:54:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains
cf-cache-status: HIT
age: 3039
x-guploader-uploadid: ACJd0Npc0osYkzMuMPHc3H1Ag8jK9tzS8KwKl2AO_cBv5s8bbRonqsG4uAdlIQ4-vWWq0cQvipw
x-goog-meta-x-goog-source-etag: "20495719753576cab39c06bb1f83b075"
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 13470
pragma: no-cache
last-modified: Tue, 14 Feb 2023 03:12:26 GMT
server: cloudflare
etag: "-CN/EvaqFlP0CEAE="
vary: Origin, Accept-Encoding
x-goog-generation: 1676344346763871
content-type: application/octet-stream
x-goog-hash: crc32c=Zjz3Xw==, md5=IElXGXU1dsqznAa7H4OwdQ==
cache-control: public, max-age=2678400
x-goog-meta-cache-control: public, maxage=604800
x-goog-stored-content-length: 13470
accept-ranges: bytes
cf-ray: 8a0090531df49729-FRA
expires: Thu, 08 Aug 2024 13:54:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
15 KB 8ms
8ms Font
font/woff2 216.58.206.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s08-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityboulevard.com/
Origin: https://securityboulevard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 19:50:25 GMT
x-content-type-options: nosniff
age: 324215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 19:50:25 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/ Frame D7D0 295 KB
69 KB 30ms
9ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Requested by: Host: securityboulevard.com
URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6a94bc896ab031fa50fd2cbd58851d22b0b24ad34da9e4d23242bb7c088f888e

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: flgD8acbGCjR8JXyO6hLCFcUSyEX97Wn
content-encoding: gzip
via: 1.1 varnish
date: Mon, 08 Jul 2024 13:54:00 GMT
x-amz-request-id: C61Q33XBX17RZDWD
age: 50
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 70589
x-amz-id-2: HIPcAwWcOfF60fez+LlyJAeDopTqmzNSSSXZQKG0zUdckzyOGs1+2xEXkEgKNBjwrRDwyJmX/sg=
x-served-by: cache-fra-etou8220051-FRA
last-modified: Sun, 07 Jul 2024 14:54:02 GMT
server: AmazonS3
x-timer: S1720446841.831408,VS0,VE2
etag: "e8c3f8a551a3caf33ece2595b69bde8e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 69
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 impl.20240707-12-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame D7D0 894 KB
182 KB 7ms
6ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20240707-12-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 35825e2b5d8f38b406c8c0555ee5f6414956898641b7bedb67bbd8f776946748

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: DMsAb7oWRrAOSO6bxZjYVKP.lasP0mV6
content-encoding: br
via: 1.1 varnish
date: Mon, 08 Jul 2024 13:54:00 GMT
x-amz-request-id: 8PKW8BZ4J26ZWQ2Z
age: 6625
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 186059
x-amz-id-2: CvFqgNVA6UoUWKuWeVRMg6Z2hR9ZasA89i/I8Yy0Jh3RLpMRdaf31Yko2ZeI/VaAXSxoHfkEeBQ=
x-served-by: cache-fra-etou8220051-FRA
last-modified: Sun, 07 Jul 2024 12:01:55 GMT
server: AmazonS3-br
x-timer: S1720446841.867531,VS0,VE0
etag: "a1b3c421e2f2025184940a84bc671793"
vary: Accept-Encoding
content-type: application/javascript
abp: 94
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 7657

GET
H2 200 google-topics-api.20240707-12-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame D7D0 2 KB
1 KB 9ms
9ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/google-topics-api.20240707-12-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 476f713d39d370558402964f702894f0514a83e744c32f8c05bcda27bb118bca

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: JOrSWLYGkJXTKHtsR_Wep_FXH9dVgupi
content-encoding: gzip
via: 1.1 varnish
date: Mon, 08 Jul 2024 13:54:00 GMT
x-amz-request-id: 83KAKXK0JHMYZ84Q
age: 7309
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 979
x-amz-id-2: lTJNLaVmASrwHu+UTgoGKmCkKQodI8rd0BJquOOtJyg0UVd6IufNbG5uB4CklV8lKHIeVsZDArs=
x-served-by: cache-fra-etou8220051-FRA
last-modified: Mon, 08 Jul 2024 11:52:11 GMT
server: AmazonS3
x-timer: S1720446841.918739,VS0,VE0
etag: "abd4a249c5f4ca229975e16d3e603d7c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 60
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 5301

