www.trendmicro.com
72.246.28.156 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html 13yr old
Submission: On March 16 via api (March 16th 2026, 7:02:49 am UTC) from BY — Scanned from DE

Summary HTTP 191 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 43 IPs in 5 countries across 39 domains to perform 191 HTTP transactions. The main IP is 72.246.28.156, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is www.trendmicro.com. 13yr old
TLS certificate: Issued by Sectigo Public Server Authentication ... on October 23rd 2025. Valid for: 1yr.

This is the only time www.trendmicro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
51	72.246.28.156 72.246.28.156	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
8	104.18.87.42 104.18.87.42	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.217.16.202 172.217.16.202	15169 (GOOGLE) (GOOGLE - Google LLC)
2	108.138.7.65 108.138.7.65	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
22	13.33.187.32 13.33.187.32	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
11	184.25.50.27 184.25.50.27	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	142.250.201.78 142.250.201.78	15169 (GOOGLE) (GOOGLE - Google LLC)
1	88.221.168.237 88.221.168.237	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	35.201.125.192 35.201.125.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	34.241.203.180 34.241.203.180	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	34.111.194.12 34.111.194.12	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
2	142.250.187.227 142.250.187.227	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	52.17.216.246 52.17.216.246	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY - Fastly)
9	142.251.127.97 142.251.127.97	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2.18.64.212 2.18.64.212	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	23.67.142.205 23.67.142.205	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE - Google LLC)
3	23.55.163.138 23.55.163.138	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	52.222.136.40 52.222.136.40	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	23.55.163.149 23.55.163.149	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
4	142.251.127.101 142.251.127.101	15169 (GOOGLE) (GOOGLE - Google LLC)
1	20.250.198.32 20.250.198.32	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
4	104.20.20.192 104.20.20.192	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	18.197.61.165 18.197.61.165	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4 13	23.50.131.146 23.50.131.146	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	150.171.22.12 150.171.22.12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	192.28.153.119 192.28.153.119	15224 (OMNITURE) (OMNITURE - Adobe Inc.)
2	75.2.108.141 75.2.108.141	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	142.251.127.154 142.251.127.154	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	142.251.141.100 142.251.141.100	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.168.67 172.217.168.67	15169 (GOOGLE) (GOOGLE - Google LLC)
3	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE - Google LLC)
2	150.171.27.10 150.171.27.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	18.172.114.101 18.172.114.101	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.107.246.45 13.107.246.45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
4	157.240.253.35 157.240.253.35	32934 (FACEBOOK) (FACEBOOK - Facebook)
2 4	172.217.16.166 172.217.16.166	15169 (GOOGLE) (GOOGLE - Google LLC)
3	20.57.85.160 20.57.85.160	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
2	150.171.28.10 150.171.28.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
4	44.213.29.178 44.213.29.178	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
191	43

51 72.246.28.156 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-246-28-156.deploy.static.akamaitechnologies.com

www.trendmicro.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 104.18.87.42 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.cookielaw.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.217.16.202 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzfraa-at-in-f10.1e100.net

fonts.googleapis.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 108.138.7.65 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-138-7-65.fra56.r.cloudfront.net

customer.cludo.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

22 13.33.187.32 (New York, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-33-187-32.fra60.r.cloudfront.net

tags.tiqcdn.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

11 184.25.50.27 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a184-25-50-27.deploy.static.akamaitechnologies.com

trendmicro.scene7.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.250.201.78 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzfraa-aq-in-f14.1e100.net

www.youtube.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 88.221.168.237 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a88-221-168-237.deploy.static.akamaitechnologies.com

assets.adobedtm.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.201.125.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 192.125.201.35.bc.googleusercontent.com

cdn.bc0a.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.64.155.119 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

geolocation.onetrust.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 34.241.203.180 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-241-203-180.eu-west-1.compute.amazonaws.com

dpm.demdex.net 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.111.194.12 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 12.194.111.34.bc.googleusercontent.com

ixfd2-api.bc0a.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.250.187.227 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzfraa-au-in-f3.1e100.net

fonts.gstatic.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 52.17.216.246 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-216-246.eu-west-1.compute.amazonaws.com

cm.everesttech.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, Inc., US)

static.ads-twitter.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

9 142.251.127.97 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcfrai-in-f97.1e100.net

www.googletagmanager.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2.18.64.212 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a2-18-64-212.deploy.static.akamaitechnologies.com

snap.licdn.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 23.67.142.205 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-67-142-205.deploy.static.akamaitechnologies.com

munchkin.marketo.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 216.58.206.34 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lhr35s10-in-f2.1e100.net

www.googleadservices.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 23.55.163.138 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-55-163-138.deploy.static.akamaitechnologies.com

j.6sc.co 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
ipv6.6sc.co 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 52.222.136.40 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-136-40.fra50.r.cloudfront.net

widget.equally.ai 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 23.55.163.149 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-55-163-149.deploy.static.akamaitechnologies.com

trkn.us 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 142.251.127.101 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcfrai-in-f101.1e100.net

www.google-analytics.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 20.250.198.32 (Zurich, Switzerland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

www.clarity.ms 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 104.20.20.192 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

static.addtoany.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK - Facebook, Inc., US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.197.61.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-197-61-165.eu-central-1.compute.amazonaws.com

collect.tealiumiq.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

13 23.50.131.146 (Frankfurt am Main, Germany) 4 redirects

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-50-131-146.deploy.static.akamaitechnologies.com

c.6sc.co 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
b.6sc.co 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 150.171.22.12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

px.ads.linkedin.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 192.28.153.119 (United States)

ASN15224 (OMNITURE - Adobe Inc., US)

605-sfw-393.mktoresp.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 75.2.108.141 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

epsilon.6sense.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.251.127.154 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcfrai-in-f154.1e100.net

googleads.g.doubleclick.net 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.251.141.100 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzfraa-ai-in-f4.1e100.net

www.google.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.217.168.67 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcfraa-bk-in-f3.1e100.net

www.google.de 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 216.239.34.36 (United States)

ASN15169 (GOOGLE - Google LLC, US)

region1.google-analytics.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 150.171.27.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.172.114.101 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-172-114-101.fra60.r.cloudfront.net

js.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 13.107.246.45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

scripts.clarity.ms 8mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK - Facebook, Inc., US)
PTR: edge-star-mini-shv-02-fra5.facebook.com

www.facebook.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 172.217.16.166 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzfraa-am-in-f6.1e100.net

ad.doubleclick.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 20.57.85.160 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

e.clarity.ms 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 150.171.28.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.net 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 44.213.29.178 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-44-213-29-178.compute-1.amazonaws.com

lb.prod.equally.ai 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
51	trendmicro.com www.trendmicro.com 13yr old	2 MB
22	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1415 56yr old	100 KB
16	6sc.co 4 redirects j.6sc.co — Cisco Umbrella Rank: 10259 9yr old c.6sc.co — Cisco Umbrella Rank: 17168 9yr old ipv6.6sc.co — Cisco Umbrella Rank: 10349 4yr old b.6sc.co — Cisco Umbrella Rank: 6060 11yr old	24 KB
11	scene7.com trendmicro.scene7.com 4yr old	200 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71 56yr old	1 MB
8	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 498 9yr old	247 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96 56yr old region1.google-analytics.com — Cisco Umbrella Rank: 2592 5yr old	23 KB
7	equally.ai widget.equally.ai — Cisco Umbrella Rank: 282778 5yr old lb.prod.equally.ai — Cisco Umbrella Rank: 90221 1yr old	102 KB
5	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 63 56yr old ad.doubleclick.net — Cisco Umbrella Rank: 208 9yr old 5427711.fls.doubleclick.net Failed 8yr old 9572106.fls.doubleclick.net Failed 5yr old	198 B
5	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 621 8yr old scripts.clarity.ms — Cisco Umbrella Rank: 962 8mo old e.clarity.ms — Cisco Umbrella Rank: 6118 5yr old	28 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 143 56yr old	426 B
4	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 5418 13yr old	30 KB
3	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1537 9yr old insight.adsrvr.org Failed — Cisco Umbrella Rank: 1255 9yr old	11 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 4 56yr old	24 B
3	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 480 9yr old	1 KB
3	youtube.com www.youtube.com — Cisco Umbrella Rank: 89 56yr old	15 KB
2	bing.net bat.bing.net — Cisco Umbrella Rank: 3294 3yr old	466 B
2	bing.com bat.bing.com — Cisco Umbrella Rank: 423 56yr old	16 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 13958 8yr old	665 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 290 56yr old	133 KB
2	trkn.us 1 redirects trkn.us — Cisco Umbrella Rank: 2854 11yr old	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 137 56yr old	25 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 5987 9yr old	6 KB
2	gstatic.com fonts.gstatic.com 9yr old	96 KB
2	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 372 56yr old trendmicro.demdex.net Failed 3yr old	2 KB
2	bc0a.com cdn.bc0a.com — Cisco Umbrella Rank: 13494 8yr old ixfd2-api.bc0a.com — Cisco Umbrella Rank: 14801 4yr old	26 KB
2	cludo.com customer.cludo.com — Cisco Umbrella Rank: 30032 9yr old	83 KB
1	google.de www.google.de — Cisco Umbrella Rank: 8211 56yr old	64 B
1	mktoresp.com 605-sfw-393.mktoresp.com 1yr old	318 B
1	tealiumiq.com collect.tealiumiq.com — Cisco Umbrella Rank: 3722 9yr old	785 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1270 9yr old	19 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1485 10yr old	13 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2044 9yr old	490 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 835 8yr old	335 B
1	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 400 56yr old	71 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 81 56yr old	2 KB
0	ml-attr.com Failed s.ml-attr.com Failed 10yr old
0	adnxs.com Failed secure.adnxs.com Failed 9yr old
0	t.co Failed t.co Failed 13yr old
191	39

	Domain	Requested by
51	www.trendmicro.com	www.trendmicro.com
22	tags.tiqcdn.com	www.trendmicro.com tags.tiqcdn.com
11	trendmicro.scene7.com	www.trendmicro.com
9	www.googletagmanager.com	tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com
8	cdn.cookielaw.org	www.trendmicro.com cdn.cookielaw.org
7	b.6sc.co	www.trendmicro.com
6	c.6sc.co	4 redirects www.trendmicro.com
4	lb.prod.equally.ai	widget.equally.ai
4	ad.doubleclick.net	2 redirects www.trendmicro.com
4	www.facebook.com	www.trendmicro.com
4	static.addtoany.com	tags.tiqcdn.com static.addtoany.com
4	www.google-analytics.com	tags.tiqcdn.com www.google-analytics.com
3	e.clarity.ms	scripts.clarity.ms
3	region1.google-analytics.com	www.googletagmanager.com
3	www.google.com	1 redirects www.googletagmanager.com
3	px.ads.linkedin.com	snap.licdn.com www.trendmicro.com
3	widget.equally.ai	tags.tiqcdn.com widget.equally.ai
3	www.youtube.com	www.trendmicro.com tags.tiqcdn.com www.youtube.com
2	insight.adsrvr.org	js.adsrvr.org
2	bat.bing.net	bat.bing.com www.trendmicro.com
2	bat.bing.com	www.googletagmanager.com bat.bing.com
2	epsilon.6sense.com	j.6sc.co
2	ipv6.6sc.co	j.6sc.co
2	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
2	trkn.us	1 redirects www.trendmicro.com
2	www.googleadservices.com	tags.tiqcdn.com www.googleadservices.com
2	munchkin.marketo.net	tags.tiqcdn.com munchkin.marketo.net
2	fonts.gstatic.com	fonts.googleapis.com
2	dpm.demdex.net	assets.adobedtm.com www.trendmicro.com
2	customer.cludo.com	www.trendmicro.com
1	scripts.clarity.ms	www.clarity.ms
1	js.adsrvr.org	www.googletagmanager.com
1	www.google.de	www.trendmicro.com
1	googleads.g.doubleclick.net	1 redirects
1	605-sfw-393.mktoresp.com	munchkin.marketo.net
1	collect.tealiumiq.com	tags.tiqcdn.com
1	www.clarity.ms	tags.tiqcdn.com
1	j.6sc.co	tags.tiqcdn.com
1	snap.licdn.com	tags.tiqcdn.com
1	static.ads-twitter.com	tags.tiqcdn.com
1	cm.everesttech.net	1 redirects
1	ixfd2-api.bc0a.com	cdn.bc0a.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	cdn.bc0a.com	tags.tiqcdn.com
1	assets.adobedtm.com	tags.tiqcdn.com
1	fonts.googleapis.com	www.trendmicro.com
0	9572106.fls.doubleclick.net Failed	www.googletagmanager.com
0	5427711.fls.doubleclick.net Failed	www.googletagmanager.com
0	s.ml-attr.com Failed	www.trendmicro.com
0	secure.adnxs.com Failed	j.6sc.co
0	t.co Failed	www.trendmicro.com
0	trendmicro.demdex.net Failed	assets.adobedtm.com
191	52

This site contains links to these domains. Also see Links.

Domain
vicone.com
partner.trendmicro.com
newsroom.trendmicro.com
resources.trendmicro.com
trendmicro.zoom.us
success.trendmicro.com
helpcenter.trendmicro.com
signin.v1.trendmicro.com
cloudone.trendmicro.com
tm.login.trendmicro.com
signup.cj.com
www.addtoany.com
portal.xdr.trendmicro.com
www.linkedin.com
www.facebook.com
x.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
www.trendmicro.com Sectigo Public Server Authentication CA OV R36	`2025-10-23` - `2026-11-23`	1yr	crt.sh
cookielaw.org WE1	`2026-01-26` - `2026-04-26`	3mo	crt.sh
upload.video.google.com WE2	`2026-02-02` - `2026-04-27`	3mo	crt.sh
cludo.com Amazon RSA 2048 M04	`2025-06-02` - `2026-07-01`	1yr	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M01	`2026-03-09` - `2026-09-22`	7mo	crt.sh
*.scene7.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2025-09-19` - `2026-09-19`	1yr	crt.sh
*.google.com WE2	`2026-02-02` - `2026-04-27`	3mo	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-06-24` - `2026-07-25`	1yr	crt.sh
cdn.bc0a.com WR3	`2026-01-24` - `2026-04-24`	3mo	crt.sh
geolocation.onetrust.com WE1	`2026-01-26` - `2026-04-26`	3mo	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-14` - `2026-11-14`	1yr	crt.sh
ixfd-api.bc0a.com WR3	`2026-03-04` - `2026-06-02`	3mo	crt.sh
*.gstatic.com WE2	`2026-02-02` - `2026-04-27`	3mo	crt.sh
ads-twitter.com R12	`2026-01-31` - `2026-05-01`	3mo	crt.sh
*.google-analytics.com WE2	`2026-02-02` - `2026-04-27`	3mo	crt.sh
*.licdn.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-14` - `2026-10-13`	1yr	crt.sh
*.marketo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-22` - `2026-10-21`	1yr	crt.sh
*.googleadservices.com WE2	`2026-02-02` - `2026-04-27`	3mo	crt.sh
6sc.co R12	`2026-01-10` - `2026-04-10`	3mo	crt.sh
equally.ai Amazon RSA 2048 M01	`2026-02-03` - `2027-03-03`	1yr	crt.sh
a.tag.clarity.ms Microsoft TLS G2 RSA CA OCSP 10	`2026-03-04` - `2026-08-31`	6mo	crt.sh
static.addtoany.com WE1	`2026-02-19` - `2026-05-20`	3mo	crt.sh
*.facebook.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-12-23` - `2026-03-23`	3mo	crt.sh
*.tealiumiq.com Amazon RSA 2048 M04	`2025-05-26` - `2026-06-23`	1yr	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2026-02-11` - `2026-08-11`	6mo	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-07-22` - `2026-08-22`	1yr	crt.sh
epsilon.6sense.com Amazon RSA 2048 M04	`2025-09-02` - `2026-10-01`	1yr	crt.sh
www.bing.com Microsoft TLS G2 RSA CA OCSP 04	`2026-02-02` - `2026-08-01`	6mo	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2026-03-04` - `2027-04-02`	1yr	crt.sh
scripts.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2025-07-29` - `2026-04-14`	9mo	crt.sh
a.clarity.ms Microsoft TLS G2 RSA CA OCSP 02	`2026-03-04` - `2026-08-31`	6mo	crt.sh
bat.bing.net Microsoft Azure RSA TLS Issuing CA 08	`2026-01-18` - `2026-07-17`	6mo	crt.sh
*.prod.equally.ai Sectigo Public Server Authentication CA DV R36	`2025-12-19` - `2027-01-19`	1yr	crt.sh

This page contains 6 frames:

Primary Page: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Frame ID: CE3EE40EFB5605EBC86E62AD112FC78E
Requests: 182 HTTP requests in this frame

Frame: https://trendmicro.demdex.net/dest5.html?d_nsid=0
Frame ID: F1E76422F99DD8F8AF30AA3ACCC1C293
Requests: 1 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: D7462E27181071B37CB6928686104207
Requests: 1 HTTP requests in this frame

Frame: https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe63b1v9188098692z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=2;tag_exp=103116026~103200004~115616986~115938465~115938469~116024733~117484252;epver=2;dc_random=1773644571_FzB8VOS3j4YNXdUQeiLVJUSqLxugZeNiKA;_dc_test=1;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Frame ID: AAC7FA196C4A142524CF828F3C49A3BE
Requests: 1 HTTP requests in this frame

Frame: https://9572106.fls.doubleclick.net/activityi;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KFA;gtm=45fe63b1v9190653197z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=2;tag_exp=103116026~103200004~115938465~115938468~116024733~117484252;epver=2;dc_random=1773644571_h7IlrOinDkQPJLINbZO7OHI2bUw5pxmQqg;_dc_test=1;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Frame ID: 9B13CE2E84F46E0468F7CCE02C7AFBB3
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/cei?advertiser_id=g2lzvow&cookie_sync=1&upv=3.0.0&upid=803df29&ref=https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Frame ID: 836E5E36212C81003E41C012C7B2083A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages | Trend Micro (US)

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Cludo (Search engines) Expand

Overall confidence: 100%
Detected patterns

customer\.cludo\.com/

YouTube (Video players) Expand

Overall confidence: 100%
Detected patterns

\.youtube\.com/

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

DoubleClick Floodlight (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.doubleclick\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js
google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
\.googletagmanager\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Tealium (Tag managers) Expand

Overall confidence: 100%
Detected patterns

^(?:https?:)?//tags\.tiqcdn\.com/

jQuery (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

jquery

6sense (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

\.6sc\.co/

Adobe Audience Manager (Segmentation) Expand

Overall confidence: 100%
Detected patterns

Facebook Pixel (Analytics) Expand

Overall confidence: 100%
Detected patterns

connect\.facebook\.\w+/.+/fbevents\.js
connect\.facebook.\w+/signals/config/\d+\?v=([\d\.]+)

Google Ads Conversion Tracking (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.googleadservices\.com/pagead/conversion_async\.js

Microsoft Advertising (Advertising) Expand

Overall confidence: 100%
Detected patterns

bat\.bing\.com/bat\.js

Tealium AudienceStream (Segmentation) Expand

Overall confidence: 100%
Detected patterns

\.tealiumiq\.com

Twitter Ads (Advertising) Expand

Overall confidence: 100%
Detected patterns

static\.ads-twitter\.com/uwt\.js

theTradeDesk (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.adsrvr\.org/

PyScript (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

191
Requests

92 %
HTTPS

0 %
IPv6

39
Domains

52
Subdomains

43
IPs

5
Countries

4209 kB
Transfer

11413 kB
Size

35
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://vicone.com/en
Title: Automotiveopen on a new tab

Search URL Search Domain Scan URL

URL: https://partner.trendmicro.com/
Title: Partner Portal Loginopen on a new tab

Search URL Search Domain Scan URL

URL: https://partner.trendmicro.com/pr-register-home/
Title: Become a Partneropen on a new tab

Search URL Search Domain Scan URL

URL: https://partner.trendmicro.com/partner-locator-home/
Title: Find Partnersopen on a new tab

Search URL Search Domain Scan URL

URL: https://newsroom.trendmicro.com/
Title: Connect With Usopen on a new tab

Search URL Search Domain Scan URL

URL: https://resources.trendmicro.com/GLB-Under-Attack-Form.html
Title: Under Attack?

