www.techrepublic.com
2606:4700:20::681a:26f Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/ 10yr old
Submission: On April 21 via api (April 21st 2026, 12:30:33 am UTC) from US — Scanned from FI

Summary HTTP 169 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 47 IPs in 4 countries across 33 domains to perform 169 HTTP transactions. The main IP is 2606:4700:20::681a:26f, located in and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.techrepublic.com. The Cisco Umbrella rank of the primary domain is 332519. 10yr old
TLS certificate: Issued by WE1 on March 30th 2026. Valid for: 3mo.

This is the only time www.techrepublic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 32	2606:4700:20:... 2606:4700:20::681a:26f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	142.250.154.155 142.250.154.155	15169 (GOOGLE) (GOOGLE - Google LLC)
4	99.83.231.3 99.83.231.3	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
15	2600:9000:275... 2600:9000:275b:2c00:1b:cadc:ef40:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a00:1450:400... 2a00:1450:4001:c0f::61	15169 (GOOGLE) (GOOGLE - Google LLC)
3	13.248.160.219 13.248.160.219	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 5	23.55.163.138 23.55.163.138	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
5	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	162.159.153.247 162.159.153.247	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY - Fastly)
1	2600:9000:264... 2600:9000:2644:1a00:1e:a1ed:6400:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	34.236.2.203 34.236.2.203	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	162.159.152.17 162.159.152.17	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY - Fastly)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY - Fastly)
2	142.251.20.97 142.251.20.97	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:480... 2a02:26f0:480:23::1726:62a7	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
11	23.50.131.146 23.50.131.146	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
20	157.240.0.35 157.240.0.35	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	18.194.46.132 18.194.46.132	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	142.251.127.154 142.251.127.154	15169 (GOOGLE) (GOOGLE - Google LLC)
1	18.198.90.178 18.198.90.178	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2606:4700:20:... 2606:4700:20::ac43:4a13	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2600:9000:208... 2600:9000:208a:f000:13:4898:69c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2600:9000:225... 2600:9000:2251:5800:18:7586:ce00:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	2600:1f18:e8a... 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2600:9000:276... 2600:9000:2761:9000:4:8491:f2c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	18.172.112.126 18.172.112.126	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
10	3.208.130.193 3.208.130.193	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	2620:1ec:33::10 2620:1ec:33::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1 1	142.251.14.156 142.251.14.156	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	142.251.110.156 142.251.110.156	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	142.251.157.119 142.251.157.119	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:c0f::5e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	18.172.112.61 18.172.112.61	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2620:1ec:33:1... 2620:1ec:33:1::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	2600:9000:201... 2600:9000:2013:7400:1c:2afd:fb00:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	18.66.112.45 18.66.112.45	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	44.207.218.96 44.207.218.96	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2600:9000:223... 2600:9000:223c:2000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	99.83.154.140 99.83.154.140	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	44.215.230.32 44.215.230.32	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	2600:1f18:730... 2600:1f18:730:b120:8e6c:887b:2bd8:852f	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	3.220.93.70 3.220.93.70	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
169	47

32 2606:4700:20::681a:26f (None, ) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.techrepublic.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
assets.techrepublic.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.250.154.155 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: bt-in-f155.1e100.net

securepubads.g.doubleclick.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 99.83.231.3 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

epsilon.6sense.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

15 2600:9000:275b:2c00:1b:cadc:ef40:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

cmp.inmobi.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 2a00:1450:4001:c0f::61 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 13.248.160.219 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ac4c1099eea1de9a4.awsglobalaccelerator.com

traction.technologyadvice.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 23.55.163.138 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-55-163-138.deploy.static.akamaitechnologies.com

j.6sc.co 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
c.6sc.co 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK - Facebook, Inc., US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 162.159.153.247 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.quora.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)

www.redditstatic.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:9000:2644:1a00:1e:a1ed:6400:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

pixel.ngtrack.relay.cool 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 34.236.2.203 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-236-2-203.compute-1.amazonaws.com

tags.srv.stackadapt.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 162.159.152.17 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

q.quora.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)

pixel-config.reddit.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)

alb.reddit.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.251.20.97 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: bx-in-f97.1e100.net

www.googletagmanager.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a02:26f0:480:23::1726:62a7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

ipv6.6sc.co 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

11 23.50.131.146 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-50-131-146.deploy.static.akamaitechnologies.com

b.6sc.co 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

20 157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK - Facebook, Inc., US)
PTR: edge-star-mini-shv-02-fra3.facebook.com

www.facebook.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.194.46.132 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-194-46-132.eu-central-1.compute.amazonaws.com

visit-server.inmobi-choice.io 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.251.127.154 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcfrai-in-f154.1e100.net

pagead2.googlesyndication.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.198.90.178 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-198-90-178.eu-central-1.compute.amazonaws.com

api.cmp.inmobi.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 104.18.37.212 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.zi-scripts.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 2606:4700:20::ac43:4a13 (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ngt-api-v2.technologyadvice.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:9000:208a:f000:13:4898:69c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

ob.forseasky.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 104.16.117.43 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ws.zoominfo.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:9000:2251:5800:18:7586:ce00:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

schedule.zoominfo.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.16.118.43 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ws-assets.zoominfo.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)

obs.forseasky.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:9000:2761:9000:4:8491:f2c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

tags.clickagy.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.172.112.126 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-172-112-126.fra60.r.cloudfront.net

js.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 3.33.220.150 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
match.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

10 3.208.130.193 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-208-130-193.compute-1.amazonaws.com

aorta.clickagy.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.251.14.156 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: pm-in-f156.1e100.net

www.googleadservices.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.251.110.156 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: bz-in-f156.1e100.net

googleads.g.doubleclick.net 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.251.157.119 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a00:1450:4001:c0f::5e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.fi 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.172.112.61 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-172-112-61.fra60.r.cloudfront.net

js.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.net 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:9000:2013:7400:1c:2afd:fb00:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

d-code.liadm.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

secure.quantserve.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.66.112.45 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-66-112-45.fra56.r.cloudfront.net

ak.sail-horizon.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 44.207.218.96 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-44-207-218-96.compute-1.amazonaws.com

hemsync.clickagy.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:9000:223c:2000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 99.83.154.140 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 44.215.230.32 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-44-215-230-32.compute-1.amazonaws.com

idx.liadm.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:1f18:730:b120:8e6c:887b:2bd8:852f (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)

rp.liadm.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.220.93.70 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-220-93-70.compute-1.amazonaws.com

rp4.liadm.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
32	techrepublic.com 1 redirects www.techrepublic.com — Cisco Umbrella Rank: 332519 10yr old assets.techrepublic.com 2yr old	547 KB
20	facebook.com www.facebook.com — Cisco Umbrella Rank: 105 56yr old	2 KB
17	6sc.co 2 redirects j.6sc.co — Cisco Umbrella Rank: 17192 9yr old c.6sc.co — Cisco Umbrella Rank: 26220 9yr old ipv6.6sc.co — Cisco Umbrella Rank: 17717 4yr old b.6sc.co — Cisco Umbrella Rank: 11663 11yr old	24 KB
16	inmobi.com cmp.inmobi.com — Cisco Umbrella Rank: 6545 3yr old api.cmp.inmobi.com — Cisco Umbrella Rank: 22537 3yr old	468 KB
12	clickagy.com tags.clickagy.com — Cisco Umbrella Rank: 32546 9yr old aorta.clickagy.com — Cisco Umbrella Rank: 4555 9yr old hemsync.clickagy.com — Cisco Umbrella Rank: 134620 4yr old	19 KB
7	forseasky.com ob.forseasky.com — Cisco Umbrella Rank: 364813 3yr old obs.forseasky.com — Cisco Umbrella Rank: 227907 3yr old	48 KB
6	adsrvr.org 1 redirects js.adsrvr.org — Cisco Umbrella Rank: 1840 9yr old insight.adsrvr.org — Cisco Umbrella Rank: 1449 9yr old match.adsrvr.org — Cisco Umbrella Rank: 497 9yr old	14 KB
6	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 10376 6yr old schedule.zoominfo.com — Cisco Umbrella Rank: 178135 4yr old ws-assets.zoominfo.com — Cisco Umbrella Rank: 42167 6yr old	35 KB
6	technologyadvice.com traction.technologyadvice.com — Cisco Umbrella Rank: 721363 4yr old ngt-api-v2.technologyadvice.com — Cisco Umbrella Rank: 627811 1yr old	2 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 238 56yr old	192 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 63 56yr old	794 KB
4	liadm.com 1 redirects d-code.liadm.com — Cisco Umbrella Rank: 5644 3yr old idx.liadm.com — Cisco Umbrella Rank: 2408 7yr old rp.liadm.com — Cisco Umbrella Rank: 1845 9yr old rp4.liadm.com — Cisco Umbrella Rank: 4975 6yr old	49 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3202 10yr old	10 KB
4	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 26449 8yr old	1 KB
4	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 310 9yr old googleads.g.doubleclick.net — Cisco Umbrella Rank: 56 56yr old	244 KB
3	bing.net bat.bing.net — Cisco Umbrella Rank: 3983 3yr old	581 B
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 11156 4yr old	7 KB
2	sail-personalize.com api.sail-personalize.com — Cisco Umbrella Rank: 8330 11yr old	498 B
2	bing.com bat.bing.com — Cisco Umbrella Rank: 548 56yr old	16 KB
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 158 9yr old
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 1791 3yr old alb.reddit.com — Cisco Umbrella Rank: 1290 9yr old	881 B
2	quora.com a.quora.com — Cisco Umbrella Rank: 9079 9yr old q.quora.com — Cisco Umbrella Rank: 7469 9yr old	15 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 2937 9yr old	642 B
1	sail-horizon.com ak.sail-horizon.com — Cisco Umbrella Rank: 7667 13yr old	48 KB
1	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 2910 9yr old	12 KB
1	google.fi www.google.fi — Cisco Umbrella Rank: 45461 9yr old	455 B
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3 56yr old	24 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 118 56yr old	23 B
1	inmobi-choice.io visit-server.inmobi-choice.io — Cisco Umbrella Rank: 11015 2yr old
1	relay.cool pixel.ngtrack.relay.cool 2yr old	22 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1252 11yr old	19 KB
0	Failed function sub() { [native code] }. Failed
0	adnxs.com Failed secure.adnxs.com Failed 9yr old
169	33