GET
H2 200 taboola-browsing-topics.html
cdn.taboola.com/libtrc/static/topics/ Frame AB94 0
0 9ms
8ms Document
text/html 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/static/topics/taboola-browsing-topics.html
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/google-topics-api.20240707-12-RELEASE.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://securityboulevard.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

abp: 98
accept-ranges: bytes
access-control-allow-origin: *
age: 22543
cache-control: private,max-age=31536000
content-encoding: gzip
content-length: 340
content-type: text/html
date: Mon, 08 Jul 2024 13:54:00 GMT
etag: "8b140f0f0f6e1a0f986cc7d6dfd74d65"
last-modified: Tue, 13 Feb 2024 13:15:59 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 varnish
x-amz-id-2: WJ7HUWSXwQk7466uNAlUKnkvOaQ+POcvqF9iHiQx6M6a4TrwqSMJNOtgmd6o8plWeZEczvb4/r4=
x-amz-replication-status: COMPLETED
x-amz-request-id: AKPH57N3AWSG1NJ9
x-amz-server-side-encryption: AES256
x-amz-version-id: 4MpQ_aQntJKuJTBB3LGK3B7cfa8k5k0b
x-cache: HIT
x-cache-hits: 19083
x-served-by: cache-fra-etou8220023-FRA
x-timer: S1720446841.971298,VS0,VE0

GET
H/1.1 200
OK stat.gif
referrer.disqus.com/juggler/ 43 B
339 B 111ms
110ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/stat.gif?event=cmp.present

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK stat.gif
referrer.disqus.com/juggler/ 43 B
339 B 101ms
101ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/stat.gif?event=failed_recommendations.server.undefined

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 08 Jul 2024 13:54:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
x-xss-protection: 1; mode=block

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
285 B 1829ms
1808ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://securityboulevard.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://securityboulevard.com
Date: Mon, 08 Jul 2024 13:54:03 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST collect
w.clarity.ms/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: w.clarity.ms
URL: https://w.clarity.ms/collect