Search URL Search Domain Scan URL

URL: https://trendmicro.zoom.us/webinar/register/6917533633873/WN_aVeYZcQPTNyUFAJDibiD3A#/
Title: Demo: Stopping Exploits Before the CVE Even Exists open on a new tab

Search URL Search Domain Scan URL

URL: https://success.trendmicro.com/en-US/
Title: Business Solutions open on a new tab

Search URL Search Domain Scan URL

URL: https://helpcenter.trendmicro.com/en-us/
Title: Consumer Solutions open on a new tab

Search URL Search Domain Scan URL

URL: https://success.trendmicro.com/en-US/contactus/
Title: Contact Support open on a new tab

Search URL Search Domain Scan URL

URL: https://signin.v1.trendmicro.com/
Title: Trend Vision One open on a new tab

Search URL Search Domain Scan URL

URL: https://cloudone.trendmicro.com/
Title: Cloud One open on a new tab

Search URL Search Domain Scan URL

URL: https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php
Title: Product Activation and Management open on a new tab

Search URL Search Domain Scan URL

URL: https://signup.cj.com/member/signup/publisher/?cid=1867119#/branded?_k=xaeu3t
Title: Referral Affiliate open on a new tab

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&title=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)

Search URL Search Domain Scan URL

URL: https://portal.xdr.trendmicro.com/index.html#/app/ti/intelligence_insights?name=From%20Fake%20GitHub%20Download%20Repositories%20to%20Reverse%20SSH%20Backdoors%3A%20Examining%20the%20BoryptGrab%20Stealer
Title: From Fake GitHub Download Repositories to Reverse SSH Backdoors: Examining the BoryptGrab Stealer

Search URL Search Domain Scan URL

URL: https://portal.xdr.trendmicro.com/index.html#/app/ti/intelligence?intrusionSet=From%20Fake%20GitHub%20Download%20Repositories%20to%20Reverse%20SSH%20Backdoors%3A%20Examining%20the%20BoryptGrab%20Stealer
Title: From Fake GitHub Download Repositories to Reverse SSH Backdoors: Examining the BoryptGrab Stealer

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/trendai-security
Title: open on a new tab

Search URL Search Domain Scan URL

URL: https://www.facebook.com/trendaisecurity/
Title: open on a new tab

Search URL Search Domain Scan URL

URL: https://x.com/trendaisecurity
Title: open on a new tab

Search URL Search Domain Scan URL

URL: https://www.instagram.com/trendaisecurity/
Title: open on a new tab

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@trendaisecurity
Title: open on a new tab

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAnyopen on a new tab

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://cm.everesttech.net/cm/dd?d_uuid=66943865774048722650658453180430373975 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=aberGgAAAGH9PwOJ

Request Chain 108

https://trkn.us/pixel/conv/ppt=25985;g=web_visits;gid=66464?ord=0.07179596932289756 HTTP 302
https://trkn.us/pixel/conv/ppt=25985;g=web_visits;gid=66464?ord=0.07179596932289756;ip=159.26.104.75;cuidchk=1

Request Chain 122

https://c.6sc.co/ HTTP 302
https://c.6sc.co/refresh HTTP 302
https://c.6sc.co/?m=1

Request Chain 135

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tiba=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CLTesQII8t-xAgihuLECCLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgi0xrECCJPasQII29yxAgiH27ECCNPFsQII68yxAgjtzrECCNXPsQII9NqxAgiX1LECCMnbsQIIseGxAgiz4bECCKbdsQIIsN6xAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&cerd=CgSI3b0t&fsk=ChAI8NTezQYQxJnH5PKS-Nl0EiwA-eS12pKkxG7WepAi1k5lv50I1zcQOYyQd7_J_X9PK1KhSl4cMh1EyCoJnxoCEkg&pscrd=IhMIr8Pj9OyjkwMVk5d8Bh2rKw0CMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOhtodHRwczovL3d3dy50cmVuZG1pY3JvLmNvbS96DAgJYggIABAAGAAgAA HTTP 302
https://www.google.com/pagead/1p-conversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tiba=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CLTesQII8t-xAgihuLECCLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgi0xrECCJPasQII29yxAgiH27ECCNPFsQII68yxAgjtzrECCNXPsQII9NqxAgiX1LECCMnbsQIIseGxAgiz4bECCKbdsQIIsN6xAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&cerd=CgSI3b0t&fsk=ChAI8NTezQYQxJnH5PKS-Nl0EiwA-eS12pKkxG7WepAi1k5lv50I1zcQOYyQd7_J_X9PK1KhSl4cMh1EyCoJnxoCEkg&pscrd=IhMIr8Pj9OyjkwMVk5d8Bh2rKw0CMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOhtodHRwczovL3d3dy50cmVuZG1pY3JvLmNvbS96DAgJYggIABAAGAAgAA&is_vtc=1&cid=CAQSUADnonV5C5QkC6B2MJ45SDPPa-xwyOCOt7uWR_x0gdmclJHihdDOHF3GFaMUU6fjT-a0m9KtEiEwx6SoYNJJrWLIlT7qUO_G1uLJQqnJNDcm&random=687657781&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tiba=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CLTesQII8t-xAgihuLECCLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgi0xrECCJPasQII29yxAgiH27ECCNPFsQII68yxAgjtzrECCNXPsQII9NqxAgiX1LECCMnbsQIIseGxAgiz4bECCKbdsQIIsN6xAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&cerd=CgSI3b0t&fsk=ChAI8NTezQYQxJnH5PKS-Nl0EiwA-eS12pKkxG7WepAi1k5lv50I1zcQOYyQd7_J_X9PK1KhSl4cMh1EyCoJnxoCEkg&is_vtc=1&cid=CAQSUADnonV5C5QkC6B2MJ45SDPPa-xwyOCOt7uWR_x0gdmclJHihdDOHF3GFaMUU6fjT-a0m9KtEiEwx6SoYNJJrWLIlT7qUO_G1uLJQqnJNDcm&random=687657781&resp=GooglemKTybQhCsO&ipr=y&pscrd=IhMIr8Pj9OyjkwMVk5d8Bh2rKw0CMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOhtodHRwczovL3d3dy50cmVuZG1pY3JvLmNvbS96DAgJYggIABAAGAAgAA

Request Chain 136

https://c.6sc.co/ HTTP 302
https://c.6sc.co/refresh HTTP 302
https://c.6sc.co/?m=1

Request Chain 165

https://ad.doubleclick.net/activity;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe63b1v9188098692z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115616986~115938465~115938469~116024733~117484252;epver=2;dc_random=1773644571_FzB8VOS3j4YNXdUQeiLVJUSqLxugZeNiKA;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPy_hPXso5MDFVoNogMdgmoCPg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe63b1v9188098692z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115616986~115938465~115938469~116024733~117484252;epver=2;dc_random=1773644571_FzB8VOS3j4YNXdUQeiLVJUSqLxugZeNiKA;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Request Chain 168

https://ad.doubleclick.net/activity;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KFA;gtm=45fe63b1v9190653197z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115938465~115938468~116024733~117484252;epver=2;dc_random=1773644571_h7IlrOinDkQPJLINbZO7OHI2bUw5pxmQqg;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CKvBhvXso5MDFeEHogMd7UERAg;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KFA;gtm=45fe63b1v9190653197z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115938465~115938468~116024733~117484252;epver=2;dc_random=1773644571_h7IlrOinDkQPJLINbZO7OHI2bUw5pxmQqg;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html

191 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request boryptgrab-stealer-targets-users-via-deceptive-github-pages.html Show response
www.trendmicro.com/en_us/research/26/c/ 191 KB
29 KB 257ms
201ms Document
text/html 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0aa7edcb9a3fcaf767c08a073ca8ddb4dd2b6c4233a11e8632fcfe42a680556e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-length: 28982
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com
content-type: text/html;charset=utf-8
date: Mon, 16 Mar 2026 07:02:50 GMT
etag: "2fbe7-64cdc4ae55184-gzip"
last-modified: Thu, 12 Mar 2026 23:41:33 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-country-code: DE
x-frame-options: SAMEORIGIN
x-prod-n-02: Yes
x-xss-protection: 1;mode=block

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/ 457 KB
59 KB 68ms
36ms Script
application/javascript 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/OtAutoBlock.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

73be518187f34046c101627800ac5a8f21820e7735f3fcfe60e4b0ce6e35d357

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: CUNuPfTMF88Ceqr41H7P0w==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding, X-OneTrust-IsBot
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DE26F20A56004F
age: 15051
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 17 Mar 2026 07:02:50 GMT
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript
last-modified: Tue, 18 Nov 2025 22:30:13 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-onetrust-isbot: false
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 63c14bab-301e-002d-17db-58104a000000
cf-ray: 9dd1e502f8241a47-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 26 KB
9 KB 62ms
30ms Script
application/javascript 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab3b499d95fdf198b15d2624ac09682c8d00efac2a938f92776be045431aa75a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: ZeHS+xBg8dqsjTFrS0c6dA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DE830232865F29
x-ms-lease-status: unlocked
age: 2367
cf-cache-status: HIT
x-content-type-options: nosniff
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript
last-modified: Mon, 16 Mar 2026 02:17:39 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 4277ffdd-501e-009c-180d-b5e837000000
cf-ray: 9dd1e502f8211a47-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8705
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 jquery.min.f65891607efbe75b84a8031849cec6c7.js Show response
www.trendmicro.com/etc.clientlibs/clientlibs/granite/ 111 KB
37 KB 28ms
26ms Script
application/javascript 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery.min.f65891607efbe75b84a8031849cec6c7.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5e22ea5c930abbc085ab76916ce30cff31ab7aefc38bcb7dc1158b3c500303d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
content-encoding: br
x-content-type-options: nosniff
x-prod-n-01: Yes
content-length: 37487
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript;charset=utf-8
last-modified: Fri, 26 Jan 2024 19:25:44 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 utils.min.899004cc02c33efc1f6694b1aee587fd.js Show response
www.trendmicro.com/etc.clientlibs/clientlibs/granite/ 8 KB
3 KB 27ms
25ms Script
application/javascript 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/utils.min.899004cc02c33efc1f6694b1aee587fd.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

377e9731df07066631dc615291a3dbdbc923893629702f2e3b9b7a5775cc027b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
content-encoding: br
x-content-type-options: nosniff
x-prod-n-02: Yes
content-length: 3339
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript;charset=utf-8
last-modified: Sat, 01 Feb 2025 16:27:56 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 css
fonts.googleapis.com/ 28 KB
2 KB 52ms
18ms Stylesheet
text/css 172.217.16.202
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.217.16.202 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-at-in-f10.1e100.net

Software

ESF /

Resource Hash

b2112e201afda27eaa87eefa81cec837cbc2757b32ecae5e3b35efb6b8517981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 16 Mar 2026 07:02:50 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 cludo-search.min.css
customer.cludo.com/css/296/1798/ 16 KB
3 KB 53ms
13ms Stylesheet
text/css 108.138.7.65
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://customer.cludo.com/css/296/1798/cludo-search.min.css
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.65 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-138-7-65.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

x-amz-cf-pop: FRA56-P6
content-encoding: gzip
x-amz-version-id: 6o2QMfbcY3fhs8F4if.PiKsSNQSLmE.O
etag: W/"c03ac60defadb2e59ca2bdf4227eb7d2"
age: 57818
via: 1.1 f13110b40e6214ad566c753a838f49f4.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: GHnFI3m3UfD3Tzms4MQDCDxB_JNz4V6JaxYPbujt4O-KTdwuw0vH0Q==
date: Sun, 15 Mar 2026 15:00:42 GMT
content-type: text/css
vary: accept-encoding, Origin
server: AmazonS3
last-modified: Thu, 18 Sep 2025 12:03:41 GMT

GET
H2 200 header-footer.min.cc255fd374a145c2653503eb2da45983.css
www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/ 74 KB
8 KB 20ms
19ms Stylesheet
text/css 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/header-footer.min.cc255fd374a145c2653503eb2da45983.css
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-246-28-156.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4f92e8a70f4aec9b8bf224c48f0e105584fa1cba6e076ea5cae712f262a61aad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

cache-control: public, max-age=238941
content-encoding: br
expires: Thu, 19 Mar 2026 01:25:11 GMT
content-length: 7980
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/css;charset=utf-8
last-modified: Thu, 05 Mar 2026 17:58:19 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/ 361 KB
46 KB 22ms
21ms Stylesheet
text/css 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

60b17a76e4ecaeae677bb2ea4f0bc9f0286563dd7f60a11c831fa6530b726e80

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
content-encoding: br
x-content-type-options: nosniff
x-prod-n-01: Yes
content-length: 46507
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/css;charset=utf-8
last-modified: Wed, 24 Sep 2025 17:00:03 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
1 KB 43ms
12ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1afa7aee2a145fe0d29f740e96eadd66eeddbcd1c52990e018f25aa5e4c027f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"aa40f8c9afdbdd9f670d5bb43a53ca84"
x-amz-version-id: uZG5MzpV52NsK72jB2Mu6R51xmnfFqIU
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: TQ-AMqvaVin_Y0ux9ANibsAevDFqixsOu3RfE_GL_5HAZ-_LAl3IMA==
date: Mon, 16 Mar 2026 07:02:02 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 tm-logo-red-white-t.svg
www.trendmicro.com/content/dam/trendmicro/global/en/core/images/logos/ 5 KB
2 KB 31ms
30ms Image
image/svg+xml 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/core/images/logos/tm-logo-red-white-t.svg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4c38452d4117e2bb77829601aca27ac6584ebdf4d42ce505c0f7b1ae0f933147

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

content-encoding: br
etag: "154e-5f3af05760400"
x-content-type-options: nosniff
expires: Tue, 17 Mar 2026 07:02:18 GMT
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/svg+xml
vary: Accept-Encoding
content-disposition: attachment; filename="tm-logo-red-white-t.svg"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; preload
cache-control: max-age=86368
last-modified: Thu, 02 Feb 2023 03:18:40 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 2049
x-xss-protection: 1;mode=block
server: nginx

GET
H2 200 trend-vision-one-laptop-console-nav
trendmicro.scene7.com/is/image/trendmicro/ 28 KB
29 KB 94ms
33ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/trend-vision-one-laptop-console-nav?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

c736034b3d0913081caf7f378d4726f2277a6fe0c1e6400e8416a474570de369

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "66d87cea6414eae528cd1a22a2e7af44"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 14:53:06 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=1, clienttt; dur=3, origin; dur=0, cdntime; dur=3
content-length: 28972
akamai-cache-status: Hit from child
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfa34
last-modified: Wed, 16 Jul 2025 22:06:54 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 asrm-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 10 KB
10 KB 56ms
30ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/asrm-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

d460644b622022d9683784e06ccc45c6e864076a7a4e118d21f3037ecee1e114

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "9de359e8cdedfd36c0d7b85043d67eeb"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 15:00:53 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=4, origin; dur=0, cdntime; dur=4
content-length: 10094
akamai-cache-status: Hit from child
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfa35
last-modified: Wed, 04 Jan 2023 02:43:26 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 xdr-product-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 12 KB
13 KB 694ms
694ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/xdr-product-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

99c5c8d1040d32b66101e0927cb5c7c5bad06cc808fd6a4da553cb016d067563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "43fed6cdf7b9dd8837ae00c4a12658b9"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 17:02:50 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=654, origin; dur=0, cdntime; dur=654
content-length: 12440
akamai-cache-status: Miss from child, RefreshHit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfa72
last-modified: Wed, 04 Jan 2023 02:43:22 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 0

GET
H2 200 cloud-one-workload-security-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 12 KB
13 KB 39ms
34ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL: https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-workload-security-console-shot?scl=1.0&qlt=95&fmt=webp-alpha
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a184-25-50-27.deploy.static.akamaitechnologies.com
Software: Unknown /
Resource Hash: 88970cf65308aadd508588ff70999b9bfd0037899243730b9880d14b4d96a430

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

etag: "9426b504ead8389ac8e910c45af1f70c"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 13:39:16 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=12, origin; dur=0, cdntime; dur=12
content-length: 12466
akamai-cache-status: Miss from child, Hit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfae6
content-type: image/webp
last-modified: Wed, 04 Jan 2023 02:50:40 GMT
server: Unknown
x-akamai-cache: 1

GET
H2 200 cloud-one-container-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 16 KB
17 KB 43ms
38ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-container-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

70bb4dee8d5a8c4da670a1f6cdb4ed1de106409a3a627f8cb134a8733e4d1fee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "49221504cd032070baf66a9d63ed7267"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 10:06:57 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=11, origin; dur=0, cdntime; dur=11
content-length: 16574
akamai-cache-status: Miss from child, Hit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfae8
last-modified: Wed, 04 Jan 2023 02:43:25 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 cloud-one-file-storage-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 7 KB
7 KB 33ms
27ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-file-storage-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

060de6fa0e8fb084932b15dd1264aa0fb4000d857c5feab8e6a8f1cfec5cd01e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "c09c2ed99b57f3b4f4322a1744b8e96a"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 07:38:03 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=8, origin; dur=0, cdntime; dur=8
content-length: 7066
akamai-cache-status: Hit from child
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfae9
last-modified: Wed, 04 Jan 2023 02:50:40 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 cloud-risk-management-laptop-console-nav
trendmicro.scene7.com/is/image/trendmicro/ 7 KB
8 KB 37ms
31ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-risk-management-laptop-console-nav?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

9f9ac0e52c96120a1b6020539321279ea257b44492a9930f57ccfcb4340bd55a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "fa3d6014866852df99df1f24b293267b"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 11:44:10 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=12, origin; dur=0, cdntime; dur=12
content-length: 7650
akamai-cache-status: Miss from child, Hit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfaea
last-modified: Tue, 12 Aug 2025 18:01:30 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 zero-trust-access-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 16 KB
17 KB 35ms
30ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/zero-trust-access-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

516203c172e11d56f5b125558bafba7554132a322e3564d2a6a7a1aee2db075e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "4ea9b74bcd21fece5de3fa1ebe57ed16"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 11:58:34 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=11, origin; dur=0, cdntime; dur=11
content-length: 16720
akamai-cache-status: Miss from child, Hit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfaeb
last-modified: Wed, 04 Jan 2023 02:43:22 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 email-and-collaboration-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 20 KB
20 KB 38ms
33ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/email-and-collaboration-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

ac4dedf68d3fea6333bbcd0dc4031c83f93feb3b61715edd52352aaa0181cb2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "e80c2396940178eaaf95ff58d77d6567"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 16:07:11 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=12, origin; dur=0, cdntime; dur=12
content-length: 20348
akamai-cache-status: Miss from child, Hit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfaec
last-modified: Wed, 21 May 2025 00:22:05 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 data-security-laptop-console-nav
trendmicro.scene7.com/is/image/trendmicro/ 25 KB
26 KB 41ms
36ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/data-security-laptop-console-nav?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

255645bd0d9aa059dc3c43950d41b3965a4923b3125518a68343742b64903476

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "d12f171c785cf2b8598e9f6b09c2ef1b"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 15:32:25 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=11, origin; dur=0, cdntime; dur=11
content-length: 25836
akamai-cache-status: Miss from child, Hit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfaed
last-modified: Mon, 27 Oct 2025 22:01:36 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 all-products-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 41 KB
42 KB 48ms
43ms Image
image/webp 184.25.50.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/all-products-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.50.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-25-50-27.deploy.static.akamaitechnologies.com

Software

Unknown /

Resource Hash

c35684d84fc5b1b0f68463362669810b17bf94a9de0bc053000f9c3f66bcc880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "e88f8f7c1b7fe0eed8bbb848a2525f00"
x-adobe-smart-imaging: 0
akamai-request-bc: on
expires: Mon, 16 Mar 2026 12:41:42 GMT
access-control-allow-origin: *
server-timing: clientrtt; dur=0, clienttt; dur=25, origin; dur=0, cdntime; dur=25
content-length: 42446
akamai-cache-status: Miss from child, Hit from parent
date: Mon, 16 Mar 2026 07:02:50 GMT
akamai-grn: 0.6c3319b8.1773644570.156cfaee
last-modified: Mon, 27 Mar 2023 00:57:09 GMT
content-type: image/webp
server: Unknown
x-akamai-cache: 1

GET
H2 200 search-script.js Show response
customer.cludo.com/scripts/bundles/ 443 KB
80 KB 10ms
9ms Script
text/javascript 108.138.7.65
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://customer.cludo.com/scripts/bundles/search-script.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.65 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-138-7-65.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 80df2c3d694aba09adc50f732985286bd1c8f123b9d00784562634713bb6ad81