	Domain	Requested by
26	www.techrepublic.com	1 redirects www.techrepublic.com
20	www.facebook.com	www.techrepublic.com
15	cmp.inmobi.com	www.techrepublic.com cmp.inmobi.com
11	b.6sc.co	www.techrepublic.com
10	aorta.clickagy.com	tags.clickagy.com
6	obs.forseasky.com	ob.forseasky.com
6	assets.techrepublic.com	www.techrepublic.com
5	connect.facebook.net	www.googletagmanager.com connect.facebook.net
5	www.googletagmanager.com	www.techrepublic.com www.googletagmanager.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	tags.srv.stackadapt.com	www.techrepublic.com tags.srv.stackadapt.com
4	epsilon.6sense.com	www.techrepublic.com j.6sc.co
3	bat.bing.net	bat.bing.com
3	insight.adsrvr.org	1 redirects js.adsrvr.org
3	ngt-api-v2.technologyadvice.com	pixel.ngtrack.relay.cool
3	js.zi-scripts.com	www.techrepublic.com js.zi-scripts.com
3	c.6sc.co	2 redirects www.techrepublic.com
3	traction.technologyadvice.com	www.techrepublic.com pixel.ngtrack.relay.cool
3	securepubads.g.doubleclick.net	www.techrepublic.com securepubads.g.doubleclick.net
2	api.sail-personalize.com	ak.sail-horizon.com
2	bat.bing.com	ob.forseasky.com bat.bing.com
2	js.adsrvr.org	www.techrepublic.com match.adsrvr.org
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.googletagmanager.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
1	rp4.liadm.com
1	rp.liadm.com	1 redirects
1	idx.liadm.com	d-code.liadm.com
1	rules.quantcount.com	secure.quantserve.com
1	hemsync.clickagy.com	tags.clickagy.com
1	ak.sail-horizon.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	d-code.liadm.com	tags.clickagy.com
1	www.google.fi
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	www.googleadservices.com	1 redirects
1	match.adsrvr.org	js.adsrvr.org
1	tags.clickagy.com	www.techrepublic.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	schedule.zoominfo.com	js.zi-scripts.com
1	ob.forseasky.com	www.googletagmanager.com
1	api.cmp.inmobi.com	cmp.inmobi.com
1	visit-server.inmobi-choice.io	cmp.inmobi.com
1	ipv6.6sc.co	j.6sc.co
1	alb.reddit.com	www.techrepublic.com
1	pixel-config.reddit.com	www.redditstatic.com
1	q.quora.com	www.techrepublic.com
1	pixel.ngtrack.relay.cool	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	a.quora.com	www.googletagmanager.com
0	invalid Failed	ob.forseasky.com
0	secure.adnxs.com Failed	j.6sc.co
169	52

This site contains links to these domains. Also see Links.

Domain
academy.techrepublic.com
jobs.techrepublic.com
www.facebook.com
www.linkedin.com
twitter.com
zimperium.com
technologyadvice.com
www.youtube.com
www.pinterest.com
support.techrepublic.com
solutions.technologyadvice.com

Subject Issuer	Validity	Valid
techrepublic.com WE1	`2026-03-30` - `2026-06-28`	3mo	crt.sh
*.g.doubleclick.net WE2	`2026-03-30` - `2026-06-22`	3mo	crt.sh
epsilon.6sense.com Amazon RSA 2048 M04	`2025-09-02` - `2026-10-01`	1yr	crt.sh
cmp.inmobi.com Sectigo Public Server Authentication CA OV E36	`2025-07-07` - `2026-07-07`	1yr	crt.sh
*.google-analytics.com WE2	`2026-03-30` - `2026-06-22`	3mo	crt.sh
*.technologyadvice.com Amazon RSA 2048 M01	`2026-04-15` - `2026-10-29`	7mo	crt.sh
6sc.co R12	`2026-03-27` - `2026-06-25`	3mo	crt.sh
*.facebook.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-01-28` - `2026-04-28`	3mo	crt.sh
quora.com WR1	`2026-04-20` - `2026-07-19`	3mo	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-04-05` - `2026-10-01`	6mo	crt.sh
pixel.ngtrack.relay.cool Amazon RSA 2048 M02	`2025-07-02` - `2026-07-31`	1yr	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M04	`2025-07-09` - `2026-08-06`	1yr	crt.sh
*.reddit.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-04-08` - `2026-10-04`	6mo	crt.sh
visit-server.inmobi-choice.io Amazon RSA 2048 M04	`2026-04-14` - `2026-10-28`	7mo	crt.sh
zi-scripts.com WE1	`2026-03-07` - `2026-06-05`	3mo	crt.sh
technologyadvice.com WE1	`2026-02-21` - `2026-05-22`	3mo	crt.sh
*.forseasky.com Amazon RSA 2048 M04	`2026-04-19` - `2026-11-02`	7mo	crt.sh
zoominfo.com E7	`2026-03-27` - `2026-06-25`	3mo	crt.sh
schedule.zoominfo.com Amazon RSA 2048 M04	`2025-10-01` - `2026-10-30`	1yr	crt.sh
*.clickagy.com Amazon ECDSA 256 M04	`2025-07-23` - `2026-08-21`	1yr	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2026-03-04` - `2027-04-02`	1yr	crt.sh
www.bing.com Microsoft TLS G2 RSA CA OCSP 04	`2026-02-02` - `2026-08-01`	6mo	crt.sh
bat.bing.net Microsoft Azure RSA TLS Issuing CA 04	`2026-04-17` - `2026-08-25`	4mo	crt.sh
*.liadm.com Amazon RSA 2048 M04	`2025-09-30` - `2026-10-28`	1yr	crt.sh
quantserve.com R13	`2026-04-15` - `2026-07-14`	3mo	crt.sh
ak.sail-horizon.com Amazon RSA 2048 M01	`2025-11-12` - `2026-12-11`	1yr	crt.sh
api.sail-personalize.com Amazon RSA 2048 M04	`2026-01-23` - `2027-02-20`	1yr	crt.sh

This page contains 3 frames:

Primary Page: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Frame ID: A1D43F34648896A55F3379EF452CE26F
Requests: 160 HTTP requests in this frame

Frame: https://www.techrepublic.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0b8fb825cb67/main.js
Frame ID: A800CDC294B243592D84B17E39D9785D
Requests: 2 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https%3a%2f%2fwww.techrepublic.com&redirect=1
Frame ID: C2C807E79B3F117E3ACBC1AC07511950
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([^\s]+) -

DoubleClick Floodlight (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.doubleclick\.net

Google AdSense (Advertising) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
\.googletagmanager\.com/

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

jquery

6sense (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

\.6sc\.co/

Facebook Pixel (Analytics) Expand

Overall confidence: 100%
Detected patterns

connect\.facebook\.\w+/.+/fbevents\.js
connect\.facebook.\w+/signals/config/\d+\?v=([\d\.]+)

Google Publisher Tag (Advertising) Expand

Overall confidence: 100%
Detected patterns

securepubads\.g\.doubleclick.net/tag/js/gpt\.js

LiveIntent (Email) Expand

Overall confidence: 100%
Detected patterns

\.liadm\.com

Microsoft Advertising (Advertising) Expand

Overall confidence: 100%
Detected patterns

bat\.bing\.com/bat\.js

Quora Pixel (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quora\.com/

Reddit Ads (Advertising) Expand

Overall confidence: 100%
Detected patterns

www\.redditstatic\.com

Sailthru (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

ak\.sail-horizon\.com

StackAdapt (Advertising) Expand

Overall confidence: 100%
Detected patterns

srv\.stackadapt\.com/

theTradeDesk (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.adsrvr\.org/

Zoominfo (Analytics) Expand

Overall confidence: 100%
Detected patterns

ws\.zoominfo\.com

Page Statistics

169
Requests

95 %
HTTPS

38 %
IPv6

33
Domains

52
Subdomains

47
IPs

4
Countries

2587 kB
Transfer

10173 kB
Size

34
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://academy.techrepublic.com/
Title: Academy

Search URL Search Domain Scan URL

URL: https://jobs.techrepublic.com/?source=navbar&utm_source=navbar&utm_medium=partner_referral
Title: Tech Jobs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&t=Over+800+Android+Apps+Targeted+in+PIN-Stealing+Trojan+Campaign

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Over+800+Android+Apps+Targeted+in+PIN-Stealing+Trojan+Campaign+https%3A%2F%2Fwww.techrepublic.com%2F%3Fp%3D4356196+via+%40techrepublic

Search URL Search Domain Scan URL

URL: https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
Title: findings from Zimperium

Search URL Search Domain Scan URL

URL: https://technologyadvice.com/terms-conditions/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://technologyadvice.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/TechRepublic
Title: TechRepublic on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/techrepublic
Title: TechRepublic on X

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/techrepublic
Title: TechRepublic on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/techrepublic
Title: TechRepublic on YouTube

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/techrepublic/
Title: TechRepublic on Pinterest

Search URL Search Domain Scan URL

URL: https://support.techrepublic.com/
Title: Site Help & Feedback

Search URL Search Domain Scan URL

URL: https://solutions.technologyadvice.com/advertise-on-techrepublic/?utm_source=techrepublic&utm_medium=portfolio_footer&utm_campaign=advertise_contact-us
Title: Advertise

Search URL Search Domain Scan URL

URL: https://technologyadvice.com/privacy-policy/ccpa-opt-out-form/
Title: Do Not Sell My Information

Search URL Search Domain Scan URL

URL: https://technologyadvice.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://solutions.technologyadvice.com/meet-the-editorial-team/
Title: Meet the Team

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://www.techrepublic.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.techrepublic.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0b8fb825cb67/main.js

Request Chain 58

https://c.6sc.co/ HTTP 302
https://c.6sc.co/refresh HTTP 302
https://c.6sc.co/?m=1

Request Chain 104

https://insight.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/ HTTP 302
https://match.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https%3a%2f%2fwww.techrepublic.com&redirect=1