Verdicts & Comments Add Verdict or Comment

168 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.securityboulevard.com/	1970-01-21 00:03:42	Name: _gcl_au Value: 1.1.1875267882.1720446838
.securityboulevard.com/	1970-01-20 21:55:33	Name: _gid Value: GA1.2.1062825351.1720446839
.securityboulevard.com/	1970-01-20 21:54:06	Name: _gat_UA-106313158-1 Value: 1
.securityboulevard.com/	1970-01-21 07:30:06	Name: _ga_5EVV7GV4Q5 Value: GS1.1.1720446838.1.0.1720446838.0.0.0
.securityboulevard.com/	1970-01-21 07:30:06	Name: _ga Value: GA1.1.889304103.1720446839
www.clarity.ms/	1970-01-21 06:39:42	Name: CLID Value: 3e5e829c36294cd0b32678412b93189c.20240708.20250708
.securityboulevard.com/	1970-01-21 06:39:42	Name: _clck Value: rnqq1e%7C2%7Cfna%7C0%7C1650
.linkedin.com/	1970-01-21 06:39:42	Name: bcookie Value: "v=2&7c5a9036-1c8e-4ab9-8c4d-ab0d47ee6206"
.linkedin.com/	1970-01-21 02:13:18	Name: li_gc Value: MTswOzE3MjA0NDY4Mzg7MjswMjHNG5mP3d98UzX93x9nfUDThFySRjtQ21paA7iMCtfncQ==
.linkedin.com/	1970-01-20 21:55:33	Name: lidc Value: "b=OGST00:s=O:r=O:a=O:p=O:g=3367:u=1:x=1:i=1720446838:t=1720533238:v=2:sig=AQERQQ9xCPtWtNjljMH-fiy8_6O4mW57"
.onesignal.com/	1970-01-20 21:54:08	Name: __cf_bm Value: qB8ads4c.8dP38TZPBQ6ctroKEyJRji26qGgM5uuG_s-1720446839-1.0.1.1-updBg0B6plcUqUab57wizgLcAjT3b9IAuk.jDX1iV81F24wdlwYI48RF5QAlhIe_h7QErh3fhLGzXgoOrspFgg
.hsforms.net/	1970-01-20 21:54:08	Name: __cf_bm Value: PnzzNv6YDOs4Zhkai7_7gHiUK8fcpSscjD3JVjVZ8T0-1720446839-1.0.1.1-saFBpnuoxD8XUU.DT0072ze7WhSX6KyVltvKLrykPlJqCQgy92Y2G31qjBUWzZQ5ay.obGsAUXWTBCDzel3tVQ
.vimeo.com/	1970-01-21 07:30:06	Name: vuid Value: 66889225.1827217629
.securityboulevard.com/	1970-01-21 07:30:06	Name: _ga_FB70FYBEHB Value: GS1.1.1720446838.1.1.1720446839.59.0.0
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: af3b022d2481bcda
.bing.com/	1970-01-21 07:15:42	Name: MUID Value: 38A1767F9FC96E63267C62C99E426F3A
.c.bing.com/	1970-01-20 22:04:11	Name: MR Value: 0
.c.bing.com/	1970-01-21 07:15:42	Name: SRM_B Value: 38A1767F9FC96E63267C62C99E426F3A
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 07:15:42	Name: MUID Value: 38A1767F9FC96E63267C62C99E426F3A
.c.clarity.ms/	1970-01-20 22:04:11	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 21:54:07	Name: ANONCHK Value: 0
.podbean.com/	1970-01-21 06:39:42	Name: cf_clearance Value: KHdIRJGNjMP5xNrVb7z14.OuCTHS4c.exTeo04LWMKo-1720446840-1.0.1.1-uO6ExrGjVKD5P4JO4vJRecIAie7wVGo8mFydjRcwpXZ3qENT6SASfRD2ZiXs93Ad23LUbZjAilzvqBjiPe9fmQ
.hsforms.com/	1970-01-20 21:54:08	Name: __cf_bm Value: jZBxfyP_V8V.dVrtD.2Q3J3bVhVHVmHM6z23XjFOBOQ-1720446840-1.0.1.1-OmEUIPmg_aZ.8ky09yfGJ7F__G_CDCR133IylVNvL7OrdEJmApO_KMVTfcBq38wYKCzv2ZYBMfdt5aF3UMqrCw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: fgKsbyxlIOdmg5ox0LojowWVH8NKJuNHc94v4zXyJ5s-1720446840801-0.0.1.1-604800000
.disqus.com/	1970-01-21 06:39:42	Name: disqus_unique Value: bsbosl1cgqmv2
disqus.com/	1970-01-20 21:54:08	Name: __jid Value: bu6f5kl11h4r
.securityboulevard.com/	1970-01-20 21:55:33	Name: _clsk Value: hur3ul%7C1720446841526%7C1%7C1%7Cw.clarity.ms%2Fcollect
.vimeo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: HYNV1cPNkAnbMvnzC7Wy19mjDge543o09hiumaYNn5g-1720446842070-0.0.1.1-604800000
.vimeo.com/	1970-01-21 06:39:42	Name: player Value: ""