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

x-amz-cf-pop: FRA56-P6
content-encoding: gzip
x-amz-version-id: AF.DvIP1aI3PDVTFhKhZ0.vb8YJQKY33
etag: W/"0087bb36911641a5bc81d372c524b428"
age: 57815
via: 1.1 f13110b40e6214ad566c753a838f49f4.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: pNNwdelAppo9IL9QJreK9Tzz6X70MGqe_SS_GAEr5WG6-GyqlWdeGQ==
date: Sun, 15 Mar 2026 14:59:41 GMT
content-type: text/javascript
vary: accept-encoding, Origin
server: AmazonS3
last-modified: Mon, 09 Mar 2026 09:29:42 GMT

GET
H2 200 share-more.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/ 648 B
625 B 112ms
107ms Image
image/svg+xml 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

179eb991060face02477e0406b1a413ac50ec26fe9f397e07e4ee95f7e6a5298

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
cache-control: max-age=65927
content-encoding: gzip
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Tue, 17 Mar 2026 01:21:37 GMT
content-length: 362
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/svg+xml
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 printer.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/ 409 B
543 B 110ms
105ms Image
image/svg+xml 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1b154bfaea92a935726ed4a450101dc646a86588cfa0f066cae2050130124569

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
cache-control: max-age=50237
content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 21:00:07 GMT
x-prod-n-02: Yes
content-length: 281
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/svg+xml
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig1.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 152 KB
152 KB 251ms
247ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig1.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9d4ee76d49549504ba3f155c30b2f41c29da9d886acd1c2716c25e3898e3503c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "25e6d-64c2ca26405c0"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 155245
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:27 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig2.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 93 KB
93 KB 262ms
258ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig2.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

af4fb81584e9691984b8cd660a1c53ec93ec93cc52f60888190a2baf52e2417f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "173a3-64c2ca2734800"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 95139
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:28 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig3.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 29 KB
29 KB 267ms
263ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig3.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

35619b7a62bfb43afbeb45b5636147759d5a2175248677530b87295ad6ea3906

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "72fe-64c2ca2734800"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 29438
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:28 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig4.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 21 KB
21 KB 247ms
243ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig4.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

8ffa0aab4378da0a7af5d32d1c81aa02ee335f9bdca22f4b74152327bcb0371a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "522b-64c2ca2734800"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 21035
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:28 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig5.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 44 KB
44 KB 241ms
237ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig5.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

25e70b3b94a8bdef325d1674f6fde477b25085cb3d93a1b94ceb1361dcff4af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "af84-64c2ca2734800"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 44932
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:28 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig6.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 11 KB
11 KB 277ms
274ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig6.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

929f1d13f185bf3e0df5c2765a2cdd20992b749bf3a218ab1ff21ebc0d245813

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "2b3c-64c2ca2828a40"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 11068
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:29 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig7.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 24 KB
24 KB 259ms
256ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig7.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3aad309550e60dc3efece8594a1fc6326a7f1f2de65061d9e6721b4db2aab8d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "5e06-64c2ca2828a40"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 24070
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:29 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig8.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 22 KB
22 KB 586ms
582ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig8.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1cf9cdef0a4c5ded1af057685d7676fdcc593bf39691a738a5369d6e703d2160

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "5849-64c2ca2828a40"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 22601
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:29 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig9.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 9 KB
9 KB 253ms
250ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig9.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

13eca32358a5416968eeaed400b7537719fc4a97f8bd1f6f8c6267d299c75760

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "2322-64c2ca2828a40"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 8994
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:29 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig10.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 24 KB
25 KB 265ms
261ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig10.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9bb1e023fc96819af066a4b27330559f880541360add70849f44400f569745f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "6121-64c2ca2828a40"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 24865
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:29 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig11.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 2 KB
2 KB 283ms
280ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig11.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0e03970203fdf9470fdf4764ca9cc609002bf659a9ce05bc4da04992069bd1cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "70a-64c2ca291cc80"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 1802
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:30 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig12.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 3 KB
4 KB 289ms
286ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig12.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a9101873a5e57429e4a441350d85ababadec670fcbc4bdeb817e78246d3bd291

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "dfc-64c2ca291cc80"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 3580
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:30 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig13.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 1 KB
1 KB 222ms
219ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig13.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d82dc00bed3a2be92a600f5c48f661c0d029b0b1c1e45bfe14e6380f8bd17035

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "4a5-64c2ca226fcc0"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 1189
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:23 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig14.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 6 KB
6 KB 256ms
253ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig14.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f56a607e3a8c305873671e501e5a45dd19f19948bb579be82c019f60ff05b8fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "1649-64c2ca226fcc0"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 5705
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:23 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig15.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 34 KB
34 KB 247ms
244ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig15.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2ca157156ecbdef2e13a15f4f02f970b77e59131501222be9a497bd212a78960

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "86f4-64c2ca2363f00"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 34548
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:24 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig16.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 23 KB
23 KB 249ms
246ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig16.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d85de58268e02c421f13042408ce3b9c98206b2db8d8da471717c12eb3dc1e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "5a61-64c2ca2363f00"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 23137
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:24 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig17.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 12 KB
12 KB 260ms
257ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig17.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1cdbdcd3bfbe9fbe10689b1dff57ef87fcfbf8096b02e9f019443662ac9fc277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "2e6e-64c2ca2363f00"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 11886
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:24 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig18.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 10 KB
10 KB 254ms
252ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig18.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d01b30217201a72b27793c4ecf3d7fdff90125fc6422eb81439c709f0620b201

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "2844-64c2ca2363f00"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 10308
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:24 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig19.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 3 KB
3 KB 280ms
277ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig19.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

36793b58f65a48b5ad48cecc859c855dd9a244281244562590982973a39e711f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "b63-64c2ca2363f00"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 2915
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:24 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig20.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 17 KB
18 KB 242ms
239ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig20.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

13687de2c1fb0a60bb5becbf37cf529079c6f7c7fc844f3e73d16bc785f6ba2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "45e9-64c2ca2458140"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 17897
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:25 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig21.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 24 KB
25 KB 237ms
235ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig21.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

945910d12e52487f2092e8d105321727b95ea0f6e2ff998ebeb797b6b6600b74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "61bd-64c2ca2458140"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 25021
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:25 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig22.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 2 KB
2 KB 257ms
255ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig22.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

47da9e167288b88cf2cfcba71201d6c3fe39033836b12f18809b6e6033df74d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "7cd-64c2ca2458140"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 1997
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:25 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig23.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 11 KB
11 KB 262ms
260ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig23.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2248601f610a311a2c635a0d8e053cbec49c9fc7ab1bf3446078718872a4c19a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "2c68-64c2ca2458140"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 11368
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:25 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig24.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 25 KB
25 KB 324ms
322ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig24.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

130147a3ebef0d59ecefeb0279796f702d5c14a7153795bb4957e03e5a9d9d7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "63de-64c2ca254c380"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 25566
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:26 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig25.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 10 KB
11 KB 232ms
230ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig25.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e62494c66f652a8ab477f500f795aa8586990d14242795f2a372217441620e59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "2990-64c2ca254c380"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 10640
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:26 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig26.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 19 KB
19 KB 266ms
264ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig26.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

56faec606e3e3bd0569176aeb82a6fe8b8ec315839efdd9c35f67563ae5b7a7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "4be8-64c2ca254c380"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 19432
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:26 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig27.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 839 B
1 KB 298ms
296ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig27.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

8a4c85f342d51731a5cbd96de2c40b18f588375cf02c08a31b2cc008f066a20b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "347-64c2ca254c380"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
x-prod-n-02: Yes
accept-ranges: bytes
content-length: 839
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:26 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig28.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 44 KB
44 KB 701ms
699ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig28.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1dfb4e40d22c5a9d00244bf61aa3fac24b0df9f5849e2fe5c3c05f8d291a7315

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "b065-64c2ca254c380"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 45157
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:26 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 Fig29.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/ 30 KB
30 KB 285ms
283ms Image
image/png 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/26/c/boryptgrab/Fig29.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3c801927607a3b1be7c178cb3f93e30269b24c5e6955b32b4a7096f3ea7e4e7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: max-age=1
etag: "764f-64c2ca26405c0"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 30287
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/png
last-modified: Wed, 04 Mar 2026 06:07:27 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 sly.min.js Show response
www.trendmicro.com/content/dam/trendmicro/global/core-library/ 18 KB
7 KB 19ms
19ms Script
application/javascript 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/core-library/sly.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
cache-control: max-age=108
content-encoding: br
etag: "48de-56a21837c9c00-gzip"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Mon, 16 Mar 2026 07:04:38 GMT
content-length: 6989
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript
last-modified: Wed, 18 Apr 2018 15:57:36 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 jwplayer.js Show response
www.trendmicro.com/content/dam/trendmicro/global/core-library/ 81 KB
25 KB 19ms
18ms Script
application/javascript 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/core-library/jwplayer.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
cache-control: max-age=259155
content-encoding: br
etag: "1457a-56a21837c9c00-gzip"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Thu, 19 Mar 2026 07:02:05 GMT
content-length: 25334
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript
last-modified: Wed, 18 Apr 2018 15:57:36 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
3 KB 68ms
30ms Script
text/javascript 142.250.201.78
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.78 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-aq-in-f14.1e100.net

Software

ESF /

Resource Hash

65c78c20026b7514d7299bcb229bf9d20047ebf76f87806ab58078972e6c3794

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://.youtube.com https://.google.com https://.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist, require-trusted-types-for 'script'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
origin-trial: ApTXX1w2dkJZuuxlV9csQYg+9ZVXekg+mOu8mS9vb7/V2oeMLKqGC8blgR6ech+eqbhGAgLKPthyai7z89MdTAgAAACLeyJvcmlnaW4iOiJodHRwczovL3d3dy55b3V0dWJlLmNvbTo0NDMiLCJmZWF0dXJlIjoiRG9jdW1lbnRQb2xpY3lJbmNsdWRlSlNDYWxsU3RhY2tzSW5DcmFzaFJlcG9ydHMiLCJleHBpcnkiOjE3NDk1MTM2MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==, AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9, AiDEBptUfVeO93q48VdVMe/ubupazdAl8AaHP+NBzdnW8quUcHdzJUyGSfrmtpKJu7EOvwRp9ug2rEo3XU+WMAMAAAB2eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJEZXZpY2VCb3VuZFNlc3Npb25DcmVkZW50aWFsczIiLCJleHBpcnkiOjE3NzQzMTA0MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options: nosniff
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires: Mon, 16 Mar 2026 07:02:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-security-policy: script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://*.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist, require-trusted-types-for 'script'
cache-control: private, max-age=0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-swsTdcxnRrEqZTADf9Z_UA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
x-xss-protection: 0
server: ESF

GET
H2 200 header-footer.min.3a8bb3715b6ad0027e9f614f738e2a38.js Show response
www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/ 53 KB
10 KB 28ms
23ms Script
application/javascript 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/header-footer.min.3a8bb3715b6ad0027e9f614f738e2a38.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-246-28-156.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c7aece63b23620e8c0217a0a20eb35c70985d86f937f7ab75698292be4f9d577

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

cache-control: public, max-age=544933
content-encoding: br
expires: Sun, 22 Mar 2026 14:25:03 GMT
content-length: 9736
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript;charset=utf-8
last-modified: Thu, 13 Nov 2025 17:54:45 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 clientlib-trendresearch.min.e86e6ef1cd6d0156930c56b6a30ba17f.js Show response
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/ 712 KB
164 KB 80ms
75ms Script
application/javascript 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.e86e6ef1cd6d0156930c56b6a30ba17f.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3d64634279c4fe237d6503f690bb6e0575e5d6c57aa5ecf4d24076fa043b4b8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
content-encoding: br
x-content-type-options: nosniff
x-prod-n-02: Yes
content-length: 168097
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript;charset=utf-8
last-modified: Thu, 15 Jan 2026 18:03:58 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 821060e3-3f9c-4a2f-8613-8e0db4841f79.json Show response
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/ 6 KB
3 KB 46ms
28ms XHR
application/json 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/821060e3-3f9c-4a2f-8613-8e0db4841f79.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e52bf91e8e4c6d9c615e981d603e8286578849392e36763e1e9757a140d18950

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: wDpT/FNypN7+IRYyds897g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding, X-OneTrust-IsBot
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DE26F1C39F4D64
age: 84259
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 17 Mar 2026 07:02:50 GMT
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/json
last-modified: Tue, 18 Nov 2025 22:28:14 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-onetrust-isbot: false
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: d87e315c-001e-006a-68db-58cf21000000
cf-ray: 9dd1e5036c2a9962-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 launch-75dcf65b28c1.min.js Show response
assets.adobedtm.com/d205b04dc657/0c07287192f8/ 222 KB
71 KB 31ms
10ms Script
application/x-javascript 88.221.168.237
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://assets.adobedtm.com/d205b04dc657/0c07287192f8/launch-75dcf65b28c1.min.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.168.237 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a88-221-168-237.deploy.static.akamaitechnologies.com

Software

AkamaiNetStorage /

Resource Hash

eae02bd4ba5e41305aa7712d1f97cb9c54299233725a44bdc757136dabbb019e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "975cce99b2dada452a5fa65017b4a233:1763574358.649193"
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 08:02:50 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.trendmicro.com
content-length: 72803
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/x-javascript
last-modified: Wed, 19 Nov 2025 17:45:58 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 autopilot_sdk.js Show response
cdn.bc0a.com/autopilot/f00000000017219/ 72 KB
25 KB 39ms
10ms Script
application/javascript 35.201.125.192
Google LLC

General

Check archive.org

Download Go to

Full URL

https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.125.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),

Reverse DNS

192.125.201.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

c87080ff86ce00a5f93164a37b45eaaf5f6cff5744704053d092217b9bb914a8

Security Headers

Name	Value
Content-Security-Policy	default-src self; script-src self; style-src self; frame-ancestors 'self' https://*.brightedge.com/;
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://www.trendmicro.com/

Response headers

access-control-expose-headers: Content-Type
content-encoding: gzip
x-goog-hash: crc32c=b6+Miw==, md5=TDkToSvqVBP//5MDi2LfWA==
etag: "4c3913a12bea5413ffff93038b62df58"
age: 48
x-goog-meta-sdk_canonical_host
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-meta-content_only: false
last-modified: Fri, 09 May 2025 00:29:29 GMT
content-type: application/javascript
x-guploader-uploadid: AGQBYWxCZT_LahiW5DPuRJy7INXB-gHF2Y1WzF_78cwlFaQeYi9M8X7BvEw-HLrHWHPwt3mESCmpZTOmIo70hg
x-goog-meta-app2_delay: 0
x-goog-meta-custom: true
x-goog-meta-marvel_config_consistency_custom: {"data-url":"dataservice.tmok.tm/tc.png,trendmicro.scene7.com,0,.66,1&qlt=80,1.0&amp","data-dropsrcset":"true","data-customerid":"f00000000017219","data-ignorepath":"uat-author.we.trendmicro.com,uat.we.trendmicro.com,prod-author.we.trendmicro.com,qa-author.we.trendmicro.com,qa.we.trendmicro.com"}
x-goog-meta-spa: false
cache-control: public, max-age=360
x-goog-meta-disable_debug_elements: false
x-goog-meta-app2_test_mode: false
x-goog-meta-app2_enabled: false
accept-ranges: bytes
x-goog-generation: 1746750569142613
content-length: 23526
x-goog-meta-sdk_api_endpoint
x-goog-meta-publishingdate: 2025-05-09 00:29:29
content-language: en
server: UploadServer
x-goog-meta-marvel_enabled: false
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-meta-sdk_request_parameters_case_sensitive: false
x-goog-meta-marvel_test_mode: false
x-goog-meta-app2_customer_id
expires: Mon, 16 Mar 2026 07:08:02 GMT
x-goog-stored-content-length: 23526
x-goog-meta-app2_whitelist_params
date: Mon, 16 Mar 2026 07:02:02 GMT
x-goog-meta-sdk_canonical_protocol
vary: Accept-Encoding
x-goog-meta-sdk_account_id: f00000000017219
strict-transport-security: max-age=63072000; includeSubDomains
x-goog-meta-app2_env: prod
x-goog-meta-sdk_log_level: 2
content-security-policy: default-src self; script-src self; style-src self; frame-ancestors 'self' https://*.brightedge.com/;
x-goog-meta-marvel_customer_id
x-goog-storage-class: MULTI_REGIONAL
x-goog-meta-sdk_version: 1.5.14
x-goog-meta-sdk_whitelist: ixf
x-goog-meta-app2_ignore_query_params: false
access-control-allow-origin: *
x-goog-meta-app2_debug_always: false

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 83 B
335 B 269ms
95ms XHR
application/json 172.64.155.119
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 9dd1e504ec743814-FRA
access-control-allow-origin: *
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H2 200 id Show response
dpm.demdex.net/ 369 B
916 B 151ms
71ms XHR
application/json 34.241.203.180
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=29C656F85FE1CBB80A495C08%40AdobeOrg&d_nsid=0&ts=1773644570213

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/d205b04dc657/0c07287192f8/launch-75dcf65b28c1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.241.203.180 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-241-203-180.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c3cf6f8b599b050a63690643f2b2ae5fb6f79401aca0c555ce79f60bb5dd6a4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-1-v085-046054f33.edge-irl1.demdex.com 1 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: XLfhtZpbSuw=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.trendmicro.com
content-length: 309
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/json;charset=utf-8
vary: Origin

GET
H2 200 01499581785 Show response
ixfd2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/ 6 KB
1 KB 62ms
16ms XHR
application/json 34.111.194.12
Google LLC

General

Check archive.org

Download Go to

Full URL: https://ixfd2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/01499581785?client=js_sdk&client_version=1.5.14
Requested by: Host: cdn.bc0a.com
URL: https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.194.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 12.194.111.34.bc.googleusercontent.com
Software: bws/1.0 /
Resource Hash: a877eb3c864362bfdc62e2f325b02bfbf263bfa2fe48cd3e4b5b02f0dedfa5ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: public, max-age=3600
content-encoding: br
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-be-pop: BRU-1-302
date: Mon, 16 Mar 2026 07:02:40 GMT
content-type: application/json
server: bws/1.0

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 165 KB
34 KB 11ms
9ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82dab6b89d8fa4547adf9da91df8cccfff6fc0e847df5d3e9a41276fa4a0d6b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"445a27287bd4d9860e3fd7ca647f88b8"
x-amz-version-id: vxqce.wB20ud.qCHAqj7oBVpwil7ykH2
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: fbZFUMBG3SgHhWVr8KfTEK5tqP34eeGhjNdSHm1BzpsDLJC_2xAZfw==
date: Mon, 16 Mar 2026 07:02:02 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 OpenSans.woff2
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans/ 58 KB
58 KB 82ms
80ms Font
application/octet-stream 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans/OpenSans.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4a7f7e246fb61ccc3f57cd38061bbbdd4ada9768649d9d3e3362ec46be278bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Response headers

mpulse_cdn_cache: HIT
strict-transport-security: max-age=15552000; preload
cache-control: public, max-age=33067
x-content-type-options: nosniff
mpulse_origin_time: 0
x-prod-n-02: Yes
content-length: 59444
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/octet-stream
last-modified: Mon, 08 May 2023 17:33:35 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 material-symbols-outlined.woff2
www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/resources/fonts/ 225 KB
226 KB 84ms
83ms Font
application/octet-stream 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/resources/fonts/material-symbols-outlined.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ad514bcb3f2e982a190a5e963a29655f37824683a85f6b9ebe942ebd735e18ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Response headers

mpulse_cdn_cache: HIT
strict-transport-security: max-age=15552000; preload
cache-control: public, max-age=27585
x-content-type-options: nosniff
mpulse_origin_time: 0
x-prod-n-02: Yes
content-length: 230732
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/octet-stream
last-modified: Thu, 07 Sep 2023 17:07:37 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 422ea8eb-ab70-4ffb-9bf3-5a841254edba-3.woff
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate/ 72 KB
72 KB 101ms
100ms Font
application/x-font-woff 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate/422ea8eb-ab70-4ffb-9bf3-5a841254edba-3.woff

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f64a06f7949a0dabe65e7683ade627d29301122d68a4bc3239b161ec00697e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Response headers

mpulse_cdn_cache: HIT
strict-transport-security: max-age=15552000; preload
cache-control: public, max-age=39100
x-content-type-options: nosniff
mpulse_origin_time: 0
x-prod-n-01: Yes
content-length: 73259
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/x-font-woff
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v44/ 47 KB
47 KB 28ms
10ms Font
font/woff2 142.250.187.227
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.187.227 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-au-in-f3.1e100.net