Request Chain 116

https://www.googleadservices.com/pagead/conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCLTGsQIIk9qxAgjb3LECCIfbsQII08WxAgjrzLECCO3OsQII1c-xAgj02rECCJfUsQIIyduxAgix4bECCLPhsQIIpt2xAgiw3rECCIDbsQI&cerd=CgEA&fsk=ChEI8J2XzwYQtPrI6ansi_GNARIsAPY4WZl7D0vfwNzuWcvd4EOjWlXPCrKSem8YH0KzXRwIyVEXV_BON5Y0v3YaAgCH&pscrd=IhMI4-mTsdj9kwMV0kIdCR1c7AXrMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOlZodHRwczovL3d3dy50ZWNocmVwdWJsaWMuY29tL2FydGljbGUvbmV3cy1hbmRyb2lkLW1hbHdhcmUtc3RlYWxpbmctcGluLW92ZXJsYXktYXR0YWNrL3oMCAliCAgAEAAYACAA HTTP 302
https://www.google.com/pagead/1p-conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCLTGsQIIk9qxAgjb3LECCIfbsQII08WxAgjrzLECCO3OsQII1c-xAgj02rECCJfUsQIIyduxAgix4bECCLPhsQIIpt2xAgiw3rECCIDbsQI&cerd=CgEA&fsk=ChEI8J2XzwYQtPrI6ansi_GNARIsAPY4WZl7D0vfwNzuWcvd4EOjWlXPCrKSem8YH0KzXRwIyVEXV_BON5Y0v3YaAgCH&pscrd=IhMI4-mTsdj9kwMV0kIdCR1c7AXrMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOlZodHRwczovL3d3dy50ZWNocmVwdWJsaWMuY29tL2FydGljbGUvbmV3cy1hbmRyb2lkLW1hbHdhcmUtc3RlYWxpbmctcGluLW92ZXJsYXktYXR0YWNrL3oMCAliCAgAEAAYACAA&is_vtc=1&cid=CAQSUAAFq6B98bnpmMN26FsNoFUvPQ96M2bXhne36GujJN0zSHyEXFgjuyhthehUlJUSMhPbbo2_R1LAfzEVXbMQtPtUbrFEOdHiN7zJsDaerM4r&random=3509592619 HTTP 302
https://www.google.fi/pagead/1p-conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCLTGsQIIk9qxAgjb3LECCIfbsQII08WxAgjrzLECCO3OsQII1c-xAgj02rECCJfUsQIIyduxAgix4bECCLPhsQIIpt2xAgiw3rECCIDbsQI&cerd=CgEA&fsk=ChEI8J2XzwYQtPrI6ansi_GNARIsAPY4WZl7D0vfwNzuWcvd4EOjWlXPCrKSem8YH0KzXRwIyVEXV_BON5Y0v3YaAgCH&is_vtc=1&cid=CAQSUAAFq6B98bnpmMN26FsNoFUvPQ96M2bXhne36GujJN0zSHyEXFgjuyhthehUlJUSMhPbbo2_R1LAfzEVXbMQtPtUbrFEOdHiN7zJsDaerM4r&random=3509592619&ipr=y&pscrd=IhMI4-mTsdj9kwMV0kIdCR1c7AXrMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOlZodHRwczovL3d3dy50ZWNocmVwdWJsaWMuY29tL2FydGljbGUvbmV3cy1hbmRyb2lkLW1hbHdhcmUtc3RlYWxpbmctcGluLW92ZXJsYXktYXR0YWNrL3oMCAliCAgAEAAYACAA

Request Chain 162

https://rp.liadm.com/j?dtstmp=1776731438494&did=did-0060&se=e30&duid=4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev&tv=v3.14.0&pu=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&ext__fbp=fb.1.1776731434824.77972536156354380&us_privacy=1---&wpn=lc-bundle&wpv=v3.14.0&gpp_s=DBAA&gpp_as=2&cd=.techrepublic.com&pv=7cc2fa15-ee8a-44b3-ba59-7d9898c6e403 HTTP 302
https://rp4.liadm.com/j?dtstmp=1776731438494&did=did-0060&se=e30&duid=4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev&tv=v3.14.0&pu=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&ext__fbp=fb.1.1776731434824.77972536156354380&us_privacy=1---&wpn=lc-bundle&wpv=v3.14.0&gpp_s=DBAA&gpp_as=2&cd=.techrepublic.com&pv=7cc2fa15-ee8a-44b3-ba59-7d9898c6e403&i6=MmEwMjplZDA0OjM1ODE6Mjo6ZTAxZg%3D%3D

169 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/ 332 KB
116 KB 157ms
57ms Document
text/html 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

746b0e6ae54037034aab84971823462b1795d8d55104d2d4a79f3f15f6a89d3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

age: 19510
cache-control: max-age=14400
cf-cache-status: UPDATING
cf-ray: 9ef847e37ac82efa-OSL
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 21 Apr 2026 00:30:33 GMT
last-modified: Mon, 20 Apr 2026 19:05:22 GMT
link: <https://www.techrepublic.com/wp-json/>; rel="https://api.w.org/", <https://www.techrepublic.com/wp-json/wp/v2/posts/4356196>; rel="alternate"; title="JSON"; type="application/json", <https://www.techrepublic.com/?p=4356196>; rel=shortlink
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Z%2Ftg55BtBLTRmqd8345uhPAnvhq5oHDFlCjAqilOejN%2FkEfuqVAv85wFlsYww9%2FddWUe4YXRzq40su3dq8l5eDwoZvgfLou8SGk5C4MHjzaowvBD0XUcGrm5XW3Z0FyAWGdxgpdrCc%2BhNLSWxqpFtsmI"}]}
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
surrogate-control: max-age=86400, stale-while-revalidate=86400, stale-if-error=86400
surrogate-key: p-4356196 tm-single t-2110 t-11143 t-2116 t-2109 t-11098 t-16457 t-2060 t-18543 t-19587 t-18303 t-10605 t-14140 t-8549 t-10438 t-19588 t-6987 t-7594 t-7640 a-37370440
vary: Accept-Encoding
x-envoy-upstream-service-time: 205

GET
H2 200 style-block.css
www.techrepublic.com/wp-content/plugins/ta-designed-components/dist/blocks/livestream/ 10 KB
2 KB 95ms
94ms Stylesheet
text/css 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/ta-designed-components/dist/blocks/livestream/style-block.css

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

50492dfbeed3de4a8b6c8d8ef3d7dfd3b391b92b5b3ae0baee8d6ce1905b047c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6305-294a"
age: 1979
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FpUPjFV%2FytvooxpDcXIkrMCojZkCey2vtqZTa81mjdTPvrtU9UqAQ1DqcoL4jyYDyQl%2F8wYXxC2t45R9WA%2BO%2B66gQqRlbsYOiwYLTJeQjlAm%2FgYxR5Z50dv50NsT8yavROWfFyricTdgolOU4By5quT%2B"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: text/css
last-modified: Wed, 15 Apr 2026 10:05:57 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e3db3e2efa-OSL
server: cloudflare

GET
H2 200 chainwire-public.css
www.techrepublic.com/wp-content/plugins/chainwire-integration/public/css/ 339 B
557 B 94ms
92ms Stylesheet
text/css 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/chainwire-integration/public/css/chainwire-public.css?ver=1.0.25

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a03ff3c5e90f8a490583e6234244a83fe547ed8e37da298c9014b35f467f3cc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6306-153"
age: 1552
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oQs3kmxBtQR7EhfW9%2BgcAYvySQH%2B9hfX8bg%2BHtHPRkgQAOlGcJWHJpSMJ0EvjtGXO83GRsA%2FR0DIVjxXjUS%2FRXcjLDMvILTJxIrK8VeesVd7gQRiDrI7Ex4GZU01mvtzJbYbxCWZ1FbK%2BwpOo1703tUa"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: text/css
last-modified: Wed, 15 Apr 2026 10:05:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e3db3f2efa-OSL
server: cloudflare

GET
H2 200 style.css
www.techrepublic.com/wp-content/themes/techrepublic-theme/ 514 KB
61 KB 178ms
176ms Stylesheet
text/css 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/style.css?ver=1.34.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

194e01cf067c997ffbefbd2d009d5c9d673afdbeefaa2f0e558d7dfe032db20c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644e9-8079b"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Bh8%2FtLPn2VHDKqbho%2FcUojx61omPok615LMwBoj%2BdrtbfUYarVFVTqE5fe2daqX5zB331ZuSFkdmnzspEL%2BopDevyeWXC6oAwLcj%2Bp%2BM0tvYoAxwceWXTQFX5O%2FlcW4HfBKvAw1LDsm5G0fZb8WPwCwX"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: text/css
last-modified: Mon, 20 Apr 2026 15:23:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 1
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e3db412efa-OSL
server: cloudflare

GET
H2 200 jquery.min.js Show response
www.techrepublic.com/wp/wp-includes/js/jquery/ 86 KB
30 KB 59ms
58ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6308-15601"
age: 461
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=z1%2FJte1hPlhAjT999EzzBkDtpA3afnCjmd%2FJs6XgBnTuZEH5zsa%2FAG6DZzjZjscVqWu5i9PxYnghMzovn%2BvKMaiOvwiMnxQc71USThoerwSk4tQaScxmjFuZcgBgL3m5kGtzsSYHHqwJsxZYP2hmlXtg"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Apr 2026 10:06:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 5
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54cd02efa-OSL
server: cloudflare

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 107 KB
34 KB 150ms
78ms Script
text/javascript 142.250.154.155
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.154.155 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bt-in-f155.1e100.net

Software

cafe /

Resource Hash

4d9f3bbb614c8a48a34b16a784e109ad89d051cca39aa476ff40acd1d8044608

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 437 / 20564 / 31097963 / config-hash: 9070627956641022265
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 34465
x-xss-protection: 0
server: cafe

GET
H2 200 print.css
www.techrepublic.com/wp-content/themes/techrepublic-theme/ 491 B
586 B 179ms
178ms Stylesheet
text/css 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/print.css?ver=1.34.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f49492fd5a577d8fd1c7a531650b79c5f79e1ef189d17cad2225962693f3d76d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644e9-1eb"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nw6Xoo5jl2Rv7LvGxmcNJjzBAzCyD2TmwMc%2Fz62V1AjXQHeTqLKk5mfpPtffzysOcrETOqAzRS90UnUINexNp2kh0%2BrPVl9MBKY6MNEzMKZtjWH1hv%2BD4z0NLQPwV5ohhAuhnxr4n0iERPssvENBQCf3"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: text/css
last-modified: Mon, 20 Apr 2026 15:23:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54cd12efa-OSL
server: cloudflare

GET
H2 200 cropped-joseph.ofonagoro-headshot-96x96.jpg
assets.techrepublic.com/uploads/2025/12/ 2 KB
2 KB 81ms
68ms Image
image/avif 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://assets.techrepublic.com/uploads/2025/12/cropped-joseph.ofonagoro-headshot-96x96.jpg

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

856d9f8af130794593655be2c4698e9229b3e0509a088233ce4be91449712018

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: br
cf-cache-status: HIT
etag: W/"cfXH18F8s0aV1LEqSMhQ1y8SItWUAlzIZqqdLvbVjyDQ"
age: 393136
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gToRdqavxF1kY5cEFZTf3aOBl8NiL7hc9aPFca5vrFPUEU9bjaigQVGjCTOSo3GNJkMH0hfDQX766Izew1%2Bd0lPUfneW4WLKP1NoCzN7a8uld7sne2O86b76XZ7zrBhRSXAxyLy18ZV2ss%2BP0xvmTBLJLj54"}]}
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: image/avif
vary: accept
cf-placement: local-OSL
access-control-allow-headers: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: public,max-age=172800,stale-while-revalidate=7200
cf-images: internal=ok/- q=0 n=8+25 c=3+21 v=2026.4.0 l=1695 f=false c2=0
cf-ray: 9ef847e47bf82efa-OSL
access-control-allow-origin: *
server: cloudflare