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://securityboulevard.com/2024/07/fickle-malware-leads-to-uac-bypass-and-data-exfiltration/(Line 633) Message: Allow attribute will take precedence over 'allowfullscreen'.
other	warning	URL: https://www.clarity.ms/s/0.7.32/clarity.js(Line 1) Message: The keyword 'push-button' used on the 'appearance' property was deprecated and has now been removed. It will no longer have any effect.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
ajax.googleapis.com
aplo-evnt.com
assets.apollo.io
c.bing.com
c.clarity.ms
cdn.onesignal.com
cdn.taboola.com
cdnjs.cloudflare.com
cloudnativenow.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
fundingchoicesmessages.google.com
images.squarespace-cdn.com
img.onesignal.com
in.ml314.com
js.hsforms.net
lh3.googleusercontent.com
ml314.com
onesignal.com
pagead2.googlesyndication.com
pixel.wp.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
referrer.disqus.com
region1.analytics.google.com
region1.google-analytics.com
secure.gravatar.com
securepubads.g.doubleclick.net
security-boulevard-1.disqus.com
securityboulevard.com
snap.licdn.com
static.addtoany.com
static.cloudflareinsights.com
stats.g.doubleclick.net
stats.wp.com
techstronggroup.com
tempest.services.disqus.com
vimeo.com
w.clarity.ms
www.clarity.ms
www.dmca.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.podbean.com
w.clarity.ms
104.16.160.145
104.17.24.14
104.18.142.119
104.18.80.204
13.107.42.14
13.74.129.1
142.250.184.200
142.250.184.238
142.250.186.132
142.250.186.99
151.101.129.44
151.101.192.238
151.101.64.134
162.159.138.60
172.217.16.130
172.217.16.194
172.67.198.8
172.67.39.148
192.0.76.3
199.232.192.134
199.232.196.64
2001:4860:4802:32::36
2001:4860:4802:34::36
216.239.32.36
216.58.206.67
23.96.124.156
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6816:39c
2606:4700:10::6816:ca
2606:4700:10::6816:fef
2606:4700:10::ac43:29b
2606:4700::6810:5049
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:bdf::60
2620:1ec:c11::237
2a00:1450:4001:802::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2008
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9b
2a02:26f0:3500:10::210:a99
2a04:fa87:fffe::c000:4902
34.107.133.146
34.117.77.79
54.166.151.77
016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d
06c87c6d4caba8c5443d96bbedcb8f7713223932097ab40441a6866dc0b33fb6
0bfc362d61a36174f9e4ef410adee1288b2a9afc839586ed871949c96f7fa0dc
101f7a6b30db45e2af5f4c16ec0e1ed7584c45260801abdeaa09731ba3abd6c6
142ef075542912c4636585b0e581cd0ac6b4a3f818ec43b3fbf3667dd30a6351
15948b2bc60f8e9847b22836b8a58b13943bbc848a0ca1966a0ec6a8d65b2f14
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07
2404f26279afa262bab5f18e706fc810576247740047a610581bbc66147250d9
247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26b9e3e98b9415b99775a736fa1a3af32402746c2bf7746411bea496c44e4b80
2863ec1f28569c220d7864d8870001a4f4d461123daed31d11347fefc856ec4c
28b0b03f51551de0682bed42b4cb9d56508a09f636ff48e3f97df64473d311d4
296b3d8e9fa36733999a69d6e630bc6361ea23dada8c98a0e48d34ba7f7d0ed2
297ba0fd2c33be9b8f9e85897adf5b3b86ab7864116c483b4bcdbcf651e71005
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2dddbbb11e0d6a306b1a27ed5d693f859dad8c17ccb08d5b9e9d663eae570821
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2f0cce422ac2c6506f9d32c29be64eb376ae7e8ebb5b4ad80ad64a45d3dd399e
3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636
302dad2d165b5b7849d5fc1db1fea894f35dec4c4f64e77ec4865fd4f3a90a62
31718d31fed34f97c3250adfe78704df139e8b2d7a6bee663b1a67a60a65ec17