Software

sffe /

Resource Hash

d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://fonts.googleapis.com/

Response headers

age: 420958
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 11 Mar 2027 10:06:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Mar 2026 10:06:52 GMT
last-modified: Mon, 15 Sep 2025 16:30:41 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48320
x-xss-protection: 0
server: sffe

GET
H2 200 dade3edf-02a3-4844-947e-95175f24faef-3.woff
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/InterstateExtraLight/ 37 KB
38 KB 38ms
38ms Font
application/x-font-woff 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/InterstateExtraLight/dade3edf-02a3-4844-947e-95175f24faef-3.woff

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d5f14381258973e1a93167d8b3486ae1b2665ea072feb622e1ec0a446facc400

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Response headers

mpulse_cdn_cache: HIT
strict-transport-security: max-age=15552000; preload
cache-control: public, max-age=40102
x-content-type-options: nosniff
mpulse_origin_time: 0
x-prod-n-01: Yes
content-length: 38313
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/x-font-woff
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 icomoon.ttf
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/ 24 KB
14 KB 49ms
49ms Font
application/x-font-ttf 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/icomoon.ttf

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

bc6e1ea2c2ddcb591413f7bd88178f4563bd3dbbb5726fa86ad11777f99d5bf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Response headers

mpulse_cdn_cache: HIT
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
cache-control: public, max-age=39765
content-encoding: br
x-content-type-options: nosniff
mpulse_origin_time: 0
x-prod-n-02: Yes
content-length: 14490
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/x-font-ttf
last-modified: Thu, 09 Dec 2021 18:07:24 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H3 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v44/ 49 KB
49 KB 8ms
8ms Font
font/woff2 142.250.187.227
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.187.227 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-au-in-f3.1e100.net

Software

sffe /

Resource Hash

186836b74ceac07b2764c07c0379420e3014efb30fe918461c235e0ef6cbc4a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://fonts.googleapis.com/

Response headers

age: 299135
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 12 Mar 2027 19:57:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 12 Mar 2026 19:57:15 GMT
last-modified: Mon, 15 Sep 2025 16:31:21 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 50216
x-xss-protection: 0
server: sffe

GET
H2 200 Interstate-Bold.woff2
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/Interstate-Bold/ 50 KB
51 KB 30ms
30ms Font
application/octet-stream 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/Interstate-Bold/Interstate-Bold.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1203817a41844d7b3fb01f6ebdef78975b98e96e09719b60fecc368afde2fc6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Response headers

mpulse_cdn_cache: HIT
strict-transport-security: max-age=15552000; preload
cache-control: public, max-age=36132
x-content-type-options: nosniff
mpulse_origin_time: 0
x-prod-n-01: Yes
content-length: 51664
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/octet-stream
last-modified: Mon, 08 May 2023 17:33:35 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET dest5.html
trendmicro.demdex.net/ Frame F1E7 0
0

GET
H2

200

ibs:dpid=411&dpuuid=aberGgAAAGH9PwOJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=66943865774048722650658453180430373975
https://dpm.demdex.net/ibs:dpid=411&dpuuid=aberGgAAAGH9PwOJ

42 B
717 B

32ms
29ms

Image
image/gif

34.241.203.180
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=aberGgAAAGH9PwOJ

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Server

34.241.203.180 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-241-203-180.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-1-v085-0e1ba471e.edge-irl1.demdex.com 1 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: N1QQUelwQlk=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/gif

Redirect headers

Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=aberGgAAAGH9PwOJ
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length: 0
Date: Mon, 16 Mar 2026 07:02:50 GMT
Connection: keep-alive
Server: AMO-cookiemap/1.1

GET
H2 200 dict.en_us.json Show response
www.trendmicro.com/libs/cq/i18n/ 14 KB
4 KB 76ms
76ms XHR
application/json 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/libs/cq/i18n/dict.en_us.json

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/utils.min.899004cc02c33efc1f6694b1aee587fd.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

da8c4697d246d5dde073b87ff33798d3fc46c4a3c5ca37626292b8efc7c3de99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: public, max-age=308
content-encoding: br
etag: "b91bea50244aae0b72b630e6c7e2791f"
x-content-type-options: nosniff
x-prod-n-02: Yes
content-length: 3904
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202310.2.0/ 426 KB
103 KB 23ms
22ms Script
application/javascript 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60aaad2288d23fb03527331b7b03e1f1643898e136a926f1d48609f453babd85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: futiIRaAGsEL76yunD0yWQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5D10E7176E8
x-ms-lease-status: unlocked
age: 82953
cf-cache-status: HIT
x-content-type-options: nosniff
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript
last-modified: Tue, 16 Jul 2024 19:54:08 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 9b66de1d-401e-006d-2ff0-f239a4000000
cf-ray: 9dd1e5060a6f1a47-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 105018
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 boryptgrab-stealer-targets-users-via-deceptive-github-pages.disruptorV2.json Show response
www.trendmicro.com/en_us/research/26/c/ 78 B
548 B 507ms
507ms XHR
application/json 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.disruptorV2.json

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.e86e6ef1cd6d0156930c56b6a30ba17f.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2e4db45aa37bde0ca92814a85fb311ddf2f3e2ae69f58cf44d8733368e35680c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com
content-encoding: br
x-content-type-options: nosniff
x-prod-n-01: Yes
content-length: 61
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/json
vary: Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 OpenSans-Light.woff2
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans-Light/ 58 KB
58 KB 26ms
26ms Font
application/octet-stream 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans-Light/OpenSans-Light.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0e7f25b4a085d3c4ad8edac6fd7bcb8eb2ebabc9887c569fe61df284ade34549

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.47ce60d92d94610907e7a2cbd6fbca69.css

Response headers

strict-transport-security: max-age=15552000; preload
cache-control: public, max-age=32460
x-content-type-options: nosniff
x-prod-n-02: Yes
content-length: 59272
x-xss-protection: 1;mode=block
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/octet-stream
last-modified: Mon, 08 May 2023 17:33:35 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
966 B 29ms
28ms Script
text/javascript 142.250.201.78
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.78 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-aq-in-f14.1e100.net

Software

ESF /

Resource Hash

65c78c20026b7514d7299bcb229bf9d20047ebf76f87806ab58078972e6c3794

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://.youtube.com https://.google.com https://.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist, require-trusted-types-for 'script'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
origin-trial: ApTXX1w2dkJZuuxlV9csQYg+9ZVXekg+mOu8mS9vb7/V2oeMLKqGC8blgR6ech+eqbhGAgLKPthyai7z89MdTAgAAACLeyJvcmlnaW4iOiJodHRwczovL3d3dy55b3V0dWJlLmNvbTo0NDMiLCJmZWF0dXJlIjoiRG9jdW1lbnRQb2xpY3lJbmNsdWRlSlNDYWxsU3RhY2tzSW5DcmFzaFJlcG9ydHMiLCJleHBpcnkiOjE3NDk1MTM2MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==, AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9, AiDEBptUfVeO93q48VdVMe/ubupazdAl8AaHP+NBzdnW8quUcHdzJUyGSfrmtpKJu7EOvwRp9ug2rEo3XU+WMAMAAAB2eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJEZXZpY2VCb3VuZFNlc3Npb25DcmVkZW50aWFsczIiLCJleHBpcnkiOjE3NzQzMTA0MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options: nosniff
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires: Mon, 16 Mar 2026 07:02:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-security-policy: script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://*.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist, require-trusted-types-for 'script'
cache-control: private, max-age=0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rhJVd3tOw5qifqZg00VREw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
x-xss-protection: 0
server: ESF

GET
H2 200 utag.189.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 12 KB
5 KB 10ms
9ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.189.js?utv=ut4.49.202509151951
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e924b29a40f25426e83d462612a6a5fa14ddee06f39d9e3d558a6592b618183e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"3ed220006f9586b923bc674c1057ebbe"
x-amz-version-id: tpUJLqDG0KtVK40HnpI.d59mXDN5kwpL
age: 86
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 33ZLxlGsudZ_LRFHjg1htonhNMzNcH1OEqqIUdL-5JEu8q1FcVyFrw==
date: Mon, 16 Mar 2026 07:02:01 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.69.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 12ms
11ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.69.js?utv=ut4.49.202410041627
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0302d9000c5640cfd4f06353524bfcdcdfcb11cc0440ec34f16e4bb55b679f42

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"a17d62de9b307ec380dd89df3801383a"
x-amz-version-id: ksl79qFAmPYrB3BlWrEU4bgXs4NZJ9AO
age: 48
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: YHaJ4J4t1LF5YMait5PTp6fxzVJ4g--YX4bAG2tUmSRZ0clKSTDJ6A==
date: Mon, 16 Mar 2026 07:02:03 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.242.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 12 KB
5 KB 15ms
15ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.242.js?utv=ut4.49.202510211717
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1c399395a6574ff803d6fe0052148f77e22c71bf998f49fc363bbc03167be08d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"4194056810595fc5423cb5ce21dade88"
x-amz-version-id: 5.jQeaCH3pwvgYmkrMscgrjK2wvbycsm
age: 85
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: okukI8Rit7m1NEJFNwtIRDXmnl47HlJewTJtYdac3jy-P1Cq_bvuVA==
date: Mon, 16 Mar 2026 07:02:01 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.138.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 14ms
12ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.138.js?utv=ut4.49.202010201643
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f7bd56fc22bc633d87b5fba20595c0d3d2d255dfa7db1d525a2994a614ebc60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"94d7181ed1b35e35fd4b1f096d7fba67"
x-amz-version-id: v.QwPLHAvPxdqwb4jYSKBYyAc.5D.sIU
age: 216
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: uTFfkeoMlB99o-4oe4YLPLb3U0Gy9iRcKbSp6eW8vf2aRA4UF5BR3g==
date: Mon, 16 Mar 2026 06:59:15 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.81.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 24 KB
6 KB 20ms
18ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.81.js?utv=ut4.49.202305162129
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4603a811d2ab155474648f45b9a4dce4b28d07a6aacbf441f0c7e9e685fd6354

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"dec983d3aea5b24f0aeb38d4e6c79651"
x-amz-version-id: BUhbLan65AQiH5KlEyvP35WsWYmtcFl7
age: 52
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: mUOlFmv7FLdeqcBkksPxssJAJHZ-Kc9VgrgoMbILsgYUSXVo_32bcw==
date: Mon, 16 Mar 2026 07:02:08 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.255.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 43 KB
12 KB 19ms
16ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.255.js?utv=ut4.49.202509151951
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bc7040cb84227015953614f1c7f1aed09be43c48baaad4774d4fe847c555a35e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"de8610d9d3bec36b10588c92eee57bcb"
x-amz-version-id: cmmpoEqdC_jSq1h_eRNch.dr2NMOM6Fq
age: 288
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: DQe5OHdytSGdGDBOlJJIOQAZiqZkWhrhGRiHF83O28NV9FakNo6bsA==
date: Mon, 16 Mar 2026 06:58:12 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.222.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 18ms
16ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.222.js?utv=ut4.49.202412202029
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8893b43dffc9cb03edb52a0d9cc95d8d3662b6aeb1251a80fea5dbfa03b5f105

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"f57b304c6c874a0a270ed47462f6c9ee"
x-amz-version-id: _tC2dndCAVeojjpcamVk.Kct3WtMU5Sz
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: AdXOy804w7_x4mUrIKTWJGGYBQR0wf7GJiPGxm6pey88-NDwdpPGJw==
date: Mon, 16 Mar 2026 07:02:08 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.9.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 19ms
16ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.9.js?utv=ut4.49.201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a8019e4c4a7aa0277a0d7c2593d09d9e551dd855e80f799fdaf327be2ceff0fa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"837627692a5538d1befaa620afdb7f8b"
x-amz-version-id: zkK6Iklqm1teNenKHqMGjFGvIWWfJieh
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: KmhLL69gKdAWmQNEVdiOi4TyKrnGPUDR3Z-EoVSv92RnIKJaqMtGFA==
date: Mon, 16 Mar 2026 07:02:08 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.115.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 10 KB
3 KB 19ms
17ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.115.js?utv=ut4.49.202509151951
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f714584bd8688f16d4136775411a8f00a96c7d56e94b3fc822907aca37d89325

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"3b87f014caf06991e2971af30e2b3b93"
x-amz-version-id: h8AZavI_SmrPeLiEeyJddLR6jKn8fEoB
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: WHDQItBfmqaht7xZn2s1nSCADfLtEvMVTwwFVEF-AaMvBioeESKb5w==
date: Mon, 16 Mar 2026 07:02:09 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.145.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 19ms
17ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.145.js?utv=ut4.49.202305162129
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2eafc550dc382ef09cfb691ee16d0ebd556edd0eef6221617b5a7d334cf98c9b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"c4fd9539feaa1d9e8e7c38a4e9e5fd39"
x-amz-version-id: jR0cqxWskEEiBABPAYoLRljyHCGTfSyw
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: l5vUqPgkjxSsB_ebWnA-cWnDvFVfoz29WG_Y5JG2rAf83CU2aOoRig==
date: Mon, 16 Mar 2026 07:02:09 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.171.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 16 KB
5 KB 19ms
17ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.171.js?utv=ut4.49.202509251759
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3d9f62512a23fa62f2334143fb734c479877e684a28e11b91a2d510e5e52f237

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"38dcbaa73363cbd605fa623222f03f9d"
x-amz-version-id: Aa5WgmAXlUfgl3BqIHWPtWLBBRDThng9
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: p_flIH4DxlCWn_HlsulFPilvug0abYBPEsooerEGxjlSwXwRKjUbYA==
date: Mon, 16 Mar 2026 07:02:09 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.181.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 16ms
14ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.181.js?utv=ut4.49.202210212104
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1d8e7b7ebb51d3ce13192e0d0281953788f9129c1c71750e1bb3ba45cb40fb43

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"7d0d1975b0d57a97fba41bb756b24f68"
x-amz-version-id: HH6XMY_rYPVsJdfEgd62.S0YJZPgkSgi
age: 216
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: QwjtjLO0ZxtRlkik_YDr6srDHOv4zhVH6eCAwC2ZdL3hFc5DJqodyg==
date: Mon, 16 Mar 2026 06:59:15 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.187.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 22ms
20ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.187.js?utv=ut4.49.202402161940
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 41b771e2c9c362246cf5b2f63b54570c64c9f5101d4a6ddf63831522a77cec78

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"9cd31b157b2be6e9f0ba08381b357296"
x-amz-version-id: fu9bN_sGNodGaMPeLtZolvJW0QY8Z.WO
age: 49
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: SsdZopZS4yOu31OJgUFh92aeohVHPkoz3XrT1DVZePLWYvMNREeK2Q==
date: Mon, 16 Mar 2026 07:02:10 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.205.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 26ms
25ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.205.js?utv=ut4.49.202402222121
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb0ecc92191a1cd66a8761e02ae078b8e93f844d5f94c2624abb4a64de00726c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"f86990877fe9317daa43a76395d38560"
x-amz-version-id: h7QFGD0zkhQvcAmaNnC3g2q7H7kZb.oi
age: 48
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: NXB9Nf7DxkpTb6YoD1r60uV_TQapq-wYBopPw86NMIRdL1sh0yM5bA==
date: Mon, 16 Mar 2026 07:02:10 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.210.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 7 KB
2 KB 25ms
24ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.210.js?utv=ut4.49.202509181438
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ecb8d27ebd507ad0935f0a7a6d262e19957450645749ae45ce3b5a28fad70a6b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"d5e3a922e589747eb92a0b86ea1add25"
x-amz-version-id: N90gRH9sX.ZauJL.VWSe8Yi6cfMY8N9A
age: 163
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: Z_J7GcmFUQjp0yb6C_m7N621Ob7s2TT62RhuvvVo3WdH7_FmGItjBQ==
date: Mon, 16 Mar 2026 07:00:08 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.240.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 15 KB
4 KB 27ms
26ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.240.js?utv=ut4.49.202502112205
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd6cb2b822ea51faddddb35fb09fef290eb8fc5e1f56d2c2fd7ffb9c67a73439

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"2a1d0558bbb083c2c2cf447810113b5e"
x-amz-version-id: IKl9a032spIR5CMqV42.KTJEvuhJ8mF_
age: 48
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: nqPGsiKazcb7ro85I_7uVR8O2ttHLyfLW8hCppKj3VtlT_HX_bbpHw==
date: Mon, 16 Mar 2026 07:02:10 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.249.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 20 KB
6 KB 28ms
26ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.249.js?utv=ut4.49.202509151951
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3a549c1e7b0d5821295b11a33782b4b1aa1cee32294439fc0050e6eb6ff081fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"31e9d00895f74726c8919609d1378247"
x-amz-version-id: OHjlfoPqq4cEUhIIYbh_MwJtElZfzGFE
age: 48
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: iuVTivSjlA-7HRLWNHXy429bKjjcbBsODxLew4olIL9p0wi5SuabAQ==
date: Mon, 16 Mar 2026 07:02:14 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.264.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 27ms
25ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.264.js?utv=ut4.49.202509181930
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 05a180b4106c9099df86119d4b6ba5e49c9acf82a9c96884c3e1247ec22a9c72

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"7f176bc5d39deac54ce0b290ea242288"
x-amz-version-id: h.Bkm.2aV41RwrwszVEi9Lvmv.HpW0t3
age: 48
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: hXAsP56T2XQ2pMZV5GKHMQUa65iyRRZGJ6R0dgijhFB9tewGVESVfQ==
date: Mon, 16 Mar 2026 07:02:10 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 utag.265.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 24ms
22ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.265.js?utv=ut4.49.202509181952
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0a90da37d4f07908cb6aff0b368c04a71289dd97e9cc799fe877db6d6676c477

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"ef441f251a3e8f7ec8ed4668e585f991"
x-amz-version-id: jiNubXfMsFtGBNfmrxZ3yU09zfvfLFJv
age: 48
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 2WfLr7Q6MjmxLvQZfEnDztZiF8j2U19F9BvupWy41XNJofuhLWtZfQ==
date: Mon, 16 Mar 2026 07:02:10 GMT
content-type: application/javascript
last-modified: Tue, 24 Feb 2026 21:30:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 de.json Show response
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/01915698-956a-7310-a0c5-d638abf5107a/ 433 KB
65 KB 48ms
47ms Fetch
application/json 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/01915698-956a-7310-a0c5-d638abf5107a/de.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ba67ef2c21b3bd722edab6355db682005992e52c690fc09e4b20767243807f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: 8Ln5iVDG0d0z18dJGwqzYA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding, X-OneTrust-IsBot
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DE26F1D4294AB9
age: 4288
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 17 Mar 2026 07:02:50 GMT
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/json
last-modified: Tue, 18 Nov 2025 22:28:42 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-onetrust-isbot: false
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 96e03dc4-d01e-0005-43db-5867f5000000
cf-ray: 9dd1e506ae549962-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 46 KB
13 KB 43ms
8ms Script
application/javascript 146.75.116.157
Fastly

General

Check archive.org

Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, Inc., US),
Reverse DNS
Software: /
Resource Hash: c1b1adaaeaeaa087e997506ec9284580ec1e0e6ff49214fb642e6ba8b4622a7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "54ba1879b96bae1c0dfd2f874561fa94+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 13221
date: Mon, 16 Mar 2026 07:02:50 GMT
x-tw-cdn: FT
last-modified: Fri, 13 Mar 2026 22:54:36 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000088-IAD, cache-fra-eddf8230193-FRA
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 679 KB
170 KB 69ms
40ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

f421051108147b6326d103a0877c55d3a380e2ad9668b076736ca25a689130af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: zstd
expires: Mon, 16 Mar 2026 07:02:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 16 Mar 2026 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 173885
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 52 KB
19 KB 56ms
19ms Script
application/javascript 2.18.64.212
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.64.212 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-18-64-212.deploy.static.akamaitechnologies.com

Software

Resource Hash

2eca4e19ce2f8beb61bbbc93c202609dab5a84770dd10f213042bb61838173ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=86400
content-encoding: gzip
x-cdn-proto: HTTP2
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
access-control-allow-origin: *
content-length: 18882
date: Mon, 16 Mar 2026 07:02:50 GMT
last-modified: Wed, 03 Dec 2025 08:16:53 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 344 KB
121 KB 58ms
31ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MT6DHL8&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

5f49d497bc40a9c5a85079e47264a2bb300ac67940ccac183a1d61d3356961ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: zstd
expires: Mon, 16 Mar 2026 07:02:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 16 Mar 2026 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 123580
x-xss-protection: 0
server: Google Tag Manager