GET
H2 200 email-decode.min.js Show response
www.techrepublic.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 46ms
45ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: public
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: gzip
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BnqtH83rSXRDHKhdGZNfG8T%2BF%2BkYpWgSLB7UyOE2wpZK%2B%2BZ%2BmKuIUaFmMAIMQwU0p1DIdn%2Bf5zEu%2BD%2B%2F7DXLLnNqAn8wchMVrtC4ee96PcW73%2BDFoH5eSs16B8LFO9Kj0usD3n5%2FxyjQsgQwgaOZADtZ"}]}
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e47bee2efa-OSL
expires: Tue, 21 Apr 2026 01:18:33 GMT
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
vary: accept-encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 styles.css
www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/css/dist/ 12 KB
3 KB 52ms
52ms Stylesheet
text/css 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/css/dist/styles.css?ver=2.1.14

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1a7e2097976f3136aa5bb366bd1ddad5ea9155180ad1ff1395134c8207ce5f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6305-2e9d"
age: 531
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7ETv0MfFHPy1fGYylQh3XxARNz%2BJ%2B8wvtwKGyPMLehNFatmpx0uXMRRsFk0xkYYexEWaF%2FZitHUipCEuTzRkeGcNqISQB047rFZkn1obR6nmG%2B7cxAfPD3pFLFjl8x8JDHPUaoa9nLGHXMumNQLEGXeZ"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: text/css
last-modified: Wed, 15 Apr 2026 10:05:57 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e4bc532efa-OSL
server: cloudflare

GET
H2 200 default.css
www.techrepublic.com/wp-content/plugins/tablepress/css/build/ 7 KB
2 KB 51ms
50ms Stylesheet
text/css 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/tablepress/css/build/default.css?ver=3.1.3

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da523fb26b27306ffefcb80641e922c543bf69ff74091aba6a7bd0ccca7a9d9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6306-1b13"
age: 1054
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tKEvGe4T90fGXCqt6GmjKruSswDkZz3CqxMLMWjZDR%2FFYHLML4d%2F1hAewA3l6PZPZ6IU0OgS9PduplnyYQb%2FdPFBnITYnw9325OJDZjHDLoNJOhXazNYumP4e%2Fxw2tLCvnqYEpxfBXY%2FzlghTMWf5ycp"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: text/css
last-modified: Wed, 15 Apr 2026 10:05:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e4ec7b2efa-OSL
server: cloudflare

GET
H2 200 articles.min.js Show response
www.techrepublic.com/wp-content/themes/techrepublic-theme/js/ 4 KB
2 KB 177ms
177ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/js/articles.min.js?ver=1.34.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8733601294e091acb9761da4937f16764b18e54a3448d2ee0e72287ef14bce3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-f7b"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uc112uwjW3oaZ%2BB2LLY4WZvA%2Bh2UxwaI9eLT%2F%2B9ki3157WM2uTwrVx8zhxDDgvQE0pCQuODraDMT0v66yL0W0swryADixm6EJJfF%2FxXZ%2FgYn0XOfVuO7HN00x9SX%2BnShb8J7GLlwoVb2JUNxEdq%2FfHCW"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e51ca52efa-OSL
server: cloudflare

GET
H2 200 scripts.js Show response
www.techrepublic.com/wp-content/plugins/ta-intentclicks/includes/js/ 2 KB
1 KB 55ms
53ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/ta-intentclicks/includes/js/scripts.js?ver=1.22.0

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

850e8662c3adb0c54c9db0288609f693ecdabec9c7da696e72f1abdc4fa423af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6305-9e5"
age: 1663
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=E1Q%2BQMuIzCDpFJimGtHQsywsyv6ZCaJh2ySA0DraRvBfJdhq%2BrCQP1ZSCktIj50DvPHLPcvZvZ3s94SaGl4wYIw8ZzDhZsRxZ9xJu7sh7sdLyx0HwrtDGC7dY4nZOGoNv1etro18n36Tt3c3RoVWQF9m"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Apr 2026 10:05:57 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 1
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54cc92efa-OSL
server: cloudflare

GET
H2 200 tr-adv-ads-scripts.min.js Show response
www.techrepublic.com/wp-content/themes/techrepublic-theme/js/ 781 B
751 B 181ms
179ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/js/tr-adv-ads-scripts.min.js?ver=1.34.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b0b25af806cb91abd1ad6a4a4f3aec52912a07e2eb7bc7e2894e147415ed657

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-30d"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wekseYzQojZlv%2FyPxjsgdG8pIRhgDDVXNqZMJKddp4owPufg3M2bY2t00yJski8qOVVOnUtpvm6RRDvJQurQC4f12va9mxmaCF9bZ3STRbY9m52PNGa36poxShto32cDQe%2BYKc%2FqGNoitBvdarBJrs9p"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54cca2efa-OSL
server: cloudflare

GET
H2 200 tooltip.min.js Show response
www.techrepublic.com/wp-content/themes/techrepublic-theme/js/ 2 KB
1 KB 171ms
169ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/js/tooltip.min.js?ver=1.34.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c43a6ffd64d600f668296e33a1b91c8ad24d71c17691f088e377a6ed6f9701a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-7a2"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hz7%2BIJYfobeSnUEm6zb9pydwSkCE%2Fk%2BUwkeEBjyXyrAyzRX7LeFlG4KgYc9Bkyl95Ce1Fm1bYQHWSt7EscK2AwOJeA55K%2BtxFLp6jTKUNbqcmARq7Ut2SOuIqjC10p738lEYgdLfhqnt14vrs40C7r%2Bt"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 3
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54ccb2efa-OSL
server: cloudflare

GET
H2 200 index.min.js Show response
www.techrepublic.com/wp-content/themes/techrepublic-theme/js/ 17 KB
4 KB 173ms
171ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/js/index.min.js?ver=1.34.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed16cb30483f1430551662281772315350f958538c5f6fecd967889b064cb800

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-4254"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7Qr675azQ4tvpnmucBxHmzkNfv%2BHGyP8HRr%2B3%2FcGpC9SB8%2BtcruJJtjUoEuoC4gU%2B9a0qGLRVrC7z0fatGXJ9v7nh4ZzzMekK8t5CEZAQh266DQgizkYkfzMR6r%2FAifeHRKCKTgmzaMfa3q8ewC1ENdd"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54ccc2efa-OSL
server: cloudflare

GET
H2 200 header.min.js Show response
www.techrepublic.com/wp-content/themes/techrepublic-theme/js/ 6 KB
2 KB 175ms
174ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/js/header.min.js?ver=1.34.1

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a8ed7422b37d5f19879afb2e0397f7e73503753db03454d932439d29717f201

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-175c"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0yQQ3X95jlQTjnHgZ6m2XQJXHheQjr3oPns1BE96os6Oel1If9QE%2BGMENUFzmDC9AaWCaDuqZP%2Fbn7RAtyDSCuELsR9NQQj9eEvTV3jZayy8BFw5sYUDNoOyocBJ2ql%2BKrDM9ggGelAuVFSg3Hu7nVR%2B"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 1
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54ccd2efa-OSL
server: cloudflare

GET
H2 200 ouibounce.js Show response
www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/js/dist/ 2 KB
1 KB 57ms
55ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/js/dist/ouibounce.js?ver=2.1.14

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a7b5450a5d960c2cb5a21517a01b638a3911384ffe0be8b74ed66b029e9fe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6305-632"
age: 1190
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wBeXOwCCg65lIzmofu%2F1s3jRnyVb3UXrou6qEGnlpofshwWvdEhrHAkFLq1RPilrqRnwKur9G69GLeMroRn3Gh%2FXO3kZn%2BZRT5XIR1dTpsYvkfnZt29fnpZUV%2BSR73KXlnOP2%2F5qXtFQnFjZ%2FTQd9YIr"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Apr 2026 10:05:57 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54cce2efa-OSL
server: cloudflare

GET
H2 200 ta-campaign-public.js Show response
www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/js/dist/ 13 KB
4 KB 57ms
56ms Script
application/javascript 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/js/dist/ta-campaign-public.js?ver=2.1.14

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6decbd9fecae78851b7c01c9c59b2b0b5d8e743f5583eb4d04c442b4798465af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69df6305-350f"
age: 737
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3G4xBmsf6%2FyAdAVLcjIeciv%2FoicjloLAHSloMdjhGF%2B7f%2F1tREXH25dkTZcMqkgdV6fUEsZJMJCFjk%2BMeOXJG9dELPsBeMjoARys7o2SMOHkg7dIA%2Fkigh2zWwwAS5MBo2CfqH%2Fm4QVYyKIMIN8odw9E"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Apr 2026 10:05:57 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e54ccf2efa-OSL
server: cloudflare

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 221ms
66ms Preflight 99.83.231.3
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.techrepublic.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Tue, 21 Apr 2026 00:30:33 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H2 200 choice.js Show response
cmp.inmobi.com/choice/vPn77x7pBG57Y/www.techrepublic.com/ 6 KB
3 KB 214ms
59ms Script
application/javascript 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/choice/vPn77x7pBG57Y/www.techrepublic.com/choice.js?tag_version=V3
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86a174c37c093e48e3576e3e7b376e7be5f6a9fbc3b0a8d904904610153a1c43

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
cache-control: max-age=900
content-encoding: br
etag: W/"21ce728fc1f6c4120d2b9b398530c0ef"
age: 49
cross-origin-resource-policy: cross-origin
via: 1.1 256cd380c9790a2b71d68709829caa18.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: GpnSqx9gltP98AIrf0YRLiwScVO6FmYnYmaYDNycrxTjJxMN4LXNeA==
date: Tue, 21 Apr 2026 00:29:45 GMT
content-type: application/javascript
last-modified: Fri, 27 Feb 2026 09:41:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P7
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 555 KB
176 KB 221ms
88ms Script
application/javascript 2a00:1450:4001:c0f::61
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:c0f::61 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ffe02d385f0f12f64ec9a59a27e852b65eb77188de35840cdfd68161cc2f9d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
expires: Tue, 21 Apr 2026 00:30:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 21 Apr 2026 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 179479
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 me Show response
traction.technologyadvice.com/ngt/ 273 B
513 B 497ms
218ms Fetch
application/json 13.248.160.219
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://traction.technologyadvice.com/ngt/me
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.160.219 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ac4c1099eea1de9a4.awsglobalaccelerator.com
Software: istio-envoy / PHP/8.2.30
Resource Hash: 2e4e8abe8957ae6bdefeea9ae3c038c9dd219147cde3f5b5b6e4483f3faf10ba