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3503d42441b34f31f1650dc9ae11962bd2d61b74b7a56b0df5eb4db05dba7745
35825e2b5d8f38b406c8c0555ee5f6414956898641b7bedb67bbd8f776946748
3a4f1881b7f46b2d4d1bd9417094f373ea68cff51aaaccc1c1913c280d705dbd
3b327fc4684de28d40f1fee56aa5a54f24ade43a7eb7c4a5a22fb86b829e2cc3
3bb987c509cc9d8cddb3a3d729818016e7831788ececc4b736a23c66d22161e1
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fdfa66c3b6b14341e3a8aa74796d51bd769aa7fe60e75a869d1df3f66053ea4
4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f
41f3fe4ce62f3d3f75f6ca8d5c801832f4dc941028ed09cd2ddf5a5b9f0712d3
431ebfe08cafe8dbb9139a8e7632abc824c6fa276ab1037868ae598474062151
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4416286665bbc024eb7d80114a57625e9f57ea495844950d060293b230599af5
44394924f44ae4405bc484891a6b53301751b540b8c07276e0e8d8e504f75c2a
446bafe3e71ba46e4191766edc1d2ce5ed9710d9c6a915d3f3c36c37fe0b9346
471f5e43b94418a2b9b406a02c979eb899ae44f2bfde4dd8613d6b80f50ebf46
476f713d39d370558402964f702894f0514a83e744c32f8c05bcda27bb118bca
47726b6fca2f43d833a726230154e42bb37ab6adf53da9116a6d17576e4a0724
4a7990ff99ee7a31d35f577e204fe18a35ae1fc3529331845f59c785d3602ec7
4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49
4bd32f9383c722b13d3fd423d4f88ab99aede18d67134d514ba882068cd7c6d7
4dc4b084ef936f389a16afec35651270dec229425176c8a76cf24257226ca4ff
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4ef5e5f0b35765664c2306f623928124ac103d8e218ad9bd64da51e319d0cc5d
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50b91e81a4f364a97e7b6534b2e908fb73401cd426d5baf07ea80240864ee31a
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
527628b0b48cdb56aa208afc676f408aadb429c97933384643ea7805b1b327f7
534c262276166217d4ea9b047de9addc67bdab27d749899d098935a58d65940f
53948075293f5d4a1c0a2d48f3b452fd376b415b4ca0699d12a0c5461ea160f6
5623906fee48b7eab6237caddc6447a4d0bb05a60f6759f95fafc59ba580a7ec
57a3d5cf6628442511d1e49cd47b2e13b5e9d5646c85a61dc364f1041dc6a3bf
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
5c341b95e676dcc1605933bf9ee67e792e487966cf882401d14aad56a3f044b4
5e9217a20b1f4bec7ec61cb0d3b1ae23a759df26ac6856f15d57e841caa4f0a9
62a388a7833280dc7dfe5716af9969711f3c2a2fcc34c5af249907d1e2be7c73
64ab8dbf18e5a9150941c352022b6e14e983a679cee5bd6bc92f6fca7e6426bc
68002d1756ab74bbd8c95d977ff8af585ab56706e59b0524a56a9788acf8e482
68ed9b82b62d45cf5d12587a7e9566a4ddeb94d69bcb225e9e3c7268c76b3cbb
6a94bc896ab031fa50fd2cbd58851d22b0b24ad34da9e4d23242bb7c088f888e
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bb26230023620bfa51823d90ad65a3099c9b6345b4f87b155dc046e6fb666b9
6c9f5960dced0cd174a6f994adefa4cc95334fa92e24587243b0b8a507c963f0
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f
6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3
7133a3c402920ecff9372b596b50276d4f54d135625b24784cf421ed5fc9eb0e
71c2cdda21d2cc80531d66df07f025dc82c4f79fd90e6a07648695cc6af58b8e
757eb40b82fad431019322ce4d7edfd5f2b0b0a822d74db6066993d6bb472c49
758ec37b307443cb9be2d4f93e40d730eecfaf18a77ec9b071372b1ef64c2ab0
7670969cdbb95fcd3e9e270b7d63c5ea6c1b3bf44fdebd13215ef8f5098a54b5
773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
817f6455872b724886b45987caf19460833f3e2b293680a5de8ca1b956e63043
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85dcfc1a2474de812eb5218cc1f0e7ad4ce43b85919bdc4c8284e9b943c296ef
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8f33880a7bc942dd2f2218dec8e129e44ba5bf999e793805ff7200cae46917bf
91698821a1603c559e8e255f3e34c2ea63acfcfd23d2394d55b42bb70e1c130c