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 42ms
13ms Script
application/x-javascript 23.67.142.205
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.67.142.205 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-67-142-205.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0db210edd69ae50d9bdf5982ba9e3490972296be80a76a5dbec6159080da2b5d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Content-Encoding: gzip
ETag: "515ac790b706e56bc59f71a6205549c9:1772595965.945738"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 746
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Mon, 16 Mar 2026 07:02:50 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 04 Mar 2026 03:46:05 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 63 KB
22 KB 44ms
21ms Script
text/javascript 216.58.206.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.9.js?utv=ut4.49.201510262117

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

f82bc65bdef6219c9e2f9b3f1bd38aa081e75ddf2b048eb93180aef3d8466741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
etag: 6275005565347288860
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 22834
x-xss-protection: 0
server: cafe

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 39ms
9ms Script
application/javascript 23.55.163.138
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.163.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-55-163-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 91c20c70d36b608cf919e894b0ac9e32298d6b3ac3ca59c45a85e7c44161d170

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-type: application/javascript
cache-control: private, max-age=10800
content-encoding: gzip
x-amz-version-id: P3wU2zsFsU_YKU_VzrjthagDfojxxkBN
etag: W/"bc32411fd6fa348d8203d2f26dd9866d"
expires: Mon, 16 Mar 2026 10:02:50 GMT
content-length: 18919
x-amz-cf-id: U56MTKcVS0r0IfgrjdNhvfCbOE0eAkCbE6py_YLutYbT0pNrPNpdow==
date: Mon, 16 Mar 2026 07:02:50 GMT
last-modified: Wed, 19 Feb 2025 12:59:27 GMT
vary: accept-encoding
x-amz-cf-pop: FRA60-P11
x-amz-server-side-encryption: AES256

GET
H2 200 equally-widget.min.js Show response
widget.equally.ai/ 267 KB
83 KB 45ms
12ms Script
text/javascript 52.222.136.40
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://widget.equally.ai/equally-widget.min.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.187.js?utv=ut4.49.202402161940

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.136.40 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-136-40.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cf68ec04f2a46589c6838215369b03ed4bdf3f6d2d5dd2eed4c95d95bf9edf27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: gzip
etag: W/"5c12a3b2b7e9e1f474debffefdadd926"
age: 24343
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: H5DBXih1mW-T8kLpEB8RYIxqS8t-1FEE1baiFv6nrE_snqs3MUPu-A==
date: Mon, 16 Mar 2026 06:21:32 GMT
content-type: text/javascript
vary: accept-encoding
last-modified: Wed, 21 Jan 2026 16:29:29 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: strict-origin-when-cross-origin
via: 1.1 4f762327597c2647c5dac5e573d910fa.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1

200
OK

ppt=25985;g=web_visits;gid=66464
trkn.us/pixel/conv/
Redirect Chain

https://trkn.us/pixel/conv/ppt=25985;g=web_visits;gid=66464?ord=0.07179596932289756
https://trkn.us/pixel/conv/ppt=25985;g=web_visits;gid=66464?ord=0.07179596932289756;ip=159.26.104.75;cuidchk=1

42 B
721 B

9ms
9ms

Image
image/gif

23.55.163.149
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://trkn.us/pixel/conv/ppt=25985;g=web_visits;gid=66464?ord=0.07179596932289756;ip=159.26.104.75;cuidchk=1

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

HTTP/1.1

Server

23.55.163.149 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-55-163-149.deploy.static.akamaitechnologies.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Pragma: no-cache
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Sun, 9 Nov 1980 12:58:00 GMT
Content-Length: 42
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 Mar 2026 07:02:50 GMT
Content-Type: image/gif

Redirect headers

Location: /pixel/conv/ppt=25985;g=web_visits;gid=66464?ord=0.07179596932289756;ip=159.26.104.75;cuidchk=1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 0
Date: Mon, 16 Mar 2026 07:02:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 534 KB
169 KB 45ms
26ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

ec20ba5c8a203a4d718acfa75f19b4f19c2c10b7eba825b1390245173b63a840

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 16 Mar 2026 07:02:50 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 172384
date: Mon, 16 Mar 2026 07:02:50 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 83ms
9ms Script
text/javascript 142.251.127.101
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.101 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: gzip
age: 1257
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 08:41:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 06:41:53 GMT
last-modified: Tue, 15 Jul 2025 00:44:26 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
content-length: 20802
server: Golfe2

GET
H/1.1 200
OK sjbgghj1f5 Show response
www.clarity.ms/tag/ 571 B
843 B 135ms
62ms Script
application/x-javascript 20.250.198.32
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://www.clarity.ms/tag/sjbgghj1f5
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.250.198.32 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: nginx /
Resource Hash: 2993902cfd8e48800b7da8547b41c23745d876ed5ceecf0364f735569c10911f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Cache-Control: no-cache, no-store
Connection: keep-alive
Request-Context: appId=cid-v1:a894a21c-0197-44e5-b203-3cbc01252c82
Expires: -1
Content-Length: 571
Date: Mon, 16 Mar 2026 07:02:50 GMT
Content-Type: application/x-javascript
Server: nginx

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 75ms
14ms Script
application/javascript 104.20.20.192
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.20.192 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fdc19178ffaef3c25f667e332a6b3a832a2d433196e269e62705b32635cc4535

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"ba58662c7d87649cc6c58ffa655758af"
age: 12330
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6%2FiTunHmCHlSy0WdbtUhn1xhKujYfLGw%2FBrLJHMGf%2BXjp1yF8hslrMRPiB6FSp%2BFv59X6hyWv8YRDTP%2FE0cjaoHtvdtgZvrRdQm3hq4eSg%3D%3D"}]}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript
vary: accept-encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400, stale-while-revalidate=30, public
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: strict-origin-when-cross-origin
cf-ray: 9dd1e5076cd3f415-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 356 KB
94 KB 69ms
8ms Script
application/x-javascript 157.240.0.6
Facebook

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

9042f1e34a93c7f8b4f6c71701eb19b553ebf0590081e805fe5a926483de7d1d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;script-src 'nonce-kxeYoCuJ' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com;font-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;img-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;media-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;child-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;frame-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;manifest-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;object-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;worker-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;script-src 'nonce-kxeYoCuJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com;font-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;img-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;media-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;child-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;frame-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;manifest-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;object-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;worker-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=23, mss=1232, tbw=5069, tp=11, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: j054SXDenwLNaDthbf0ajecOW1tY7UsUQZstuZgKRUW+1fZU4FRkqLyBeckd0RFgses7OcQF/YYspffmIcFR2Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 96497
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 200 i.gif Show response
collect.tealiumiq.com/trendmicro/global/2/ 43 B
785 B 46ms
13ms XHR
image/gif 18.197.61.165
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://collect.tealiumiq.com/trendmicro/global/2/i.gif
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.249.js?utv=ut4.49.202509151951
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.197.61.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-197-61-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAjhFLqcYSiYidt3y
Referer: https://www.trendmicro.com/

Response headers

access-control-expose-headers: X-Region
expires: Mon, 16 Mar 2026 07:02:50 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-serverid: uconnect_uconnect-8f08b28b-1a64-4471-ab2a-08367be4cafc
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/gif
vary: Origin
x-uuid: 1c1762f5-4831-4e2d-b4bd-61797213096c
cache-control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
pragma: no-cache
access-control-allow-credentials: true
x-tid: 019cf5745feb002378d5b2b76d1005065006f05d00b08
access-control-allow-origin: https://www.trendmicro.com
content-length: 43
x-acc: trendmicro:global:2:datacloud
x-ulver: 88f05e437a7ab3d859285f24e38f164128034fa4-SNAPSHOT
x-did: 019cf5745feb002378d5b2b76d1005065006f05d00b08
x-region: eu-central-1

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
432 B 8ms
8ms Script
application/javascript 13.33.187.32
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=trendmicro/nabucms/202602242130&cb=1773644570686
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.32 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-33-187-32.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
etag: "7bc0ee636b3b83484fc3b9348863bd22"
age: 417
x-cache: Hit from cloudfront
x-amz-cf-id: h9lvu-LEeReEF8iLeopLpMWY3M9qTv0khIM3YWjLh00h26NCnaG-Rw==
date: Mon, 16 Mar 2026 06:55:54 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
cache-control: max-age=300
via: 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 2
x-amz-cf-pop: FRA60-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/74edf1a3/www-widgetapi.vflset/ 31 KB
10 KB 9ms
9ms Script
text/javascript 142.250.201.78
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.youtube.com/s/player/74edf1a3/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.201.78 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-aq-in-f14.1e100.net

Software

sffe /

Resource Hash

e9abd0d74c5ecca848c706e3f94780a00efc33f66f1a7971ded040458851fd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
age: 116
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
x-content-type-options: nosniff
expires: Tue, 16 Mar 2027 07:00:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:00:54 GMT
last-modified: Wed, 11 Mar 2026 04:44:12 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
content-length: 10535
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/164/ 11 KB
5 KB 8ms
8ms Script
application/x-javascript 23.67.142.205
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://munchkin.marketo.net/164/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.67.142.205 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-67-142-205.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "756f9116836f579d12be8fe786b69d98:1726632111.60799"
Connection: keep-alive
Expires: Wed, 24 Jun 2026 07:02:50 GMT
Accept-Ranges: bytes
Content-Length: 4843
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Mon, 16 Mar 2026 07:02:50 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Sep 2024 04:01:51 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET adsct
t.co/1/i/ 0
0

GET getuidj
secure.adnxs.com/ 0
0

GET
H/1.1

200
OK

/ Show response
c.6sc.co/
Redirect Chain

https://c.6sc.co/
https://c.6sc.co/refresh
https://c.6sc.co/?m=1

47 B
535 B

60ms
54ms

XHR
text/plain

23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://c.6sc.co/?m=1
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: HTTP/1.1
Server: 23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-50-131-146.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 33f6ab2f84da5a1e94cca8db747d4b5950165b3b5d99733dc7768652e1254e1b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: Mon, 16 Mar 2026 07:02:50 GMT
Access-Control-Allow-Origin: https://www.trendmicro.com
Content-Length: 47
Date: Mon, 16 Mar 2026 07:02:50 GMT
Content-Type: text/plain
Vary: Origin

Redirect headers

Cache-Control: max-age=0, no-cache, no-store
Location: https://c.6sc.co/?m=1
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: Mon, 16 Mar 2026 07:02:50 GMT
Access-Control-Allow-Origin: https://www.trendmicro.com
Content-Length: 0
Date: Mon, 16 Mar 2026 07:02:50 GMT
Vary: Origin
Server: AkamaiGHost

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
283 B 129ms
79ms XHR
text/html 23.55.163.138
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.163.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-55-163-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: null
expires: Mon, 16 Mar 2026 07:02:50 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1773644570752_389522058_265580455_23_936_0_60_219";dur=1
access-control-allow-origin: https://www.trendmicro.com
content-length: 4
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/html
vary: Origin

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/1015287688/ 6 KB
2 KB 23ms
23ms Script
text/javascript 216.58.206.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1015287688/?random=1773644570738&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tiba=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

9a461fede7ab7510772c57b4a2cec40c7e562e319b8ccfa1b035d17dc801eda0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2315
date: Mon, 16 Mar 2026 07:02:50 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202310.2.0/assets/ 13 KB
3 KB 22ms
22ms Fetch
application/json 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: /1UdBS+YEc76mTiBEFqAyQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5D10971D872
x-ms-lease-status: unlocked
age: 11474
cf-cache-status: HIT
x-content-type-options: nosniff
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 19:54:00 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 42357384-801e-0034-1d68-393c22000000
cf-ray: 9dd1e5073eaa9962-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3017
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202310.2.0/assets/ 21 KB
4 KB 24ms
24ms Fetch
text/css 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: c7xAZ9MSGAobGaTYg/Qtag==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
cf-cache-status: HIT
x-ms-lease-status: unlocked
age: 84848
x-content-type-options: nosniff
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/css
last-modified: Tue, 16 Jul 2024 19:54:13 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 3caff250-b01e-0015-1617-3e5113000000
cf-ray: 9dd1e5073eab9962-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
841 B 246ms
203ms XHR
application/json 150.171.22.12
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=8866&time=1773644570752&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Accept: *
Referer: https://www.trendmicro.com/

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 00064d1ece9af6fc18f440b574cb1000
x-msedge-ref: Ref A: 945620F5DF3C4F0DB860461BB54AEE17 Ref B: FRA261071513040 Ref C: 2026-03-16T07:02:50Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAZNHs6a9vwY9EC1dMsQAA==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
alt-svc: h3=":443"; ma=86400
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2 200 collect
px.ads.linkedin.com/ 0
693 B 218ms
175ms Image
application/javascript 150.171.22.12
Microsoft Corpora...

General

Check archive.org

Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1773644570752&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 021A7D2A7AB84470882D5632929813E9 Ref B: FRA261071502036 Ref C: 2026-03-16T07:02:50Z
x-li-fabric: prod-lor1
x-li-uuid: AAZNHs6a5otG5C051F+ePQ==
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript

POST
H/1.1 200
OK visitWebPage
605-sfw-393.mktoresp.com/webevents/ 2 B
318 B 566ms
97ms Ping
text/plain 192.28.153.119
Adobe Inc.

General

Check archive.org

Download Go to

Full URL: https://605-sfw-393.mktoresp.com/webevents/visitWebPage?_mchNc=1773644570756&_mchCn=&_mchId=605-SFW-393&_mchTk=_mch-trendmicro.com-c262fcb1111737c5a62779defa3fb11b&_mchHo=www.trendmicro.com&_mchPo=&_mchRu=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&_mchPc=https%3A&_mchVr=164&_mchEcid=29C656F85FE1CBB80A495C08%40AdobeOrg%3A6%3A62115993800021485600283865365380563662&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/164/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.153.119 , United States, ASN15224 (OMNITURE - Adobe Inc., US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: 64e5c963-e0d3-46cc-b642-b618c1d8dd0b
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Mon, 16 Mar 2026 07:02:51 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
620 B 20ms
20ms Image
image/svg+xml 104.18.87.42
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-md5: pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
cf-cache-status: HIT
x-ms-lease-status: unlocked
age: 11905
x-content-type-options: nosniff
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Mar 2026 02:17:46 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: f3e560c3-501e-00d8-22f7-b4345b000000
cf-ray: 9dd1e507bbb11a47-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 251ms
211ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=null&visitor=d2b39742-9c47-4049-8347-b8eb6d1f7af4&session=7383a554-ad03-4e57-8764-550b09874256&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.%22%2C%22keywords%22%3A%22malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime%22%2C%22title%22%3A%22New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&pageViewId=67e569dd-44a1-4ed8-8117-436c8b066a74&an_uid=-1&v=1.1.31

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 205ms
165ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=null&visitor=d2b39742-9c47-4049-8347-b8eb6d1f7af4&session=7383a554-ad03-4e57-8764-550b09874256&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22f0978075a275d14104571cd0b3e9919c9748869b%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22810eb8f4ed8abcee5cd1e233263d8d3f%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.%22%2C%22keywords%22%3A%22malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime%22%2C%22title%22%3A%22New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&pageViewId=67e569dd-44a1-4ed8-8117-436c8b066a74&an_uid=-1&v=1.1.31

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: image/gif

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 760 B
665 B 76ms
52ms XHR
application/json 75.2.108.141
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 75.2.108.141 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: 65a1c8e40f97a72622872b33032cc16d98c9cd61c56d1fe897a0ded9a7375dc4

Request headers

Authorization: Token f0978075a275d14104571cd0b3e9919c9748869b
X-6s-CustomID: WebTag1.0 810eb8f4ed8abcee5cd1e233263d8d3f
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://www.trendmicro.com
content-length: 404
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/json
vary: Origin, Accept-Encoding

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 84ms
54ms Preflight 75.2.108.141
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 75.2.108.141 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.trendmicro.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Mon, 16 Mar 2026 07:02:50 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H3

200

/
www.google.de/pagead/1p-conversion/1015287688/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTy...
https://www.google.com/pagead/1p-conversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&...
https://www.google.de/pagead/1p-conversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u...

42 B
64 B

47ms
24ms

Image
image/gif

172.217.168.67
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tiba=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CLTesQII8t-xAgihuLECCLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgi0xrECCJPasQII29yxAgiH27ECCNPFsQII68yxAgjtzrECCNXPsQII9NqxAgiX1LECCMnbsQIIseGxAgiz4bECCKbdsQIIsN6xAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&cerd=CgSI3b0t&fsk=ChAI8NTezQYQxJnH5PKS-Nl0EiwA-eS12pKkxG7WepAi1k5lv50I1zcQOYyQd7_J_X9PK1KhSl4cMh1EyCoJnxoCEkg&is_vtc=1&cid=CAQSUADnonV5C5QkC6B2MJ45SDPPa-xwyOCOt7uWR_x0gdmclJHihdDOHF3GFaMUU6fjT-a0m9KtEiEwx6SoYNJJrWLIlT7qUO_G1uLJQqnJNDcm&random=687657781&resp=GooglemKTybQhCsO&ipr=y&pscrd=IhMIr8Pj9OyjkwMVk5d8Bh2rKw0CMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOhtodHRwczovL3d3dy50cmVuZG1pY3JvLmNvbS96DAgJYggIABAAGAAgAA

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Server

172.217.168.67 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfraa-bk-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 16 Mar 2026 07:02:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1015287688/?random=1863773504&cv=9&fst=1773644570738&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tiba=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CLTesQII8t-xAgihuLECCLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgi0xrECCJPasQII29yxAgiH27ECCNPFsQII68yxAgjtzrECCNXPsQII9NqxAgiX1LECCMnbsQIIseGxAgiz4bECCKbdsQIIsN6xAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&cerd=CgSI3b0t&fsk=ChAI8NTezQYQxJnH5PKS-Nl0EiwA-eS12pKkxG7WepAi1k5lv50I1zcQOYyQd7_J_X9PK1KhSl4cMh1EyCoJnxoCEkg&is_vtc=1&cid=CAQSUADnonV5C5QkC6B2MJ45SDPPa-xwyOCOt7uWR_x0gdmclJHihdDOHF3GFaMUU6fjT-a0m9KtEiEwx6SoYNJJrWLIlT7qUO_G1uLJQqnJNDcm&random=687657781&resp=GooglemKTybQhCsO&ipr=y&pscrd=IhMIr8Pj9OyjkwMVk5d8Bh2rKw0CMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOhtodHRwczovL3d3dy50cmVuZG1pY3JvLmNvbS96DAgJYggIABAAGAAgAA
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 16 Mar 2026 07:02:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H/1.1

200
OK

/ Show response
c.6sc.co/
Redirect Chain

https://c.6sc.co/
https://c.6sc.co/refresh
https://c.6sc.co/?m=1

47 B
535 B

53ms
53ms

XHR
text/plain

23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://c.6sc.co/?m=1
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: HTTP/1.1
Server: 23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-50-131-146.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 33f6ab2f84da5a1e94cca8db747d4b5950165b3b5d99733dc7768652e1254e1b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: Mon, 16 Mar 2026 07:02:51 GMT
Access-Control-Allow-Origin: https://www.trendmicro.com
Content-Length: 47
Date: Mon, 16 Mar 2026 07:02:51 GMT
Content-Type: text/plain
Vary: Origin

Redirect headers

Cache-Control: max-age=0, no-cache, no-store
Location: https://c.6sc.co/?m=1
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: Mon, 16 Mar 2026 07:02:50 GMT
Access-Control-Allow-Origin: https://www.trendmicro.com
Content-Length: 0
Date: Mon, 16 Mar 2026 07:02:50 GMT
Vary: Origin
Server: AkamaiGHost

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
282 B 11ms
11ms XHR
text/html 23.55.163.138
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.163.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-55-163-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: null
expires: Mon, 16 Mar 2026 07:02:50 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1773644570906_389522058_265580587_22_1215_0_0_219";dur=1
access-control-allow-origin: https://www.trendmicro.com
content-length: 4
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: text/html
vary: Origin

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 534 KB
169 KB 45ms
45ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94&cx=c&gtm=4e63b1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MT6DHL8&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

8249dc88858fe2d5d6e0219a26640aaf0a11d63ab016199f89dd8d2559f44a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 16 Mar 2026 07:02:50 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 172390
date: Mon, 16 Mar 2026 07:02:50 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 451 KB
152 KB 38ms
38ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-J4XSRG212B&cx=c&gtm=4e63b1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MT6DHL8&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

0202abc8707b3b52e64141a28a1144322366e3e0428f1b0dd17245a7279ffd5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 16 Mar 2026 07:02:50 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 155551
date: Mon, 16 Mar 2026 07:02:50 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 107ms
55ms Fetch
text/plain 216.239.34.36
Google LLC