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, private
x-envoy-upstream-service-time: 63
access-control-allow-credentials: true
access-control-allow-origin: https://www.techrepublic.com
content-length: 273
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/json
vary: Origin
server: istio-envoy
x-powered-by: PHP/8.2.30

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 746 B
661 B 102ms
101ms Fetch
application/json 99.83.231.3
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: 164f62b37fb48fd6da1e7ed0663cc5ef7b52ea1bbdbad412299a581b516ebc65

Request headers

sec-ch-ua-platform: "Linux"
Authorization: Token d20a1b0e892442270cbc4cb6801c0160d28af04c
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://www.techrepublic.com
content-length: 399
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/json
vary: Origin, Accept-Encoding

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 list-arrow.svg
www.techrepublic.com/wp-content/themes/techrepublic-theme/inc/svgs/ 958 B
966 B 55ms
55ms Image
image/svg+xml 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/inc/svgs/list-arrow.svg

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/wp-content/themes/techrepublic-theme/style.css?ver=1.34.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f05897bbb47bf6243c7958283257df723d6cd2e5826c6f8ac10da6e9d9c3d7fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/wp-content/themes/techrepublic-theme/style.css?ver=1.34.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "69e644d3-3be"
age: 2402
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FEo0osnvRZiA49aQcncRPSibp1C93GztdRf7Cea8XlOsGGHGbXn2cLnT9GAkVF160JBFSAKxEq6Qi6fzmREAycRCCCvIIPqlIy6%2BITVr7CMaSxPlZiYqXh4zDUmexFYOQvnRLlo4pBY8Xp1pdZ%2FPFdes"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-envoy-upstream-service-time: 1
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e55ce52efa-OSL
server: cloudflare

GET
H2 200 Montserrat-Regular.woff
www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/fonts/ 93 KB
93 KB 174ms
173ms Font
font/woff 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/fonts/Montserrat-Regular.woff

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/css/dist/styles.css?ver=2.1.14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

930b4fca002c49ac4061a5e2d9f778c922317bf1d9828b2befbf373e63e3800b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Origin: https://www.techrepublic.com
sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/css/dist/styles.css?ver=2.1.14
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
content-encoding: gzip
cf-cache-status: HIT
x-envoy-upstream-service-time: 0
etag: W/"69df6305-175a8"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=r7wkRbl8q%2ByzpIkDfzDiXclzexbZRYBe%2F%2Bws4I3E27uH4szrk1dOvI7sb%2BtcfFF3GyYuLbmJ7u1EBPo9tcUpf4wNfACi7lOLX0UiqYfVSPTaZmoRlkKn74rP9%2Bmw9G8rh3DjWL7cXEse2Jv4pGtZPClS"}]}
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e56cff2efa-OSL
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: font/woff
last-modified: Wed, 15 Apr 2026 10:05:57 GMT
server: cloudflare

GET
H2 200 mulish-v13-latin-regular.woff2
www.techrepublic.com/wp-content/themes/techrepublic-theme/fonts/ 13 KB
14 KB 52ms
51ms Font
font/woff2 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/fonts/mulish-v13-latin-regular.woff2

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/wp-content/themes/techrepublic-theme/style.css?ver=1.34.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e7fe0edbc32bbda00bdef6dc0241bc78277a37d4ceeab5991c64d11915746b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Origin: https://www.techrepublic.com
sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/wp-content/themes/techrepublic-theme/style.css?ver=1.34.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-34c4"
age: 1243
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nalRMXuB2PX8EKer3ApJebhkUVfiAucbKnc47TX%2BbBE2dTUDlaeCLTVyJnubRO8qJS%2BjTtkNXTFirzbY1IhMa9lspRKMSdnucXfGUbLWqLWUDHLHTr%2Fv8EU320zdrCssz45I%2BGkqUvwR7E%2BV6jRE2kDc"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: font/woff2
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e56d002efa-OSL
server: cloudflare

GET
H2 200 mulish-v13-latin-700.woff2
www.techrepublic.com/wp-content/themes/techrepublic-theme/fonts/ 13 KB
14 KB 55ms
55ms Font
font/woff2 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/fonts/mulish-v13-latin-700.woff2

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/wp-content/themes/techrepublic-theme/style.css?ver=1.34.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72da494867e9515e8ee693bd8a10d32a6c6b0dc6aaff0279cbeb312b01a0e754

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Origin: https://www.techrepublic.com
sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/wp-content/themes/techrepublic-theme/style.css?ver=1.34.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-34c0"
age: 3279
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=myQmkIEu2Y3oChgz0sLY4guJ5SRhCMPEVU30UHJkhKI%2Fta4fEBNc6rTkLVIIGU%2F5mn574SnpxMde%2BP4gB0Cqwp54%2Fe5h3GUCbz5FHEmCQeV81Vs3%2FL8yEhPkyUn4UVjDKNt4byTl39nXjsJjqMHjot%2Bx"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: font/woff2
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e56d012efa-OSL
server: cloudflare

GET
H2 200 Montserrat-Bold.woff
www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/fonts/ 94 KB
94 KB 58ms
58ms Font
font/woff 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/fonts/Montserrat-Bold.woff

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/css/dist/styles.css?ver=2.1.14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceb9866597325d65c2f7a0e075bb91a2c5df5ae578a6ce6132ed8b4670b49c72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Origin: https://www.techrepublic.com
sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/wp-content/plugins/ta-campaign-plugin/assets/css/dist/styles.css?ver=2.1.14
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69df6305-1787c"
age: 2427
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Y3Mo7or%2ByYGAzWv0ngGyF0GaL8ayl%2BGaPzRlC1a0jx8ysieioB%2B0UWVn3A79DAEX5vs9fuODMv7WygyPm9dAXDkn7phBqvGDg3uMH7R9IaDKQaoUxFXqZtlKIphrtmBInUS%2Bb58ex6ZPJv5sCMqb7rQP"}]}
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: font/woff
last-modified: Wed, 15 Apr 2026 10:05:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 0
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847e56d022efa-OSL
server: cloudflare

GET
H2 200 zimperium-540x339.png
assets.techrepublic.com/uploads/2026/04/ 7 KB
7 KB 84ms
83ms Image
image/avif 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://assets.techrepublic.com/uploads/2026/04/zimperium-540x339.png

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7456bb2727dfda34b2f98d3db99e7b7cf3f85bfee88decbed6c7a0abc055a02b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: br
cf-cache-status: HIT
etag: W/"cfCGQ20GFQwcEHgTajX_KPM_NlESMQ8-JYVisVz9Z6DQ"
age: 23184
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hDTRinaU55hwcwBZ80TgEfCEpjzjc05ateuZ0IplyIpo1hHCgxuWsFWXgWED9ZZDriP0V%2BVx68f4%2Fai142qWtvYbjaH%2BF3S0qj%2BmPSFpgR5vnmBi0lmXXBjJdSkMpX0NmGwbKrsbslcrTeu74biceczA2nR3"}]}
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: image/avif
vary: accept
cf-placement: local-OSL
access-control-allow-headers: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: public,max-age=172800,stale-while-revalidate=7200
cf-images: internal=ok/- q=0 n=11+200 c=1+139 v=2026.4.1 l=7040 f=false c2=0
cf-ray: 9ef847e58d212efa-OSL
access-control-allow-origin: *
server: cloudflare

GET
H2 200 zimperium-invisible.png
assets.techrepublic.com/uploads/2026/04/ 35 KB
35 KB 115ms
114ms Image
image/avif 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://assets.techrepublic.com/uploads/2026/04/zimperium-invisible.png

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1610a6c5ebe3300253823fb7aa3b879441da6ee53a7d43e3748adf7b71cfb5d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: br
cf-cache-status: HIT
etag: W/"cfcc1Nx7OzVr-oL3NtdYSWedT0GRfk0uMIfogBdGdYDQ"
age: 23369
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qGofLLY2c%2Fns3a6TqFnkvqPEN3oF8okDfzOre%2Bt5NlNbmd4RdnUa2pRpkcpb%2BK9TAgnad%2FCFAax7miYyRvynenxeJbWgWh3ZyFT79Xk3JQfgtBQOU8dfgePQ13bWIukAyPCJoBvyXP4HHVgTa%2FOH9GM7OIjO"}]}
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: image/avif
vary: accept
cf-placement: local-OSL
access-control-allow-headers: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: public,max-age=172800,stale-while-revalidate=7200
cf-images: internal=ok/- q=0 n=294+688 c=4+456 v=2026.4.1 l=35444 f=false c2=0
cf-ray: 9ef847e58d232efa-OSL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604170101/ 599 KB
187 KB 64ms
64ms Script
text/javascript 142.250.154.155
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604170101/pubads_impl.js?cb=31097963

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.154.155 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bt-in-f155.1e100.net

Software

cafe /

Resource Hash

3604812dbf7c5d6a35b490f22140c1bcb4f274f8325b05d342e1def7b4972224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 9165160390781671130
age: 52120
x-content-type-options: nosniff
expires: Tue, 20 Apr 2027 10:01:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 20 Apr 2026 10:01:53 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 191861
x-xss-protection: 0
server: cafe

GET
H2 200 cropped-joseph.ofonagoro-headshot-96x96.jpg
assets.techrepublic.com/uploads/2025/12/ 2 KB
2 KB 65ms
64ms Other
image/avif 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://assets.techrepublic.com/uploads/2025/12/cropped-joseph.ofonagoro-headshot-96x96.jpg

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

856d9f8af130794593655be2c4698e9229b3e0509a088233ce4be91449712018

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: br
cf-cache-status: HIT
etag: W/"cfXH18F8s0aV1LEqSMhQ1y8SItWUAlzIZqqdLvbVjyDQ"
age: 393136
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TBPUCGpmFfezsQukoFJMM8FyLGrhYAmfulLb341R8ROlerI54Igduu4J1SNS%2FnUZHUgwjyx%2BJ1%2FOlRA1fZjEweEKkcw%2BP5yUf5RFEqhnl5H5ON0lwQSGcMqK9PvkNXYDwOLqq42w3iwBbuEXftS7kplEp9Rt"}]}
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
date: Tue, 21 Apr 2026 00:30:33 GMT
content-type: image/avif
vary: accept
cf-placement: local-OSL
access-control-allow-headers: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: public,max-age=172800,stale-while-revalidate=7200
cf-images: internal=ok/- q=0 n=8+25 c=3+21 v=2026.4.0 l=1695 f=false c2=0
cf-ray: 9ef847e58d252efa-OSL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202604160101/ 64 KB
23 KB 71ms
70ms Other
text/plain 142.250.154.155
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202604160101/gpt

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.154.155 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bt-in-f155.1e100.net

Software

cafe /

Resource Hash

00cd519defdbc1ddeba378c2b76b4b626bce37f66fbf6ffce2f088a08efa21c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 6066547729234053981
age: 1521
x-content-type-options: nosniff
expires: Tue, 28 Apr 2026 00:05:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 21 Apr 2026 00:05:12 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23344
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202604160101"

GET
H2

200

main.js Show response
www.techrepublic.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0b8fb825cb67/ Frame A800
Redirect Chain

https://www.techrepublic.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.techrepublic.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0b8fb825cb67/main.js?