91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805
92c156bbe318b5b94c2a0b742e4bc7b39d92c78656a7a059a892ae40217fe4ea
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
980ce9ebda027a4e00a6881af2260637b7bcbc00aea43ae53476dd51a4f25174
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ef33605db40f5dd37e194f4af592cd22a8a90f56da1a165b4a97c34efaa09eb
abc5745cb5012a0fe2537db26934936834c4645f8284846af0a2e629a2d3b9b5
addd3084e45a2c68ac5b4baf988e0f18f572f213a2930e32d3a79a01ab579278
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43
b46853b388ab997de6bfa04c1e397b91783aa2d3e125eb7f62b2f41b95dd5e57
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bb0aa07e7e9d959935e65d8970b84268b326e69f29e8ab6677afad7cfaa321d4
bb361ff51d785228d0d3fcd08a07d70fb4103e84ddd3a20dfd6b2b0d157525f7
bff75ca67509c05ce198670f2fb9b5aae5b5422b9bc2b204fbe3f4e2cb61d8a8
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c4b3fbc360a34e6b9eb349ee0663dc97fa48ba73f1bb1f8e95438940b2a14dec
c90882cc87cbb7a374871305ccc2b2b420724591a5de7e863f31842fe7c39ddc
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d2d330f53cdfd25a188faebfc07535a76190bcc529946b09c74d0971e84b53cd
d319a3f8913db0238c6a8850a320cb6abff4664206bac8ae288bcd557f5dbbbd
d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453
d709ae0a85c673c43c98147f2c84393d4e027ac7a2b2abc0d0fa9e1a78d5c8e7
d9c9b67ab3c208095e28d4e7f72b1b32144916a8404a126c82b60dd64a4400c8
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deccde68e443e09d80d1af437e218cf656b3e2f9b2bf9a4f3231e62768123783
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
e16986622c696a801f3ebfba9649dae03e94c9c7a2b48a82b5e0da3652770ba0
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e529245e8867300ffd2b6f6c1e5b36d41ce8c71a9eb7cbdec52360c0be7b0017
e890e22dfc095f8f941e39a4bd1b5f5425ab0ed14fd21e32e38237040f04a479
e9477347715e11007b443bf2be67df96a108b575f76c4ddb6ca18d8b2fcf39b2
ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a
ed5187fd3a8124b6137295fd2b2e0e1451ed9250b6ad989d48e16ea736e5bddc
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f08f50720b2d6b5d1bba8663b3ad20e2da80102ac493f7f3c3278f901019d480
f1898554002afcec490975613ba45248ab76af74d151fb84a101d55bc2ca2b70
f18a82b575d329c2b28f288f949be19eb8f493a2202c0ac1cc240babc0767498
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f46155f593657f211aec6e88bb0f54bb7a544670baa46c48504e9c20b2d442af
f4b105f6d55e55752fc54964b2b594bfb01ebaa3dcefb199f14b5419c4d0e2cd
f4ed4f3e649cf635824e73f0988b7d838af1c3f6753a16586cd1b64e2cfd1ee0
f542387def66d7826b8d923a05312ec681a1389ed09ac29dc34dfe5fb857f992
f7c91d82539279bcc48324d9cdecfaad418f2720a2e40de04a6d975465aa07a2
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f93e70f7ef43b952159e1a0bae3f928b43fc272a08a2a99c73548a185c83a98d
f96151453bf5b861219fab32920589c930580c4f1c427f2e023e7429e7e9f482
f987eb81f0c7cdd9548e119f3c0598ae8d72a192bc58254b00d5121842ad6a1d
feade23a47f6041e6d1008885642dd7ab7cc4f12d94b0c7191c9cf8ca55df97d

securityboulevard.com Open in urlscan Pro 2606:4700:10::6816:39c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

188 Requests

98 %HTTPS

46 %IPv6

35 Domains

52 Subdomains

50 IPs

5 Countries

3647 kBTransfer

9505 kBSize

30 Cookies

45 Outgoing links

Redirected requests

188 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

securityboulevard.com Open in urlscan Pro
2606:4700:10::6816:39c Public Scan

Screenshot
Live screenshot

Full Image

188
Requests

98 %
HTTPS

46 %
IPv6

35
Domains

52
Subdomains

50
IPs

5
Countries

3647 kB
Transfer

9505 kB
Size

30
Cookies

188 HTTP transactions
1 data transactions