General

Check archive.org

Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-4502MK3B94&gtm=45je63b1v884954515za200zb78563286zd78563286&_p=1773644570664&gcd=13l3l3l2l1l1&npa=1&dma_cps=a&dma=1&gdid=dYmQxMT&cid=1953875912.1773644571&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~115938465~115938468~116024733~117484252&sid=1773644570&sct=1&seg=0&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&dt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.consumer=not_consumer&tfd=1177
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:113:0
report-to: {"group":"ascnsrsggc:113:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:113:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.trendmicro.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:113:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 bat.js Show response
bat.bing.com/ 54 KB
15 KB 102ms
29ms Script
application/javascript 150.171.27.10
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

454e2c8f849e7a376985006d897556933fc924756c867076ec9c70156536b09e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "0d8632659cdc1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 71943415684E4FC993F063CA7B55D54D Ref B: FRA261110503054 Ref C: 2026-03-16T07:02:51Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 15310
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript
last-modified: Thu, 12 Feb 2026 21:17:36 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 34 KB
11 KB 39ms
13ms Script
application/javascript 18.172.114.101
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.114.101 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-18-172-114-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 62f5a9e298862e32f868dc614fa303d9b732f0dc9bd75ce48f65293c850aec2f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

Transfer-Encoding: chunked
Vary: accept-encoding
Content-Encoding: gzip
ETag: W/"4f0ee2dd2ded846639b9a28a5cb2bd70"
Age: 68154
Connection: keep-alive
Via: 1.1 db38c5279288cd1c6aea4fa2c0409120.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: LissYC3eGiP3sww9icFN_aTR6PBMqU80xUhPH-sn4P5h2NvesFBHvg==
Date: Sun, 15 Mar 2026 12:06:58 GMT
Content-Type: application/javascript
Last-Modified: Sun, 15 Mar 2026 12:05:43 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
x-amz-server-side-encryption: AES256

POST
H3 200 collect
www.google.com/ccm/ 0
0 18ms
16ms Fetch
text/plain 142.251.141.100
Google LLC

General

Check archive.org

Download Go to

Full URL: https://www.google.com/ccm/collect?frm=0&ae=g&en=page_view&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&scrsrc=www.googletagmanager.com&rnd=1725071356.1773644571&dt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&auid=108905293.1773644571&navt=n&npa=1&ep.ads_data_redaction=0&gtm=45He63b1v72003116za200zd72003116xea&gcd=13l3l3l2l1l1&dma_cps=a&dma=1&tag_exp=102015666~103116026~103200004~115616985~115938465~115938468~116024733~117484252&apve=1&apvf=f&apvc=1&tft=1773644570986&tfd=1215
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.141.100 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: tzfraa-ai-in-f4.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

GET getuid
s.ml-attr.com/ 0
0

POST
H2 204 /
px.ads.linkedin.com/wa/ 0
0 184ms
173ms Fetch 150.171.22.12
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/wa/?medium=fetch&fmt=g
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 31256F48C7CB424893EF13C28BA299C8 Ref B: FRA261071502036 Ref C: 2026-03-16T07:02:51Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAZNHs6eAMFWnYPZ2RDh5g==
x-li-proto: http/2
access-control-allow-origin: https://www.trendmicro.com
x-cache: CONFIG_NOCACHE
alt-svc: h3=":443"; ma=86400
date: Mon, 16 Mar 2026 07:02:51 GMT
vary: Origin

GET
H3 200 sm.25.html Show response
static.addtoany.com/menu/ Frame D746 716 B
994 B 28ms
18ms Document
text/html 104.20.20.192
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.20.192 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

274d4116239b63097bb7c16e56e27cbb5a77be20392fb8e2317c0a0235185cad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 15913
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 9dd1e508ddffd8e7-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 16 Mar 2026 07:02:51 GMT
etag: W/"551efc5187c9f500b4e394155ba03720"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DM3RCZgOhxY2RXWvNz8%2B%2F%2BAX1ZnTbzm9pldbWqe9I1b2%2BqjDuck0P0fHOrKa4MoS%2F%2BAqwWxODeHy83AkBQAbcNqBOmykRI0ztyHbkqoURmJO"}]}
server: cloudflare
server-timing: cfExtPri
speculation-rules: "/cdn-cgi/speculation"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: accept-encoding
x-content-type-options: nosniff

GET
H3 200 core.ydpp7jcu.js Show response
static.addtoany.com/menu/modules/ 71 KB
26 KB 38ms
29ms Script
application/javascript 104.20.20.192
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.ydpp7jcu.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.20.192 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

afb9825a91c5980ddb68ebfa3c7323533f4355f14a0a7db233b5de527f4c32d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin: https://www.trendmicro.com
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"44ad5ade899a741fb11da1dc866d3785"
age: 19645
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=x%2F1W1Hh%2BvWGMFxlqhAKh2kjp6oMssDo6YEPahvwLDzEY3TuFng2y%2BBWuh2isI2fxpUI94c1EpkNqOdj51TY49QoO1Sr2mza6z9T7QK4AHHzW"}]}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/javascript
vary: accept-encoding
priority: u=1,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=315360000, immutable
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: strict-origin-when-cross-origin
cf-ray: 9dd1e508dd829232-FRA
access-control-allow-origin: *
server: cloudflare

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 12ms
6ms Script
text/javascript 142.251.127.101
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.101 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f101.1e100.net

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
age: 677
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:51:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 06:51:34 GMT
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 1129
x-xss-protection: 0
server: sffe

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
811 B 17ms
11ms Script
text/javascript 142.251.127.101
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.127.101 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f101.1e100.net

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
age: 678
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:51:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 06:51:33 GMT
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 697
x-xss-protection: 0
server: sffe

GET
H3 200 243552383039605 Show response
connect.facebook.net/signals/config/ 160 KB
38 KB 32ms
25ms Script
application/x-javascript 157.240.0.6
Facebook

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/243552383039605?v=2.9.277&r=stable&domain=www.trendmicro.com&hme=b0ad3da822578fe2b808f13c29c26424c1eec6df21f897230a1f8d7975c03c8e&ex_m=101%2C194%2C143%2C22%2C69%2C70%2C136%2C65%2C64%2C11%2C151%2C87%2C16%2C130%2C123%2C72%2C75%2C129%2C148%2C153%2C8%2C4%2C5%2C7%2C6%2C3%2C88%2C98%2C154%2C159%2C208%2C59%2C175%2C176%2C52%2C262%2C30%2C71%2C220%2C219%2C218%2C23%2C32%2C100%2C58%2C10%2C60%2C94%2C95%2C96%2C102%2C126%2C31%2C29%2C128%2C125%2C124%2C144%2C73%2C147%2C145%2C146%2C47%2C57%2C119%2C15%2C150%2C42%2C249%2C250%2C248%2C26%2C27%2C28%2C45%2C137%2C74%2C109%2C18%2C20%2C41%2C37%2C39%2C38%2C80%2C89%2C93%2C107%2C135%2C138%2C43%2C108%2C24%2C21%2C115%2C66%2C35%2C140%2C139%2C141%2C132%2C131%2C25%2C34%2C56%2C106%2C149%2C67%2C17%2C142%2C111%2C78%2C63%2C19%2C82%2C83%2C112%2C81%2C33%2C277%2C201%2C190%2C191%2C189%2C280%2C272%2C49%2C202%2C104%2C127%2C77%2C117%2C51%2C44%2C46%2C110%2C116%2C122%2C55%2C61%2C50%2C53%2C97%2C152%2C1%2C120%2C14%2C118%2C12%2C2%2C54%2C90%2C62%2C114%2C86%2C85%2C155%2C156%2C91%2C92%2C9%2C121%2C99%2C48%2C133%2C84%2C76%2C68%2C113%2C103%2C40%2C134%2C0%2C79%2C36%2C105%2C13%2C157

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

f26edc423fe6bdd0c8eadc5fb845af21e5067ce83f75f96854bf626c6a70f365

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;script-src 'nonce-28kjCSmE' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com ws://localhost: .cdninstagram.com;font-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;img-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;media-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;child-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;frame-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;manifest-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;object-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;worker-src 'self' data: blob: facebook.net .facebook.net facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;script-src 'nonce-28kjCSmE' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* *.cdninstagram.com;font-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;img-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;media-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;child-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;frame-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;manifest-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;object-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;worker-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=98, mss=1232, tbw=107277, tp=97, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: cr4Z3GkKZWh7VWzKTsct5X7LdEjcZiqL3dqOWLf2y3oSCeia0A+bdItTRKc6URT7SmHUbuwt7qeO6RAsD2WwTg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 38936
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 clarity.js Show response
scripts.clarity.ms/0.8.57/ 80 KB
26 KB 63ms
15ms Script
application/javascript 13.107.246.45
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://scripts.clarity.ms/0.8.57/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/sjbgghj1f5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: d8eaf5ff69cb44f6ddaeb29f180ff78b8b56747e6733cfe6795ff53d51fe0f6c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

x-azure-ref: 20260316T070251Z-r15c679d9d52ltnxhC1FRAdz580000001c7g00000000bu2m
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DE817E378238C1"
x-fd-int-roxy-purgeid: 1
x-ms-request-id: dd69dd8d-501e-0016-5d9f-b3d80c000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Sat, 14 Mar 2026 04:00:23 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 464 KB
156 KB 36ms
27ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-5427711&cx=c&gtm=4e63b1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-J4XSRG212B&cx=c&gtm=4e63b1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

2dd6df4990e9defce645d4a3486bf6e6adc86dc7c6c7ff4f2467eb3daf10d2d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: zstd
report-to: {"group":"ascgsrsghrgc:72:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgsrsghrgc:72:0"}],}
expires: Mon, 16 Mar 2026 07:02:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgsrsghrgc:72:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgsrsghrgc:72:0
content-length: 159924
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 402 KB
139 KB 30ms
20ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-929919117&cx=c&gtm=4e63b1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-J4XSRG212B&cx=c&gtm=4e63b1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

dd18f02dc373630a501dc7cef308e35610486c70f4d10436a31c99b0b47bc7d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: zstd
report-to: {"group":"ascgsrsghrgc:72:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgsrsghrgc:72:0"}],}
expires: Mon, 16 Mar 2026 07:02:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 16 Mar 2026 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgsrsghrgc:72:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgsrsghrgc:72:0
content-length: 142496
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 347 KB
124 KB 42ms
33ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-9572106&cx=c&gtm=4e63b1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-J4XSRG212B&cx=c&gtm=4e63b1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

41a2aeed07b2a10ea78c9b8f91122ef8b6da43cc0c80eadf23f855465ecefc5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: zstd
report-to: {"group":"ascgsrsghrgc:72:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgsrsghrgc:72:0"}],}
expires: Mon, 16 Mar 2026 07:02:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 16 Mar 2026 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgsrsghrgc:72:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgsrsghrgc:72:0
content-length: 126991
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 19ms
16ms Fetch
text/plain 216.239.34.36
Google LLC

General

Check archive.org

Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-J4XSRG212B&gtm=45je63b1v9202583567za200zb78563286zd78563286&_p=1773644570664&gcd=13l3l3l2l1l1&npa=1&dma_cps=a&dma=1&gdid=dYmQxMT&cid=1953875912.1773644571&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~115616986~115938465~115938469~116024733~116133312~117484252&sid=1773644571&sct=1&seg=0&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&dt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&_tu=KA&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1307
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-J4XSRG212B&cx=c&gtm=4e63b1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:113:0
report-to: {"group":"ascnsrsggc:113:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:113:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.trendmicro.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:113:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 de.js Show response
static.addtoany.com/menu/locale/ 889 B
1 KB 12ms
12ms Script
application/javascript 104.20.20.192
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://static.addtoany.com/menu/locale/de.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.ydpp7jcu.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.20.192 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

590f6b0ea574d56c72e66504ed8d3d9f5005d48d004f1ac01f395798ce1a1589

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"d92e4bfab3e7bb7f93e876b4f8606fc8"
age: 15652
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=v1v6mr4SEYQ1U2e3OumSshhGnoKOGxODGVDrXWOe5caMxH6852PibJHWn2bZ%2BNqZkTpXEodnQ5R1ey%2FEHEbIsTSOEskO9tAi4RQuYj%2FBJ9EEFb5%2FG2AEkBefFxj9"}]}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: application/javascript
vary: accept-encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400, stale-while-revalidate=30, public
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: strict-origin-when-cross-origin
cf-ray: 9dd1e5098d05f415-FRA
access-control-allow-origin: *
server: cloudflare

POST
H3 200 collect Show response
www.google-analytics.com/j/ 15 B
38 B 39ms
38ms XHR
text/plain 142.251.127.101
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j102&a=1499243171&t=pageview&cu=&_s=1&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&ul=de-de&dt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&sr=1600x1200&vp=1600x1200&_u=aCDACAIrBAAAACAMIg~&cid=1953875912.1773644571&tid=UA-44592531-1&_gid=901100256.1773644571&_slc=1&cd15=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&cd2=Mingyue%20Shirley%20Yang%7CMalware%20Researcher&cd3=2026-03-05&z=162337137

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.127.101 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

045cf7fd65fd76199b79479c9bfd035d30e173ef2942f8b82360c85a811e843a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.trendmicro.com/

Response headers

report-to: {"group":"ascnsrsgac:207:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:207:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:51 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:207:0
access-control-allow-origin: https://www.trendmicro.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:207:0
content-length: 15
server: Golfe2

GET
H2 200 26044208.js Show response
bat.bing.com/p/action/ 398 B
431 B 33ms
32ms Script
application/javascript 150.171.27.10
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/p/action/26044208.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

efd1383222f8ac42226213ed448716694966c39e80ab8c23d71c6c8e3016d71d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B9A54B96D48D4A8FB85372EC363F8897 Ref B: FRA261110503054 Ref C: 2026-03-16T07:02:51Z
x-cache: CONFIG_NOCACHE
date: Mon, 16 Mar 2026 07:02:50 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 20ms
8ms Image
text/plain 157.240.253.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=243552383039605&ev=PageView&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&rl=&if=false&ts=1773644571144&sw=1600&sh=1200&v=2.9.277&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1773644570685.898206884424693065.Bg&cs_est=true&ler=empty&cdl=API_unavailable&pmd[title]=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&pmd[locale]=en_US&pmd[description]=The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.&pmd[keywords]=malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime&plt=805.6999969482422&it=1773644571025&coo=false&expv2[0]=pl1&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=im1&expv2[6]=hf1&rqm=GET

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4831, tp=11, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 181ms
170ms Image
image/png 157.240.253.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=243552383039605&ev=PageView&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&rl=&if=false&ts=1773644571144&sw=1600&sh=1200&v=2.9.277&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1773644570685.898206884424693065.Bg&cs_est=true&ler=empty&cdl=API_unavailable&pmd[title]=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&pmd[locale]=en_US&pmd[description]=The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.&pmd[keywords]=malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime&plt=805.6999969482422&it=1773644571025&coo=false&expv2[0]=pl1&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=im1&expv2[6]=hf1&rqm=FGET

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 127.0.0.1: 'nonce-4avHMl5q' blob: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7617745427541163068&cpp=C3&cv=1035216863&st=1773644571183"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7617745427541163068&cpp=C3&cv=1035216863&st=1773644571183", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 127.0.0.1:* 'nonce-4avHMl5q' blob: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: lWw0bh2dA0rCg/hbT0wpkr4iVNo4hlSyKzRrkDgcGKEX1z+IMuf5hINwszRrS/st5h4gUgOtH2fFebjmgc77wQ==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=26, mss=1232, tbw=9670, tp=22, tpl=0, uplat=162, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 20ms
9ms Image
text/plain 157.240.253.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=243552383039605&ev=PageView&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&rl=&if=false&ts=1773644571150&sw=1600&sh=1200&v=2.9.277&r=stable&a=tmtealium&ec=1&o=4126&fbp=fb.1.1773644570685.898206884424693065.Bg&cs_est=true&ler=empty&cdl=API_unavailable&pmd[title]=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&pmd[locale]=en_US&pmd[description]=The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.&pmd[keywords]=malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime&plt=805.6999969482422&it=1773644571025&coo=false&eid=845b965d34498a481cef7b2b44ddbd7f&tm=1&expv2[0]=pl1&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=im1&expv2[6]=hf1&rqm=GET

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=5423, tp=14, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
199 B 155ms
145ms Image
image/png 157.240.253.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=243552383039605&ev=PageView&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&rl=&if=false&ts=1773644571150&sw=1600&sh=1200&v=2.9.277&r=stable&a=tmtealium&ec=1&o=4126&fbp=fb.1.1773644570685.898206884424693065.Bg&cs_est=true&ler=empty&cdl=API_unavailable&pmd[title]=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&pmd[locale]=en_US&pmd[description]=The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.&pmd[keywords]=malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime&plt=805.6999969482422&it=1773644571025&coo=false&eid=845b965d34498a481cef7b2b44ddbd7f&tm=1&expv2[0]=pl1&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=im1&expv2[6]=hf1&rqm=FGET

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 127.0.0.1: 'nonce-tZSzKS6n' blob: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7617745429207686312&cpp=C3&cv=1035216863&st=1773644571182"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: f2jUef8PFuaOTk03+dbv685T5VpkqUa2DWb21MjmeGGcxPXBW1DXvC0ktu41i2gRAdhACkxFLDGDwhISwdSwFg==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7617745429207686312&cpp=C3&cv=1035216863&st=1773644571182", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 127.0.0.1:* 'nonce-tZSzKS6n' blob: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=24, mss=1232, tbw=5663, tp=17, tpl=0, uplat=137, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 514 KB
163 KB 28ms
28ms Script
application/javascript 142.251.127.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JSMMKXDWBS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.127.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

4785d478fdadac74428d655809b3a39055fa488ea99e63c659ae843f399b4a0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 16 Mar 2026 07:02:51 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166831
date: Mon, 16 Mar 2026 07:02:51 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

POST
H3 200 collect
www.google.com/ccm/ 0
0 16ms
16ms Fetch
text/plain 142.251.141.100
Google LLC

General

Check archive.org

Download Go to

Full URL: https://www.google.com/ccm/collect?frm=0&ae=g&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&scrsrc=www.googletagmanager.com&rnd=1725071356.1773644571&dt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&auid=108905293.1773644571&navt=n&npa=1&_tu=KA&gtm=45be63b1v886840403z872003116za20gzb72003116zd72003116xea&gcd=13l3l3l2l1l1&dma_cps=a&dma=1&tag_exp=103116026~103200004~115616985~115938465~115938468~116024733~117484252&apve=1&apvf=f&apvc=0&tids=AW-929919117&tid=AW-929919117&tft=1773644571216&tfd=1446
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-929919117&cx=c&gtm=4e63b1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.141.100 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: tzfraa-ai-in-f4.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

GET
H3

200

activity;dc_pre=CPy_hPXso5MDFVoNogMdgmoCPg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-... Show response
ad.doubleclick.net/
Redirect Chain

https://ad.doubleclick.net/activity;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-v...
https://ad.doubleclick.net/activity;dc_pre=CPy_hPXso5MDFVoNogMdgmoCPg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2F...

42 B
65 B

50ms
50ms

Fetch
image/gif

172.217.16.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/activity;dc_pre=CPy_hPXso5MDFVoNogMdgmoCPg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe63b1v9188098692z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115616986~115938465~115938469~116024733~117484252;epver=2;dc_random=1773644571_FzB8VOS3j4YNXdUQeiLVJUSqLxugZeNiKA;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html?

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Server

172.217.16.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-am-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Mon, 16 Mar 2026 07:02:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://ad.doubleclick.net/activity;dc_pre=CPy_hPXso5MDFVoNogMdgmoCPg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe63b1v9188098692z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115616986~115938465~115938469~116024733~117484252;epver=2;dc_random=1773644571_FzB8VOS3j4YNXdUQeiLVJUSqLxugZeNiKA;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html?
pragma: no-cache
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 16 Mar 2026 07:02:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages....
5427711.fls.doubleclick.net/ Frame AAC7 0
0

POST
H/1.1 204
No Content collect Show response
e.clarity.ms/ 0
282 B 400ms
190ms XHR
text/plain 20.57.85.160
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: scripts.clarity.ms
URL: https://scripts.clarity.ms/0.8.57/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.57.85.160 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.trendmicro.com/

Response headers

Request-Context: appId=cid-v1:a449a586-8786-487f-a449-dc1b282a2628
Access-Control-Allow-Origin: https://www.trendmicro.com
Date: Mon, 16 Mar 2026 07:02:51 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H3

200

activity;dc_pre=CKvBhvXso5MDFeEHogMd7UERAg;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-user... Show response
ad.doubleclick.net/
Redirect Chain

https://ad.doubleclick.net/activity;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-d...
https://ad.doubleclick.net/activity;dc_pre=CKvBhvXso5MDFeEHogMd7UERAg;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fbory...