26 KB
12 KB

48ms
48ms

Script
application/javascript

2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0b8fb825cb67/main.js?

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1e55296ac5008ee9da085011e84164dd5889f5c5ecc71f01a166f376d79b9cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

cf-ray: 9ef847e6beb12efa-OSL
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: br
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
x-content-type-options: nosniff

Redirect headers

cf-ray: 9ef847e67e682efa-OSL
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/0b8fb825cb67/main.js?
content-length: 0
access-control-allow-origin: *
date: Tue, 21 Apr 2026 00:30:33 GMT
server: cloudflare

GET
H2 200 cmp2.js Show response
cmp.inmobi.com/tcfv2/ 582 KB
116 KB 67ms
67ms Script
text/javascript 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/choice/vPn77x7pBG57Y/www.techrepublic.com/choice.js?tag_version=V3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9043f7871e3e83306814ab6059d5d09b29ab1ba497dd19160bea23805f531f08

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: br
etag: W/"5e85d8bf07e710aeb9a305027ca02054"
age: 945
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-meta-qc-ineu: True
x-cache: Hit from cloudfront
x-amz-cf-id: HmIezpczhZ9UhHqzRl7Q9TWRAFX9DGWY10CTw7JBS6UXcW5ZYg7uLw==
date: Tue, 21 Apr 2026 00:14:50 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 15 Apr 2026 09:13:18 GMT
cache-control: max-age=3600
via: 1.1 256cd380c9790a2b71d68709829caa18.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 9ef847e37ac82efa Show response
www.techrepublic.com/cdn-cgi/challenge-platform/h/b/jsd/oneshot/0b8fb825cb67/0.4515596719016519:1776730247:BSWUczKjD4Sbc53Z7XsLy6cxgKJrhfT4Z0llpTnT5r4/ Frame A800 0
563 B 52ms
48ms XHR
text/plain 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://www.techrepublic.com/cdn-cgi/challenge-platform/h/b/jsd/oneshot/0b8fb825cb67/0.4515596719016519:1776730247:BSWUczKjD4Sbc53Z7XsLy6cxgKJrhfT4Z0llpTnT5r4/9ef847e37ac82efa
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

cf-ray: 9ef847e75f6f2efa-OSL
timing-allow-origin: https://www.techrepublic.com
content-length: 0
cf-chl-out-s: TtYOcJUo4E5aGa+wFAaSgw==$YQp2vOg/AhySC+xa33mIfA==
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

GET
H2 200 geoip Show response
cmp.inmobi.com/ 46 B
331 B 232ms
78ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/geoip
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: CloudFront /
Resource Hash: f5c282c3872dd67c84445707dccded91dbdbd1eeeb9818b194c596fdd342b005

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-expose-headers: *
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: FunctionGeneratedResponse from cloudfront
content-length: 46
x-amz-cf-id: fGpm1pPEkuQdEIm78rfsjWx940F47M5jEqjNzvQ8Z2mGHPcj8qKW5Q==
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/json
x-amz-cf-pop: FRA60-P7
server: CloudFront

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 415 KB
145 KB 82ms
81ms Script
application/javascript 2a00:1450:4001:c0f::61
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10858421135&cx=c&gtm=4e64h1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:c0f::61 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

69de8b31da3aaa093c9dd9769287f9b8a4abfa269ceb3e146efb705d8ac36f0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
expires: Tue, 21 Apr 2026 00:30:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 21 Apr 2026 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 147881
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 01192dc3-157f-4d5a-bea4-02f62692239e.js Show response
j.6sc.co/j/ 4 KB
2 KB 251ms
80ms Script
application/javascript 23.55.163.138
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://j.6sc.co/j/01192dc3-157f-4d5a-bea4-02f62692239e.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.163.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-55-163-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1f5d726220c5548a8299ad33abaca06c411b6c3aab5ef04f6198be2e5af5d6c2

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
content-encoding: gzip
etag: "e84f7894b4a939cc007c96d00ae58d4b"
x-amz-version-id: _wAHvYpAH5MRyEQxcbkuNU4ALEkESa_u
expires: Tue, 21 Apr 2026 01:00:34 GMT
accept-ranges: bytes
content-length: 1446
x-amz-cf-id: Cm0ItZ9D6c3opsMdHZDgftU0akcO3lDLGwwjL7yKMLiY5Lbb9R7sjA==
date: Tue, 21 Apr 2026 00:30:34 GMT
last-modified: Mon, 30 Oct 2023 20:27:34 GMT
x-amz-cf-pop: FRA60-P11
vary: Accept-Encoding
content-type: application/javascript
x-amz-server-side-encryption: AES256

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 507 KB
168 KB 117ms
117ms Script
application/javascript 2a00:1450:4001:c0f::61
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JFTFNVQ114&cx=c&gtm=4e64h1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:c0f::61 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f5f4371911536f2ff28896f1e60b6edf1a1754852633a6de7006927399501375

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 21 Apr 2026 00:30:34 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 171764
date: Tue, 21 Apr 2026 00:30:34 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 366 KB
97 KB 131ms
64ms Script
application/x-javascript 157.240.0.6
Facebook

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

5e84342b84b96b2570c7fb0a39483f96d4262e8c9d98436e1aa2aa813ca9f01b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob:;script-src .facebook.com .fbcdn.net .facebook.net blob: 'self' 'nonce-Er3p7PG0';style-src 'self' data: blob: 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.fbcdn.net attachment.fbsbx.com .cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net blob: 'self' 'nonce-Er3p7PG0';style-src 'self' data: blob: 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=23, mss=1232, tbw=4988, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: O55WXNxsJyzNph95nkS3ZvuF6g+i+p+WkLuYjZmFqmKAeNYq/6QPtgL+aTpFWbRcCmEF5+7MeqMFESO1200dgg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
content-length: 98771
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 qevents.js Show response
a.quora.com/ 41 KB
15 KB 114ms
37ms Script
text/plain 162.159.153.247
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.153.247 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3b9afdd92edf30d72dd52262c76b75781740b1cb885772194a47529eb1052df

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: H8.HsgWNgKILi9JR9TiInGCbVTRmJIEG
age: 2291911
etag: W/"213a2084d90a782e0ad733a5aa1e3202"
expires: Tue, 21 Apr 2026 04:30:34 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: text/plain
last-modified: Mon, 28 Oct 2024 23:32:34 GMT
x-amz-id-2: M3isvXm9TfqF63/D0Xb+j6fzk9TwXA1VMnlg6vVHpfeeWsG/1WaxiQOtPGoGiQJbeuflfEVDtGU=
cache-control: public, max-age=14400
x-amz-meta-s3cmd-attrs: md5:213a2084d90a782e0ad733a5aa1e3202
x-amz-request-id: Z0J4AD28TZ1MRM4T
cf-ray: 9ef847e8cfa6efaf-HEL
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 66 KB
19 KB 118ms
33ms Script
application/javascript 2a04:4e42:200::396
Fastly

General

Check archive.org

Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY - Fastly, Inc., US),
Reverse DNS
Software: snooserv /
Resource Hash: b18c4a1b228e07a07ed18ddf7b7b697f6e956b6e37ec9a0637ff90fbdd2c92f1

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
etag: "d1742abe56bac3eb8b496240b97b758d"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
alt-svc: h3=":443";ma=2592000;persist=1,h3-29=":443";ma=2592000;persist=1,h3-27=":443";ma=2592000;persist=1
date: Tue, 21 Apr 2026 00:30:34 GMT
last-modified: Tue, 31 Mar 2026 15:55:17 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
via: 1.1 varnish, 1.1 varnish
x-reddit-ct: v=1,dn=FT,p=HEL,cs=HIT
accept-ranges: bytes
content-length: 18643
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 client.min.js Show response
pixel.ngtrack.relay.cool/ 64 KB
22 KB 259ms
71ms Script
text/javascript 2600:9000:2644:1a00:1e:a1ed:6400:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://pixel.ngtrack.relay.cool/client.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:1a00:1e:a1ed:6400:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4018c71a4e0dd8425ec8d2b5efc5a7f101e65cb4edd82dd8d1d2f739bea91d4c

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-amz-cf-pop: FRA60-P6
content-encoding: gzip
etag: W/"a6b171d596de8c851d2e0f949e8702d1"
age: 50709
via: 1.1 d4b0acc43b96f7849332ef0fcc29ac32.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: YjNmZs53lyQZEa4XingJI4xQXH5QmdI6BQIIxU_ePt_n67mNbmh5Fg==
date: Mon, 20 Apr 2026 10:26:15 GMT
content-type: text/javascript
vary: Accept-Encoding
server: AmazonS3
last-modified: Thu, 21 Aug 2025 19:10:02 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 23 KB
8 KB 421ms
135ms Script
text/javascript 34.236.2.203
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.2.203 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-236-2-203.compute-1.amazonaws.com
Software: /
Resource Hash: 1bc4fd06422d89bbedbf19a9762538f035f2ae744a656dd5664cecf36520e2b4

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: *
cache-control: max-age=5
content-encoding: gzip
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: text/javascript

GET
H2 200 pixel
q.quora.com/_/ad/c0bfe3f1323f4beaa5fbdb71dbbd940b/ 43 B
344 B 272ms
175ms Image
image/gif 162.159.152.17
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://q.quora.com/_/ad/c0bfe3f1323f4beaa5fbdb71dbbd940b/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.152.17 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-q-stat: ,37bef6d72d74e03a3dce708bc5f7eea9,10.0.0.121,7000,193.138.7.170,,12771999056,1,1776731434.480,0.001,,.,0,0,0.000,0.001,-,0,0,184,232,116,10,34729,,,,,,-,
cf-ray: 9ef847e8ff5ed952-HEL
alt-svc: h3=":443"; ma=86400
content-length: 43
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: image/gif
server: cloudflare

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/a2_eirnw9mseud8/ 11 B
215 B 112ms
33ms XHR
application/json 151.101.129.140
Fastly

General

Check archive.org

Download Go to

Full URL: https://pixel-config.reddit.com/pixels/a2_eirnw9mseud8/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY - Fastly, Inc., US),
Reverse DNS
Software: snooserv /
Resource Hash: d1bae83c970a1937466b17bc239591f5f94afea943454ba03188cd1c70cb92dc