42 B
65 B

49ms
49ms

Fetch
image/gif

172.217.16.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/activity;dc_pre=CKvBhvXso5MDFeEHogMd7UERAg;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KFA;gtm=45fe63b1v9190653197z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115938465~115938468~116024733~117484252;epver=2;dc_random=1773644571_h7IlrOinDkQPJLINbZO7OHI2bUw5pxmQqg;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html?

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Protocol

Server

172.217.16.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzfraa-am-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Mon, 16 Mar 2026 07:02:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://ad.doubleclick.net/activity;dc_pre=CKvBhvXso5MDFeEHogMd7UERAg;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KFA;gtm=45fe63b1v9190653197z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=3;tag_exp=103116026~103200004~115938465~115938468~116024733~117484252;epver=2;dc_random=1773644571_h7IlrOinDkQPJLINbZO7OHI2bUw5pxmQqg;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html?
pragma: no-cache
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 16 Mar 2026 07:02:51 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activityi;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html...
9572106.fls.doubleclick.net/ Frame 9B13 0
0

POST
H2 204 0
bat.bing.net/actionp/ 0
346 B 90ms
54ms Ping
text/plain 150.171.28.10
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://bat.bing.net/actionp/0?ti=26044208&tm=gtm002&Ver=2&mid=d669bd75-7666-4c3a-bf74-b45030dccbbc&bo=1&evt=consent&src=enforced&cdb=AQEZ&asc=D
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C6C49753013946658BA3564430787FA7 Ref B: FRA261071510036 Ref C: 2026-03-16T07:02:51Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 16 Mar 2026 07:02:51 GMT

GET
H2 204 0
bat.bing.net/action/ 0
120 B 89ms
55ms Image
text/plain 150.171.28.10
Microsoft Corpora...

General

Check archive.org

Download Go to Show image

Full URL: https://bat.bing.net/action/0?ti=26044208&tm=gtm002&Ver=2&mid=d669bd75-7666-4c3a-bf74-b45030dccbbc&bo=2&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&kw=malware,research,articles,%20news,%20reports,cyber%20threats,cyber%20crime&p=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&r=&lt=806&evt=pageLoad&sv=2&asc=D&cdb=AQEZ&rn=871649
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B03AD18703434A718BC0B9075B3233FB Ref B: FRA261071510036 Ref C: 2026-03-16T07:02:51Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 16 Mar 2026 07:02:51 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
0 15ms
15ms Fetch
text/plain 216.239.34.36
Google LLC

General

Check archive.org

Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-JSMMKXDWBS&gtm=45je63b1v9164383042za20g&_p=1773644570664&gcd=13l3l3l2l2l1&npa=0&dma_cps=a&dma=1&gdid=dYmQxMT.dYWJhMj&ul=de-de&sr=1600x1200&cid=1953875912.1773644571&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&tag_exp=103116026~103200004~115938465~115938469~116024733~117484252&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&dt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&sid=1773644571&sct=1&seg=0&_tu=6AQ&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_15=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&ep.ua_dimension_2=Mingyue%20Shirley%20Yang%7CMalware%20Researcher&ep.ua_dimension_3=2026-03-05&tfd=1561
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JSMMKXDWBS&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:113:0
report-to: {"group":"ascnsrsggc:113:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:113:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.trendmicro.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:113:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: text/plain
server: Golfe2

GET cei
insight.adsrvr.org/track/ Frame 836E 0
0

GET
H2 200 favicon.ico
www.trendmicro.com/content/dam/trendmicro/ 3 KB
4 KB 47ms
46ms Other
image/x-icon 72.246.28.156
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://www.trendmicro.com/content/dam/trendmicro/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.28.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a72-246-28-156.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3818e71293245021a4db81e76832f162d45ff7cb518be638f0cc96797f7c2361

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Response headers

content-encoding: br
etag: "d1a-609031a4befc0"
x-content-type-options: nosniff
x-prod-n-01: Yes
expires: Tue, 17 Mar 2026 07:02:22 GMT
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 31 Oct 2023 13:26:31 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; preload
cache-control: max-age=86371
accept-ranges: bytes
content-length: 3361
x-xss-protection: 1;mode=block
server: nginx

POST
H/1.1 204
No Content collect Show response
e.clarity.ms/ 0
282 B 582ms
366ms XHR
text/plain 20.57.85.160
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: scripts.clarity.ms
URL: https://scripts.clarity.ms/0.8.57/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.57.85.160 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.trendmicro.com/

Response headers

Request-Context: appId=cid-v1:a449a586-8786-487f-a449-dc1b282a2628
Access-Control-Allow-Origin: https://www.trendmicro.com
Date: Mon, 16 Mar 2026 07:02:52 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 117ms
116ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=12173317f33325001aabb7697d0300002c3f0400&visitor=d2b39742-9c47-4049-8347-b8eb6d1f7af4&session=7383a554-ad03-4e57-8764-550b09874256&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A50%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.%22%2C%22keywords%22%3A%22malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime%22%2C%22title%22%3A%22New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&pageViewId=67e569dd-44a1-4ed8-8117-436c8b066a74&an_uid=-1&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:51 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 16 Mar 2026 07:02:51 GMT
content-type: image/gif

GET
H2 200 config Show response
lb.prod.equally.ai/api/v1/widget/ 87 KB
13 KB 188ms
187ms XHR
application/json 44.213.29.178
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://lb.prod.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=19bb3425e4f5d21ef605269ca89c865e

Requested by

Host: widget.equally.ai
URL: https://widget.equally.ai/equally-widget.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.213.29.178 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-44-213-29-178.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c180dce2f6f2fae1952368b7a48d78ae281b568098b3ff6b5cef68368d7d5d64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
X-Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Referer: https://www.trendmicro.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 1728000
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-methods: PUT, GET, POST, OPTIONS, DELETE
access-control-allow-origin: https://www.trendmicro.com
date: Mon, 16 Mar 2026 07:02:52 GMT
content-type: application/json
vary: Accept-Encoding
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin,Authorization,equally-client-id,equally-auth-provider,X-Referer, Origin, Referer

POST
H2 200 realtimeconversion Show response
insight.adsrvr.org/track/ 36 B
352 B 127ms
73ms XHR
application/json 3.33.220.150
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://insight.adsrvr.org/track/realtimeconversion
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 15a3dc247a9802298e21568c4d7d501a6236c246e9a2257177799a5400844740

Request headers

Referer: https://www.trendmicro.com/
eventDataSourceVersion: 3.0.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Content-type: application/json
eventDataSource: JsSdk

Response headers

content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://www.trendmicro.com
date: Mon, 16 Mar 2026 07:02:52 GMT
content-type: application/json
vary: Accept-Encoding
server: Kestrel
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type

OPTIONS
H2 204 config
lb.prod.equally.ai/api/v1/widget/ Frame 0
0 572ms
226ms Preflight 44.213.29.178
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://lb.prod.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=19bb3425e4f5d21ef605269ca89c865e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.213.29.178 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-44-213-29-178.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-referer
Access-Control-Request-Method: GET
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin,Authorization,equally-client-id,equally-auth-provider,X-Referer, Origin, Referer
access-control-allow-methods: PUT, GET, POST, OPTIONS, DELETE
access-control-allow-origin: https://www.trendmicro.com
access-control-max-age: 1728000
date: Mon, 16 Mar 2026 07:02:52 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 realtimeconversion
insight.adsrvr.org/track/ Frame 0
0 127ms
71ms Preflight
application/json 3.33.220.150
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://insight.adsrvr.org/track/realtimeconversion
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,eventdatasource,eventdatasourceversion
Access-Control-Request-Method: POST
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, ttdSignature, eventDataSource, eventDataSourceVersion
access-control-allow-origin: https://www.trendmicro.com
content-encoding: gzip
content-type: application/json
date: Mon, 16 Mar 2026 07:02:52 GMT
server: Kestrel
vary: Accept-Encoding

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 101ms
101ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=12173317f33325001aabb7697d0300002c3f0400&visitor=d2b39742-9c47-4049-8347-b8eb6d1f7af4&session=7383a554-ad03-4e57-8764-550b09874256&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.%22%2C%22keywords%22%3A%22malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime%22%2C%22title%22%3A%22New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&pageViewId=67e569dd-44a1-4ed8-8117-436c8b066a74&an_uid=-1&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:52 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 16 Mar 2026 07:02:52 GMT
content-type: image/gif

OPTIONS
H2 204 config
lb.prod.equally.ai/api/v1/widget/ Frame 0
0 100ms
100ms Preflight 44.213.29.178
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://lb.prod.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=undefined

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.213.29.178 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-44-213-29-178.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-referer
Access-Control-Request-Method: POST
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin,Authorization,equally-client-id,equally-auth-provider,X-Referer, Origin, Referer
access-control-allow-methods: PUT, GET, POST, OPTIONS, DELETE
access-control-allow-origin: https://www.trendmicro.com
access-control-max-age: 1728000
date: Mon, 16 Mar 2026 07:02:53 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 config Show response
lb.prod.equally.ai/api/v1/widget/ 27 B
856 B 235ms
234ms XHR
application/json 44.213.29.178
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://lb.prod.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=undefined

Requested by

Host: widget.equally.ai
URL: https://widget.equally.ai/equally-widget.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.213.29.178 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-44-213-29-178.compute-1.amazonaws.com

Software

nginx /

Resource Hash

16270c15435abfbd1e22c9a06378d29d8823f68d61216d61422d1b0b0643e776

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
X-Referer: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 1728000
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-methods: PUT, GET, POST, OPTIONS, DELETE
access-control-allow-origin: https://www.trendmicro.com
date: Mon, 16 Mar 2026 07:02:53 GMT
content-type: application/json
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin,Authorization,equally-client-id,equally-auth-provider,X-Referer, Origin, Referer

GET
H2 200 en.json Show response
widget.equally.ai/locales/ 10 KB
4 KB 32ms
14ms Fetch
application/json 52.222.136.40
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://widget.equally.ai/locales/en.json

Requested by

Host: widget.equally.ai
URL: https://widget.equally.ai/equally-widget.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.136.40 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-136-40.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8217d4cfca53c8bbe23edfb6df20e2b0fadfa55222fecadb246ddb7c281c2163

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: W/"8d57fd76fc218da7e4745626a703c1ad"
age: 12718
access-control-allow-methods: HEAD, GET
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: Hx2OIM-QmrUllvWDEDgo2yMz66hC0bDCFGOo8wrMn2HjcXHBoTTyEQ==
date: Mon, 16 Mar 2026 03:30:56 GMT
content-type: application/json
vary: Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
last-modified: Wed, 21 Jan 2026 16:29:30 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: strict-origin-when-cross-origin
via: 1.1 203ee6b98de7af3adc87c8746659929c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 open-human.svg Show response
widget.equally.ai/assets/activation-icons/ 1 KB
1 KB 377ms
376ms Fetch
image/svg+xml 52.222.136.40
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://widget.equally.ai/assets/activation-icons/open-human.svg

Requested by

Host: widget.equally.ai
URL: https://widget.equally.ai/equally-widget.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.136.40 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-136-40.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0dc03f6dc54654dcb69692e7640cfd2b714395aeb4ea50de434b913fb6d828c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: W/"e4a452767bcd9ea9a02f66ee6b874b62"
access-control-allow-methods: HEAD, GET
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: RF-LI3bn6f63Cbk-mzYde00SlY730gLJz9_aeuVVmxtAuwvx6Viirg==
date: Mon, 16 Mar 2026 07:02:54 GMT
content-type: image/svg+xml
vary: Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
last-modified: Wed, 21 Jan 2026 16:29:29 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: strict-origin-when-cross-origin
via: 1.1 203ee6b98de7af3adc87c8746659929c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 101ms
101ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=12173317f33325001aabb7697d0300002c3f0400&visitor=d2b39742-9c47-4049-8347-b8eb6d1f7af4&session=7383a554-ad03-4e57-8764-550b09874256&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A52%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.%22%2C%22keywords%22%3A%22malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime%22%2C%22title%22%3A%22New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&pageViewId=67e569dd-44a1-4ed8-8117-436c8b066a74&an_uid=-1&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:53 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 16 Mar 2026 07:02:53 GMT
content-type: image/gif

POST
H/1.1 204
No Content collect Show response
e.clarity.ms/ 0
282 B 193ms
188ms XHR
text/plain 20.57.85.160
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: scripts.clarity.ms
URL: https://scripts.clarity.ms/0.8.57/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.57.85.160 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.trendmicro.com/

Response headers

Request-Context: appId=cid-v1:a449a586-8786-487f-a449-dc1b282a2628
Access-Control-Allow-Origin: https://www.trendmicro.com
Date: Mon, 16 Mar 2026 07:02:53 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 97ms
96ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=12173317f33325001aabb7697d0300002c3f0400&visitor=d2b39742-9c47-4049-8347-b8eb6d1f7af4&session=7383a554-ad03-4e57-8764-550b09874256&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A53%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.%22%2C%22keywords%22%3A%22malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime%22%2C%22title%22%3A%22New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&pageViewId=67e569dd-44a1-4ed8-8117-436c8b066a74&an_uid=-1&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:54 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 16 Mar 2026 07:02:54 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 102ms
102ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=12173317f33325001aabb7697d0300002c3f0400&visitor=d2b39742-9c47-4049-8347-b8eb6d1f7af4&session=7383a554-ad03-4e57-8764-550b09874256&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2016%20Mar%202026%2007%3A02%3A54%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20BoryptGrab%20campaign%20uses%20fake%20SEO%E2%80%91optimized%20GitHub%20repositories%20and%20deceptive%20download%20pages%20to%20distribute%20a%20data%E2%80%91stealing%20malware%20family%20that%20delivers%20multiple%20payloads%2C%20including%20a%20reverse%20SSH%20backdoor%2C%20to%20Windows%20users.%22%2C%22keywords%22%3A%22malware%2Cresearch%2Carticles%2C%20news%2C%20reports%2Ccyber%20threats%2Ccyber%20crime%22%2C%22title%22%3A%22New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&pageViewId=67e569dd-44a1-4ed8-8117-436c8b066a74&an_uid=-1&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer: https://www.trendmicro.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 16 Mar 2026 07:02:55 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 16 Mar 2026 07:02:55 GMT
content-type: image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: trendmicro.demdex.net
URL: https://trendmicro.demdex.net/dest5.html?d_nsid=0

Domain: t.co
URL: https://t.co/1/i/adsct?bci=4&dv=Europe%2FBerlin%26de-DE%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2626%2624%261600%261200%260%26na&eci=4&event=%7B%22contents%22%3A%5B%5D%2C%22conversion_id%22%3A%223063643875266496%22%2C%22twitter_tw-nuwoi-PageView_189%22%3A%22459b3d6962025e690fd98b089f9548fc%22%7D&event_id=d3fcf740-e2b0-466f-81c7-3b63270cf160&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e7a50bbf-1412-400a-9ae0-4c59da21c34b&pt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tw_iframe_status=0&tw_pid_src=1&twpid=tw.1773644570718.934370303504758344&txn_id=tw-nuwoi-PageView&type=javascript&version=2.3.49

Domain: t.co
URL: https://t.co/1/i/adsct?bci=4&dv=Europe%2FBerlin%26de-DE%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2626%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=ed2e3406-2deb-45c8-b98c-88c4dd9224a8&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e7a50bbf-1412-400a-9ae0-4c59da21c34b&pt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tw_iframe_status=0&tw_pid_src=1&twpid=tw.1773644570718.934370303504758344&txn_id=nuwoi&type=javascript&version=2.3.49

Domain: t.co
URL: https://t.co/1/i/adsct?bci=4&dv=Europe%2FBerlin%26de-DE%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2626%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=ff8b6d65-5b8d-4413-a34a-836ac7718619&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e7a50bbf-1412-400a-9ae0-4c59da21c34b&pt=New%20BoryptGrab%20Stealer%20Targets%20Windows%20Users%20via%20Deceptive%20GitHub%20Pages%20%7C%20Trend%20Micro%20(US)&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&tw_iframe_status=0&tw_pid_src=1&twpid=tw.1773644570718.934370303504758344&txn_id=oalxs&type=javascript&version=2.3.49

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuidj

Domain: s.ml-attr.com
URL: https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID

Domain: 5427711.fls.doubleclick.net
URL: https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=3441239354087;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe63b1v9188098692z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=2;tag_exp=103116026~103200004~115616986~115938465~115938469~116024733~117484252;epver=2;dc_random=1773644571_FzB8VOS3j4YNXdUQeiLVJUSqLxugZeNiKA;_dc_test=1;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html?

Domain: 9572106.fls.doubleclick.net
URL: https://9572106.fls.doubleclick.net/activityi;src=9572106;type=trend002;cat=globa0;ord=6966118033864;npa=1;auiddc=108905293.1773644571;u1=%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KFA;gtm=45fe63b1v9190653197z872003116za20gzb72003116zd72003116xea;gcd=13l3l3l2l1l1;dma_cps=a;dma=1;dc_fmt=2;tag_exp=103116026~103200004~115938465~115938468~116024733~117484252;epver=2;dc_random=1773644571_h7IlrOinDkQPJLINbZO7OHI2bUw5pxmQqg;_dc_test=1;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html?

Domain: insight.adsrvr.org
URL: https://insight.adsrvr.org/track/cei?advertiser_id=g2lzvow&cookie_sync=1&upv=3.0.0&upid=803df29&ref=https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

Verdicts & Comments Add Verdict or Comment

162 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.trendmicro.com/	1970-01-21 12:40:44	Name: NSC_MC_dxu-bfn-xfc_XBG-IUUQ Value: ffffffff09224f4245525d5f4f58455e445a4a423660
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: Tx4ZyGtHBrA
.youtube.com/	1970-01-21 16:59:56	Name: VISITOR_INFO1_LIVE Value: TCSteDofNk8
.youtube.com/	1970-01-21 16:59:56	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgOA%3D%3D
.demdex.net/	1970-01-21 16:59:56	Name: demdex Value: 66943865774048722650658453180430373975
.trendmicro.com/	1969-12-31 23:59:59	Name: AMCVS_29C656F85FE1CBB80A495C08%40AdobeOrg Value: 1
.dpm.demdex.net/	1970-01-21 16:59:56	Name: dpm Value: 66943865774048722650658453180430373975
.trendmicro.com/	1970-01-21 22:16:44	Name: AMCV_29C656F85FE1CBB80A495C08%40AdobeOrg Value: 179643557%7CMCIDTS%7C20529%7CMCMID%7C62115993800021485600283865365380563662%7CMCAAMLH-1774249370%7C6%7CMCAAMB-1774249370%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1773651770s%7CNONE%7CMCSYNCSOP%7C411-20536%7CvVersion%7C5.5.0
.trendmicro.com/	1969-12-31 23:59:59	Name: _c1Ref Value: /en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
.trendmicro.com/	1969-12-31 23:59:59	Name: _formRef Value: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html
.youtube.com/	1970-01-21 16:59:56	Name: __Secure-ROLLOUT_TOKEN Value: CJzA-6rcjv3-AxDms8n07KOTAxizltv07KOTAw%3D%3D
.trendmicro.com/	1970-01-21 14:50:20	Name: _fbp Value: fb.1.1773644570685.898206884424693065.Bg
.trendmicro.com/	1970-01-21 22:02:20	Name: _twpid Value: tw.1773644570718.934370303504758344
.tealiumiq.com/	1970-01-21 21:26:20	Name: TAPID Value: trendmicro/global>019cf5745feb002378d5b2b76d1005065006f05d00b08\|
.trendmicro.com/	1970-01-21 21:26:20	Name: utag_main Value: v_id:019cf5745feb002378d5b2b76d1005065006f05d00b08$_sn:1$_se:1$_ss:1$_st:1773646370604$ses_id:1773644570604%3Bexp-session$_pn:1%3Bexp-session$dc_visit:1$dc_event:1%3Bexp-session$dc_region:eu-central-1%3Bexp-session
.trendmicro.com/	1970-01-21 22:16:44	Name: _mkto_trk Value: id:605-SFW-393&token:_mch-trendmicro.com-c262fcb1111737c5a62779defa3fb11b
.trkn.us/	1970-01-21 21:26:20	Name: barometric[cuid] Value: cuid_69b7ab1a-9ca2-4371-a710-1d200015d3a9
.trendmicro.com/	1970-01-21 12:42:10	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Mar+16+2026+08%3A02%3A50+GMT%2B0100+(Mitteleurop%C3%A4ische+Normalzeit)&version=202310.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=894a6634-d92c-4f0f-af7f-4b4a045c27b0&interactionCount=0&landingPath=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fc%2Fboryptgrab-stealer-targets-users-via-deceptive-github-pages.html&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A0%2CC0004%3A0
www.trendmicro.com/	1970-01-21 12:50:49	Name: _an_uid Value: -1
www.trendmicro.com/	1970-01-21 22:16:44	Name: _gd_visitor Value: d2b39742-9c47-4049-8347-b8eb6d1f7af4
www.trendmicro.com/	1970-01-21 12:40:58	Name: _gd_session Value: 7383a554-ad03-4e57-8764-550b09874256
.trendmicro.com/	1970-01-21 22:16:44	Name: _ga_4502MK3B94 Value: GS2.1.s1773644570$o1$g0$t1773644570$j60$l0$h0
.6sc.co/	1970-01-21 22:16:44	Name: 6suuid Value: 12173317f33325001aabb7697d0300002c3f0400
.trendmicro.com/	1970-01-21 14:50:20	Name: _gcl_au Value: 1.1.108905293.1773644571
.linkedin.com/	1970-01-21 21:26:20	Name: bcookie Value: "v=2&46fc4595-3980-48e4-80de-0bd8d5cdc6cc"
.linkedin.com/	1970-01-21 16:59:56	Name: li_gc Value: MTswOzE3NzM2NDQ1NzA7MjswMjE4UN5r4Zuxd7y6BYFh+vHwGm4LoMFYFBSj838gvnNiNA==
.linkedin.com/	1970-01-21 12:42:10	Name: lidc Value: "b=OGST00:s=O:r=O:a=O:p=O:g=3853:u=1:x=1:i=1773644570:t=1773730970:v=2:sig=AQGWvNyFCXvp085ENV7pLmXnLlLqmQqF"
www.trendmicro.com/	1970-01-21 22:16:44	Name: _gd_svisitor Value: 12173317f33325001aabb7697d0300002c3f0400
.trendmicro.com/	1970-01-21 12:42:10	Name: _gid Value: GA1.2.901100256.1773644571
.trendmicro.com/	1970-01-21 22:16:44	Name: _ga_J4XSRG212B Value: GS2.1.s1773644571$o1$g0$t1773644571$j60$l0$h0
.trendmicro.com/	1970-01-21 22:16:44	Name: _ga Value: GA1.1.1953875912.1773644571
.trendmicro.com/	1970-01-21 21:26:20	Name: _clck Value: zrq0ue%5E2%5Eg4e%5E1%5E2266
.trendmicro.com/	1970-01-21 22:16:44	Name: _ga_JSMMKXDWBS Value: GS2.2.s1773644571$o1$g0$t1773644571$j60$l0$h0
.doubleclick.net/	1970-01-21 22:02:20	Name: IDE Value: AHWqTUmzd-2JcspOLKQvbdsnEu1AEy2HFoH76yCq9Qsr1CpbLoMhe5IJszNcXsN3aRk
.trendmicro.com/	1970-01-21 12:42:10	Name: _clsk Value: 1klnhw4%5E1773644571676%5E1%5E1%5Ee.clarity.ms%2Fcollect

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://assets.adobedtm.com/d205b04dc657/0c07287192f8/launch-75dcf65b28c1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://assets.adobedtm.com/d205b04dc657/0c07287192f8/launch-75dcf65b28c1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js(Line 10) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
rendering	warning	URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html(Line 67) Message: [GroupMarkerNotSet(crbug.com/242999)!:A0E04E1454070000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
security	warning	URL: about:blank Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
javascript	error	URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html Message: Access to XMLHttpRequest at 'https://secure.adnxs.com/getuidj' from origin 'https://www.trendmicro.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.adnxs.com/getuidj Message: Failed to load resource: net::ERR_FAILED
rendering	warning	URL: https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html Message: [GroupMarkerNotSet(crbug.com/242999)!:A0104F1454070000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5427711.fls.doubleclick.net
605-sfw-393.mktoresp.com
9572106.fls.doubleclick.net
ad.doubleclick.net
assets.adobedtm.com
b.6sc.co
bat.bing.com
bat.bing.net
c.6sc.co
cdn.bc0a.com
cdn.cookielaw.org
cm.everesttech.net
collect.tealiumiq.com
connect.facebook.net
customer.cludo.com
dpm.demdex.net
e.clarity.ms
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
insight.adsrvr.org
ipv6.6sc.co
ixfd2-api.bc0a.com
j.6sc.co
js.adsrvr.org
lb.prod.equally.ai
munchkin.marketo.net
px.ads.linkedin.com
region1.google-analytics.com
s.ml-attr.com
scripts.clarity.ms
secure.adnxs.com
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
t.co
tags.tiqcdn.com
trendmicro.demdex.net
trendmicro.scene7.com
trkn.us
widget.equally.ai
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.trendmicro.com
www.youtube.com
5427711.fls.doubleclick.net
9572106.fls.doubleclick.net
insight.adsrvr.org
s.ml-attr.com
secure.adnxs.com
t.co
trendmicro.demdex.net
104.18.87.42
104.20.20.192
108.138.7.65
13.107.246.45
13.33.187.32
142.250.187.227
142.250.201.78
142.251.127.101
142.251.127.154
142.251.127.97
142.251.141.100
146.75.116.157
150.171.22.12
150.171.27.10
150.171.28.10
157.240.0.6
157.240.253.35
172.217.16.166
172.217.16.202
172.217.168.67
172.64.155.119
18.172.114.101
18.197.61.165
184.25.50.27
192.28.153.119
2.18.64.212
20.250.198.32
20.57.85.160
216.239.34.36
216.58.206.34
23.50.131.146
23.55.163.138
23.55.163.149
23.67.142.205
3.33.220.150
34.111.194.12
34.241.203.180
35.201.125.192
44.213.29.178
52.17.216.246
52.222.136.40
72.246.28.156
75.2.108.141
88.221.168.237
0202abc8707b3b52e64141a28a1144322366e3e0428f1b0dd17245a7279ffd5c
029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca
0302d9000c5640cfd4f06353524bfcdcdfcb11cc0440ec34f16e4bb55b679f42
045cf7fd65fd76199b79479c9bfd035d30e173ef2942f8b82360c85a811e843a
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
05a180b4106c9099df86119d4b6ba5e49c9acf82a9c96884c3e1247ec22a9c72
060de6fa0e8fb084932b15dd1264aa0fb4000d857c5feab8e6a8f1cfec5cd01e
0a90da37d4f07908cb6aff0b368c04a71289dd97e9cc799fe877db6d6676c477
0aa7edcb9a3fcaf767c08a073ca8ddb4dd2b6c4233a11e8632fcfe42a680556e
0ba67ef2c21b3bd722edab6355db682005992e52c690fc09e4b20767243807f0
0db210edd69ae50d9bdf5982ba9e3490972296be80a76a5dbec6159080da2b5d
0dc03f6dc54654dcb69692e7640cfd2b714395aeb4ea50de434b913fb6d828c4
0e03970203fdf9470fdf4764ca9cc609002bf659a9ce05bc4da04992069bd1cb
0e7f25b4a085d3c4ad8edac6fd7bcb8eb2ebabc9887c569fe61df284ade34549
1203817a41844d7b3fb01f6ebdef78975b98e96e09719b60fecc368afde2fc6e
130147a3ebef0d59ecefeb0279796f702d5c14a7153795bb4957e03e5a9d9d7d
13687de2c1fb0a60bb5becbf37cf529079c6f7c7fc844f3e73d16bc785f6ba2c
13eca32358a5416968eeaed400b7537719fc4a97f8bd1f6f8c6267d299c75760
15a3dc247a9802298e21568c4d7d501a6236c246e9a2257177799a5400844740
16270c15435abfbd1e22c9a06378d29d8823f68d61216d61422d1b0b0643e776
179eb991060face02477e0406b1a413ac50ec26fe9f397e07e4ee95f7e6a5298
186836b74ceac07b2764c07c0379420e3014efb30fe918461c235e0ef6cbc4a2
1b154bfaea92a935726ed4a450101dc646a86588cfa0f066cae2050130124569
1c399395a6574ff803d6fe0052148f77e22c71bf998f49fc363bbc03167be08d
1cdbdcd3bfbe9fbe10689b1dff57ef87fcfbf8096b02e9f019443662ac9fc277
1cf9cdef0a4c5ded1af057685d7676fdcc593bf39691a738a5369d6e703d2160
1d8e7b7ebb51d3ce13192e0d0281953788f9129c1c71750e1bb3ba45cb40fb43
1dfb4e40d22c5a9d00244bf61aa3fac24b0df9f5849e2fe5c3c05f8d291a7315
2248601f610a311a2c635a0d8e053cbec49c9fc7ab1bf3446078718872a4c19a
255645bd0d9aa059dc3c43950d41b3965a4923b3125518a68343742b64903476
25e70b3b94a8bdef325d1674f6fde477b25085cb3d93a1b94ceb1361dcff4af0
274d4116239b63097bb7c16e56e27cbb5a77be20392fb8e2317c0a0235185cad
2993902cfd8e48800b7da8547b41c23745d876ed5ceecf0364f735569c10911f
2ca157156ecbdef2e13a15f4f02f970b77e59131501222be9a497bd212a78960
2dd6df4990e9defce645d4a3486bf6e6adc86dc7c6c7ff4f2467eb3daf10d2d3
2e4db45aa37bde0ca92814a85fb311ddf2f3e2ae69f58cf44d8733368e35680c
2eafc550dc382ef09cfb691ee16d0ebd556edd0eef6221617b5a7d334cf98c9b
2eca4e19ce2f8beb61bbbc93c202609dab5a84770dd10f213042bb61838173ea
33f6ab2f84da5a1e94cca8db747d4b5950165b3b5d99733dc7768652e1254e1b
35619b7a62bfb43afbeb45b5636147759d5a2175248677530b87295ad6ea3906
36793b58f65a48b5ad48cecc859c855dd9a244281244562590982973a39e711f
377e9731df07066631dc615291a3dbdbc923893629702f2e3b9b7a5775cc027b
3818e71293245021a4db81e76832f162d45ff7cb518be638f0cc96797f7c2361
3a549c1e7b0d5821295b11a33782b4b1aa1cee32294439fc0050e6eb6ff081fe
3aad309550e60dc3efece8594a1fc6326a7f1f2de65061d9e6721b4db2aab8d2
3c801927607a3b1be7c178cb3f93e30269b24c5e6955b32b4a7096f3ea7e4e7f
3d64634279c4fe237d6503f690bb6e0575e5d6c57aa5ecf4d24076fa043b4b8b
3d9f62512a23fa62f2334143fb734c479877e684a28e11b91a2d510e5e52f237
3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f
41a2aeed07b2a10ea78c9b8f91122ef8b6da43cc0c80eadf23f855465ecefc5b
41b771e2c9c362246cf5b2f63b54570c64c9f5101d4a6ddf63831522a77cec78
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
454e2c8f849e7a376985006d897556933fc924756c867076ec9c70156536b09e
4603a811d2ab155474648f45b9a4dce4b28d07a6aacbf441f0c7e9e685fd6354
4785d478fdadac74428d655809b3a39055fa488ea99e63c659ae843f399b4a0a
47da9e167288b88cf2cfcba71201d6c3fe39033836b12f18809b6e6033df74d0
4a7f7e246fb61ccc3f57cd38061bbbdd4ada9768649d9d3e3362ec46be278bf5
4c38452d4117e2bb77829601aca27ac6584ebdf4d42ce505c0f7b1ae0f933147
4f92e8a70f4aec9b8bf224c48f0e105584fa1cba6e076ea5cae712f262a61aad
516203c172e11d56f5b125558bafba7554132a322e3564d2a6a7a1aee2db075e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56faec606e3e3bd0569176aeb82a6fe8b8ec315839efdd9c35f67563ae5b7a7f
590f6b0ea574d56c72e66504ed8d3d9f5005d48d004f1ac01f395798ce1a1589
5e22ea5c930abbc085ab76916ce30cff31ab7aefc38bcb7dc1158b3c500303d8
5f49d497bc40a9c5a85079e47264a2bb300ac67940ccac183a1d61d3356961ad
60aaad2288d23fb03527331b7b03e1f1643898e136a926f1d48609f453babd85
60b17a76e4ecaeae677bb2ea4f0bc9f0286563dd7f60a11c831fa6530b726e80
62f5a9e298862e32f868dc614fa303d9b732f0dc9bd75ce48f65293c850aec2f
65a1c8e40f97a72622872b33032cc16d98c9cd61c56d1fe897a0ded9a7375dc4
65c78c20026b7514d7299bcb229bf9d20047ebf76f87806ab58078972e6c3794
676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca
6f7bd56fc22bc633d87b5fba20595c0d3d2d255dfa7db1d525a2994a614ebc60
70bb4dee8d5a8c4da670a1f6cdb4ed1de106409a3a627f8cb134a8733e4d1fee
73be518187f34046c101627800ac5a8f21820e7735f3fcfe60e4b0ce6e35d357
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
80df2c3d694aba09adc50f732985286bd1c8f123b9d00784562634713bb6ad81
8217d4cfca53c8bbe23edfb6df20e2b0fadfa55222fecadb246ddb7c281c2163
8249dc88858fe2d5d6e0219a26640aaf0a11d63ab016199f89dd8d2559f44a24
82dab6b89d8fa4547adf9da91df8cccfff6fc0e847df5d3e9a41276fa4a0d6b5
8893b43dffc9cb03edb52a0d9cc95d8d3662b6aeb1251a80fea5dbfa03b5f105
88970cf65308aadd508588ff70999b9bfd0037899243730b9880d14b4d96a430
8a4c85f342d51731a5cbd96de2c40b18f588375cf02c08a31b2cc008f066a20b
8ffa0aab4378da0a7af5d32d1c81aa02ee335f9bdca22f4b74152327bcb0371a
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
9042f1e34a93c7f8b4f6c71701eb19b553ebf0590081e805fe5a926483de7d1d
91c20c70d36b608cf919e894b0ac9e32298d6b3ac3ca59c45a85e7c44161d170
929f1d13f185bf3e0df5c2765a2cdd20992b749bf3a218ab1ff21ebc0d245813
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
945910d12e52487f2092e8d105321727b95ea0f6e2ff998ebeb797b6b6600b74
99c5c8d1040d32b66101e0927cb5c7c5bad06cc808fd6a4da553cb016d067563
9a461fede7ab7510772c57b4a2cec40c7e562e319b8ccfa1b035d17dc801eda0
9bb1e023fc96819af066a4b27330559f880541360add70849f44400f569745f6
9d4ee76d49549504ba3f155c30b2f41c29da9d886acd1c2716c25e3898e3503c
9f9ac0e52c96120a1b6020539321279ea257b44492a9930f57ccfcb4340bd55a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a8019e4c4a7aa0277a0d7c2593d09d9e551dd855e80f799fdaf327be2ceff0fa
a877eb3c864362bfdc62e2f325b02bfbf263bfa2fe48cd3e4b5b02f0dedfa5ba
a9101873a5e57429e4a441350d85ababadec670fcbc4bdeb817e78246d3bd291
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab3b499d95fdf198b15d2624ac09682c8d00efac2a938f92776be045431aa75a
ac4dedf68d3fea6333bbcd0dc4031c83f93feb3b61715edd52352aaa0181cb2c
ad514bcb3f2e982a190a5e963a29655f37824683a85f6b9ebe942ebd735e18ae
af4fb81584e9691984b8cd660a1c53ec93ec93cc52f60888190a2baf52e2417f
afb9825a91c5980ddb68ebfa3c7323533f4355f14a0a7db233b5de527f4c32d5
b2112e201afda27eaa87eefa81cec837cbc2757b32ecae5e3b35efb6b8517981
bb0ecc92191a1cd66a8761e02ae078b8e93f844d5f94c2624abb4a64de00726c
bc6e1ea2c2ddcb591413f7bd88178f4563bd3dbbb5726fa86ad11777f99d5bf4
bc7040cb84227015953614f1c7f1aed09be43c48baaad4774d4fe847c555a35e
c180dce2f6f2fae1952368b7a48d78ae281b568098b3ff6b5cef68368d7d5d64
c1afa7aee2a145fe0d29f740e96eadd66eeddbcd1c52990e018f25aa5e4c027f
c1b1adaaeaeaa087e997506ec9284580ec1e0e6ff49214fb642e6ba8b4622a7d
c35684d84fc5b1b0f68463362669810b17bf94a9de0bc053000f9c3f66bcc880
c3cf6f8b599b050a63690643f2b2ae5fb6f79401aca0c555ce79f60bb5dd6a4c
c736034b3d0913081caf7f378d4726f2277a6fe0c1e6400e8416a474570de369
c7aece63b23620e8c0217a0a20eb35c70985d86f937f7ab75698292be4f9d577
c87080ff86ce00a5f93164a37b45eaaf5f6cff5744704053d092217b9bb914a8
cd6cb2b822ea51faddddb35fb09fef290eb8fc5e1f56d2c2fd7ffb9c67a73439
cf68ec04f2a46589c6838215369b03ed4bdf3f6d2d5dd2eed4c95d95bf9edf27
d01b30217201a72b27793c4ecf3d7fdff90125fc6422eb81439c709f0620b201
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d460644b622022d9683784e06ccc45c6e864076a7a4e118d21f3037ecee1e114
d5f14381258973e1a93167d8b3486ae1b2665ea072feb622e1ec0a446facc400
d82dc00bed3a2be92a600f5c48f661c0d029b0b1c1e45bfe14e6380f8bd17035
d85de58268e02c421f13042408ce3b9c98206b2db8d8da471717c12eb3dc1e9b
d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0
d8eaf5ff69cb44f6ddaeb29f180ff78b8b56747e6733cfe6795ff53d51fe0f6c
da8c4697d246d5dde073b87ff33798d3fc46c4a3c5ca37626292b8efc7c3de99
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd18f02dc373630a501dc7cef308e35610486c70f4d10436a31c99b0b47bc7d9
dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52bf91e8e4c6d9c615e981d603e8286578849392e36763e1e9757a140d18950
e62494c66f652a8ab477f500f795aa8586990d14242795f2a372217441620e59
e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10
e924b29a40f25426e83d462612a6a5fa14ddee06f39d9e3d558a6592b618183e
e9abd0d74c5ecca848c706e3f94780a00efc33f66f1a7971ded040458851fd69
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
eae02bd4ba5e41305aa7712d1f97cb9c54299233725a44bdc757136dabbb019e
ec20ba5c8a203a4d718acfa75f19b4f19c2c10b7eba825b1390245173b63a840
ecb8d27ebd507ad0935f0a7a6d262e19957450645749ae45ce3b5a28fad70a6b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd1383222f8ac42226213ed448716694966c39e80ab8c23d71c6c8e3016d71d
f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81
f26edc423fe6bdd0c8eadc5fb845af21e5067ce83f75f96854bf626c6a70f365
f421051108147b6326d103a0877c55d3a380e2ad9668b076736ca25a689130af
f56a607e3a8c305873671e501e5a45dd19f19948bb579be82c019f60ff05b8fc
f64a06f7949a0dabe65e7683ade627d29301122d68a4bc3239b161ec00697e66
f714584bd8688f16d4136775411a8f00a96c7d56e94b3fc822907aca37d89325
f82bc65bdef6219c9e2f9b3f1bd38aa081e75ddf2b048eb93180aef3d8466741
fdc19178ffaef3c25f667e332a6b3a832a2d433196e269e62705b32635cc4535

www.trendmicro.com 72.246.28.156 Public Scan Open in urlscan Pro

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

191 Requests

92 %HTTPS

0 %IPv6

39 Domains

52 Subdomains

43 IPs

5 Countries

4209 kBTransfer

11413 kBSize

35 Cookies

23 Outgoing links

Redirected requests

191 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.trendmicro.com
72.246.28.156 Public Scan Open in urlscan Pro

Screenshot
Live screenshot

Full Image

191
Requests

92 %
HTTPS

0 %
IPv6

39
Domains

52
Subdomains

43
IPs

5
Countries

4209 kB
Transfer

11413 kB
Size

35
Cookies

191 HTTP transactions
0 data transactions