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
x-reddit-ct: v=1,dn=FT,p=HEL,cs=HIT,rb=9ca812731334dc8ddaacf7ecb3838958d87dbfc028827bd75e1a2d6d2c3e
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/json
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
666 B 235ms
146ms Image
image/gif 2a04:4e42:400::396
Fastly

General

Check archive.org

Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1776731434430&id=a2_eirnw9mseud8&event=PageVisit&m.value=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=35f42031-a605-493f-ade6-072e292ca8d0&aaid=&external_id=&idfa=&integration=gtm&partner=&partner_version=1.0.2&opt_out=0&sh=1600&sw=1200&v=rdt_f3936046&dpm=&dpcc=&dprc=
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY - Fastly, Inc., US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
x-reddit-ct: v=1,dn=FT,p=HEL,cs=HIT
accept-ranges: bytes
content-length: 42
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: image/gif
server: Varnish

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 532 KB
173 KB 77ms
77ms Script
application/javascript 142.251.20.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-613565886&cx=c&gtm=4e64h1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JFTFNVQ114&cx=c&gtm=4e64h1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.20.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bx-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

780fc58e32776194c184f4c861b9abd4cdc1d8481354a9381267d8e58bb340df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"group":"ascgsrsghrgc:71:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgsrsghrgc:71:0"}],}
expires: Tue, 21 Apr 2026 00:30:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgsrsghrgc:71:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgsrsghrgc:71:0
content-length: 177279
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 vendor-list-trimmed-v1.json Show response
cmp.inmobi.com/GVL-v3/ 694 KB
76 KB 89ms
89ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/GVL-v3/vendor-list-trimmed-v1.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f507ff63d2d8ce4e30a1b4aa2e5e63412ec162bbefb5f965b4b7977bd3bd171

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"720d2e77a47fd08fed99921cede44f82"
age: 1869
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: wHt2xVf4HqQMdIbuMP5AbuknzlR9RyfDyj3rMhOsvGb4rj3-MdQ4hg==
date: Mon, 20 Apr 2026 23:59:26 GMT
content-type: application/json
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Thu, 16 Apr 2026 23:59:17 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 78ms
77ms Script
application/javascript 23.55.163.138
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/j/01192dc3-157f-4d5a-bea4-02f62692239e.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.163.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-55-163-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 91c20c70d36b608cf919e894b0ac9e32298d6b3ac3ca59c45a85e7c44161d170

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-type: application/javascript
cache-control: private, max-age=10800
content-encoding: gzip
x-amz-version-id: P3wU2zsFsU_YKU_VzrjthagDfojxxkBN
etag: W/"bc32411fd6fa348d8203d2f26dd9866d"
expires: Tue, 21 Apr 2026 03:30:34 GMT
content-length: 18919
x-amz-cf-id: U56MTKcVS0r0IfgrjdNhvfCbOE0eAkCbE6py_YLutYbT0pNrPNpdow==
date: Tue, 21 Apr 2026 00:30:34 GMT
last-modified: Wed, 19 Feb 2025 12:59:27 GMT
vary: accept-encoding
x-amz-cf-pop: FRA60-P11
x-amz-server-side-encryption: AES256

GET
H3 200 195238849417509 Show response
connect.facebook.net/signals/config/ 191 KB
44 KB 224ms
224ms Script
application/x-javascript 157.240.0.6
Facebook

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/195238849417509?v=2.9.303&r=stable&domain=www.techrepublic.com&hme=97937018cefade17726f0472876fc101316b2ce9008a35a6a5a7977d7436151a&ex_m=104%2C205%2C154%2C22%2C72%2C73%2C145%2C68%2C67%2C11%2C162%2C90%2C16%2C138%2C127%2C39%2C75%2C78%2C134%2C159%2C164%2C8%2C4%2C5%2C7%2C6%2C3%2C91%2C101%2C165%2C170%2C219%2C62%2C186%2C187%2C55%2C276%2C30%2C74%2C231%2C230%2C229%2C23%2C33%2C103%2C61%2C10%2C63%2C97%2C98%2C99%2C105%2C130%2C31%2C29%2C132%2C133%2C129%2C128%2C155%2C76%2C158%2C156%2C157%2C50%2C60%2C123%2C15%2C161%2C45%2C263%2C264%2C262%2C26%2C27%2C28%2C48%2C146%2C77%2C112%2C18%2C20%2C44%2C40%2C42%2C41%2C83%2C92%2C96%2C110%2C144%2C147%2C46%2C111%2C24%2C21%2C119%2C69%2C36%2C149%2C148%2C150%2C141%2C139%2C25%2C35%2C59%2C109%2C160%2C70%2C17%2C152%2C114%2C81%2C66%2C19%2C85%2C86%2C116%2C84%2C136%2C135%2C34%2C278%2C293%2C212%2C201%2C202%2C200%2C296%2C288%2C52%2C213%2C107%2C131%2C80%2C121%2C54%2C47%2C49%2C113%2C120%2C126%2C58%2C64%2C151%2C115%2C37%2C32%2C53%2C56%2C100%2C163%2C1%2C124%2C14%2C122%2C12%2C2%2C57%2C93%2C65%2C118%2C89%2C88%2C166%2C167%2C94%2C95%2C9%2C125%2C102%2C51%2C142%2C87%2C79%2C71%2C117%2C106%2C43%2C143%2C0%2C82%2C137%2C140%2C153%2C38%2C108%2C13%2C168

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

02fd8ca8c6199da3fda3c3298e2449049573156c9cc40e5301a24bc00c481a08

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob:;script-src .facebook.com .fbcdn.net .facebook.net blob: 'self' 'nonce-wHQKKzt4';style-src 'self' data: blob: 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.fbcdn.net attachment.fbsbx.com .cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net blob: 'self' 'nonce-wHQKKzt4';style-src 'self' data: blob: 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=106, mss=1232, tbw=109584, tp=99, tpl=0, uplat=160, ullat=0
pragma: public
x-fb-debug: 2HjObhZpbGF9aAiSur9k+yl0iuIfeLlKcJNiTLNwQPlmMjVKs69frRujrswyiEFf6LY7MuOIMuC2Iu8VAlMDJQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 me Show response
traction.technologyadvice.com/ngt/ 270 B
511 B 710ms
439ms Fetch
application/json 13.248.160.219
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://traction.technologyadvice.com/ngt/me?fp=37f5cdf599be5a4a5229abe9936a5f74
Requested by: Host: pixel.ngtrack.relay.cool
URL: https://pixel.ngtrack.relay.cool/client.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.160.219 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ac4c1099eea1de9a4.awsglobalaccelerator.com
Software: istio-envoy / PHP/8.2.30
Resource Hash: 9355443525e8821e920dca71c8b88120b9086d405f1e75bad670a868d909465a

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, private
x-envoy-upstream-service-time: 279
access-control-allow-credentials: true
access-control-allow-origin: https://www.techrepublic.com
content-length: 270
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: application/json
vary: Origin
server: istio-envoy
x-powered-by: PHP/8.2.30

GET
H2 200 context Show response
traction.technologyadvice.com/ngt/ 30 B
203 B 169ms
169ms Fetch
application/json 13.248.160.219
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://traction.technologyadvice.com/ngt/context?url=https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Requested by: Host: pixel.ngtrack.relay.cool
URL: https://pixel.ngtrack.relay.cool/client.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.160.219 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ac4c1099eea1de9a4.awsglobalaccelerator.com
Software: istio-envoy / PHP/8.2.7
Resource Hash: b68beca8f71220e0fb8f9eeb42b9084041b526f292d491510c95b7455acfe36f

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, private
access-control-allow-origin: *
date: Tue, 21 Apr 2026 00:30:34 GMT
x-envoy-upstream-service-time: 16
content-type: application/json
x-powered-by: PHP/8.2.7
server: istio-envoy

GET getuidj
secure.adnxs.com/ 0
0

GET
H2

200

/ Show response
c.6sc.co/
Redirect Chain

https://c.6sc.co/
https://c.6sc.co/refresh
https://c.6sc.co/?m=1

47 B
331 B

72ms
71ms

XHR
text/plain

23.55.163.138
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://c.6sc.co/?m=1
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Server: 23.55.163.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-55-163-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: eebefd95a54988b1c131330ff7eb7528c87f2ce42fb0e38b224f8c39f3c3dc51

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
access-control-allow-credentials: true
expires: Tue, 21 Apr 2026 00:30:34 GMT
access-control-allow-origin: https://www.techrepublic.com
content-length: 47
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: text/plain
vary: Origin

Redirect headers

cache-control: max-age=0, no-cache, no-store
location: https://c.6sc.co/?m=1
pragma: no-cache
access-control-allow-credentials: true
expires: Tue, 21 Apr 2026 00:30:34 GMT
access-control-allow-origin: https://www.techrepublic.com
content-length: 0
date: Tue, 21 Apr 2026 00:30:34 GMT
vary: Origin
server: AkamaiGHost

GET
H2 200 / Show response
ipv6.6sc.co/ 22 B
318 B 211ms
63ms XHR
text/html 2a02:26f0:480:23::1726:62a7
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: /
Resource Hash: c952f1bf8495c4ad385081a5b48eace81ef49b67bcb280d80bcb1196a013bd32

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2a02:ed04:3581:2::e01f
expires: Tue, 21 Apr 2026 00:30:34 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1776731434737_388391911_73122815_36_1065_59_63_219";dur=1
access-control-allow-origin: https://www.techrepublic.com
content-length: 22
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: text/html
vary: Origin

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 134ms
133ms Stylesheet
text/css 34.236.2.203
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.2.203 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-236-2-203.compute-1.amazonaws.com
Software: /
Resource Hash: e268b163247d09b6ebcb1cd3d10706956ef3398e0c055269df9697dfcfcb6ccb

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 402ms
135ms Fetch
image/jpeg 34.236.2.203
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.2.203 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-236-2-203.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.techrepublic.com
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/jpeg

GET
H2 200 cmp-list.json Show response
cmp.inmobi.com/GVL-v2/ 27 KB
5 KB 80ms
80ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/GVL-v2/cmp-list.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27096be45a7df72be876e557b2ef25deebff750400b48eeb66d07fad50af2237

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"e990b7cf9199393903e62c6b3f4250ee"
age: 77391
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: xodOL2_QHanN9v8YdNnO1hzuX7E1XxRHj1NLjTK1ZAU-Lj4NOjU9pQ==
date: Mon, 20 Apr 2026 03:00:44 GMT
content-type: application/json
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 20 Apr 2026 03:00:42 GMT
cache-control: max-age=172800
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 746 B
661 B 207ms
97ms XHR
application/json 99.83.231.3
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: 0085e5ab573d43511563b001ad6a06c7e32ecae8257895e8c6a890ae9b86de24

Request headers

sec-ch-ua-platform: "Linux"
Authorization: Token 27bc951208126cf4a5f9631ab3ccbed8c6e4c6b2
X-6s-CustomID: WebTag 01192dc3-157f-4d5a-bea4-02f62692239e
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://www.techrepublic.com
content-length: 398
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: application/json
vary: Origin, Accept-Encoding

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 66ms
66ms Preflight 99.83.231.3
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.techrepublic.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Tue, 21 Apr 2026 00:30:34 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 309ms
153ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=null&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&v=1.1.31

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:35 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 311ms
156ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=null&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22f86eb9c23c229cf85c914907bf3b2e6f%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2227bc951208126cf4a5f9631ab3ccbed8c6e4c6b2%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%2201192dc3-157f-4d5a-bea4-02f62692239e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&v=1.1.31

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:35 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/gif

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 129ms
64ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=195238849417509&ev=PageView&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731434828&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[title]=Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=1&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&expv2[7]=pt0&rqm=GET

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=23, mss=1232, tbw=4764, tp=9, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:34 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
197 B 310ms
245ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=195238849417509&ev=PageView&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731434828&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[title]=Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=1&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&expv2[7]=pt0&rqm=FGET

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-TwpjvI1S' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003403275003083&cpp=C3&cv=1037726364&st=1776731434940"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: TZM9QgVyRwkAazG2KR9zu755pHnxv/y7RPHDFW9Oc1XPob10atheFQ1j1fghvRqeaQn/HTtJEpRYFI2w8T+OAg==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003403275003083&cpp=C3&cv=1037726364&st=1776731434940", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-TwpjvI1S' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=24, mss=1232, tbw=5404, tp=13, tpl=0, uplat=181, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 288ms
154ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=null&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=ipv6&q=%7B%22address%22%3A%222a02%3Aed04%3A3581%3A2%3A%3Ae01f%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Requested by

Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:35 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/gif

GET
H2 200 cmp2ui-fi.js Show response
cmp.inmobi.com/tcfv2/61/ 589 KB
127 KB 64ms
64ms Script
text/javascript 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/tcfv2/61/cmp2ui-fi.js
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0aaff7b7646e8d6561ae6ad6d2b074c7b4d04f0e3a779a03c8d2af294a4ae2fd

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: gzip
etag: W/"ab4ab4a9c3b579b777efcabc33f6afe8"
age: 141421
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: wPMMmy1piu0n8wMiVYsnr_xS0oQUv2f-qhrKH62san8lsnodbY3GlQ==
date: Sun, 19 Apr 2026 09:21:21 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 15 Apr 2026 09:13:05 GMT
cache-control: max-age=172800
cross-origin-resource-policy: cross-origin
via: 1.1 256cd380c9790a2b71d68709829caa18.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 vendor-list.json Show response
cmp.inmobi.com/GVL-v3/ 859 KB
89 KB 112ms
112ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/GVL-v3/vendor-list.json
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d2a2f4e30e0dfc471b96be769a867673261bc12e96f79b117d04f6b17448279c

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"3722186654014536960940bae148faee"
age: 1869
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: Hit from cloudfront
x-amz-cf-id: Wqgo73QYJ7rxjh5dju9_M0tuHLBwVyIXp2dFZOBGLN17gLLg8mpM3g==
date: Mon, 20 Apr 2026 23:59:26 GMT
content-type: application/json
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Thu, 16 Apr 2026 23:59:17 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 google-atp-list.json Show response
cmp.inmobi.com/tcfv2/ 170 KB
39 KB 86ms
86ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/tcfv2/google-atp-list.json
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: db33c3f8c0fdeccb17edfe988dca685b714c7b5b354b83a57bbfa8fa31e6624f

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"eeba5280f59ad607ed70250b45bd3f0f"
age: 77409
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: -R0Wz8pCW9xWNt8v2nqLFJM5NrIMTVkrPPga8WD0rGdVwKjV39Hkdg==
date: Mon, 20 Apr 2026 03:00:26 GMT
content-type: application/json
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 20 Apr 2026 03:00:25 GMT
cache-control: max-age=172800
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 visit-event
visit-server.inmobi-choice.io/ 0
0 200ms
63ms Ping
application/json 18.194.46.132
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://visit-server.inmobi-choice.io/visit-event
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.46.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-46-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

GET
H2 200 purposes-national-en.json Show response
cmp.inmobi.com/us-mspa/v1/ 10 KB
2 KB 159ms
159ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/us-mspa/v1/purposes-national-en.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c492ba8669f9c264c2a5cbe5f2d8c69036c82f167b0fe3dd3902ab7b84689685

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"dfdb6f6a5b81454fd2d0791320eda6f0"
age: 38
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: qVt78CReoQ-RNk_uSUym7xe5zHp5VLRAYqHkDvusPxa4kR5EKusO_A==
date: Tue, 21 Apr 2026 00:29:57 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 11 Dec 2025 09:56:40 GMT
cache-control: max-age=900
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 vendor-list-trimmed-v1.json Show response
cmp.inmobi.com/GVL-v3/ 694 KB
0 0ms
0ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/GVL-v3/vendor-list-trimmed-v1.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f507ff63d2d8ce4e30a1b4aa2e5e63412ec162bbefb5f965b4b7977bd3bd171

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"720d2e77a47fd08fed99921cede44f82"
age: 1869
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: wHt2xVf4HqQMdIbuMP5AbuknzlR9RyfDyj3rMhOsvGb4rj3-MdQ4hg==
date: Mon, 20 Apr 2026 23:59:26 GMT
content-type: application/json
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Thu, 16 Apr 2026 23:59:17 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 google-atp-list.json Show response
cmp.inmobi.com/tcfv2/ 170 KB
0 1ms
1ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/tcfv2/google-atp-list.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: db33c3f8c0fdeccb17edfe988dca685b714c7b5b354b83a57bbfa8fa31e6624f

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"eeba5280f59ad607ed70250b45bd3f0f"
age: 77409
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: -R0Wz8pCW9xWNt8v2nqLFJM5NrIMTVkrPPga8WD0rGdVwKjV39Hkdg==
date: Mon, 20 Apr 2026 03:00:26 GMT
content-type: application/json
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 20 Apr 2026 03:00:25 GMT
cache-control: max-age=172800
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 purposes-fi.json Show response
cmp.inmobi.com/google-basic-consent/v1/ 3 KB
1 KB 79ms
76ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/google-basic-consent/v1/purposes-fi.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7540a8bfcb1646c28958186c7d83e858225b4864a8bac099866749b718d8e961

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: W/"b6e9fd744e90fb3c9acd663933cef2d8"
age: 584
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: LdPPxuDkLtuBoXAmVACkOaN_zzoE9sF8Y3fKgF0vt4UtEcyD2-5Qiw==
date: Tue, 21 Apr 2026 00:20:57 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 05 Mar 2024 04:33:26 GMT
cache-control: max-age=900
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 purposes-fi.json Show response
cmp.inmobi.com/GVL-v3/ 45 KB
8 KB 79ms
79ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/GVL-v3/purposes-fi.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.techrepublic.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5ff4d35d405d734c57c020a0e012cfb805b54475516e27cf2660137a54830f3

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"dd76bfc9193932bf6a5f996d641d8606"
age: 1868
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: LY2XDn-xhw7F54TKFA7E6XlFog8HEYT6S59JACemNZTYX5zLfV3Qnw==
date: Mon, 20 Apr 2026 23:59:28 GMT
content-type: application/json
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Thu, 16 Apr 2026 23:59:23 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 147ms
74ms Fetch
image/gif 142.251.127.154
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ping?e=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604170101/pubads_impl.js?cb=31097963

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.127.154 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 21 Apr 2026 00:30:35 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 / Show response
api.cmp.inmobi.com/ 2 B
101 B 244ms
65ms XHR
text/plain 18.198.90.178
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://api.cmp.inmobi.com/?log=%7B%22accountId%22%3A%22vPn77x7pBG57Y%22%2C%22domain%22%3A%22www.techrepublic.com%22%2C%22publisher%22%3A%22TechRepublic%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.61%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22eYlMmZPu1ivCLSGtVN%2BKJA%22%2C%22tagVersion%22%3A%22V3%22%2C%22gvlVersion%22%3A3%2C%22siteUuid%22%3A%2216f97094-f5b6-4f94-b59a-4d618f5e0863%22%2C%22browserName%22%3A%22Chrome%22%2C%22deviceType%22%3A%22pc%22%2C%22cmpPlatform%22%3A%22Linux%22%2C%22pageFormat%22%3A%22HTTP%22%2C%22country%22%3A%22fin%22%2C%22region%22%3A%2218%22%2C%22city%22%3A%22espoo%22%2C%22configs%22%3A%7B%22gbcApplicable%22%3Atrue%2C%22themeUuid%22%3A%22d991b401-f166-4751-8482-0ac6310faeb3%22%2C%22language%22%3A%22fi%22%2C%22copApplicable%22%3Afalse%2C%22advancedApplicable%22%3Atrue%7D%2C%22existingCMPStatus%22%3Anull%2C%22existingGBCStatus%22%3Anull%2C%22existingConfigs%22%3A%7B%7D%2C%22manualTrigger%22%3Afalse%2C%22clientTimestamp%22%3A1776731435106%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-agagp71yacw7uaa5vp0h%22%7D
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/61/cmp2ui-fi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.198.90.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-198-90-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: *
content-length: 2
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: text/plain; charset=utf-8

GET
H2 200 geoip Show response
cmp.inmobi.com/ 46 B
329 B 78ms
77ms XHR
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/geoip
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/61/cmp2ui-fi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: CloudFront /
Resource Hash: f5c282c3872dd67c84445707dccded91dbdbd1eeeb9818b194c596fdd342b005

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-expose-headers: *
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: FunctionGeneratedResponse from cloudfront
content-length: 46
x-amz-cf-id: EssJpFQ_GnE-m-WM-otUGQQWctJ977O31z1Eb2X0XKXHNyJPQt_JPQ==
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: application/json
x-amz-cf-pop: FRA60-P7
server: CloudFront

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 185 B
383 B 134ms
134ms XHR
text/plain 34.236.2.203
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=3WSBKLflxq7D0ZW38xEGLA&is_js=true&landing_url=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&t=Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign&tip=1RmwseHtEBpHrhJ0GhswtJedUmo8seKiFPCKIxoBumU&host=https%3A%2F%2Fwww.techrepublic.com&sa_conv_data_css_value=%270-1a04b9d8-aac2-567a-6be4-a656ef790cd9%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd91a04b9d8aac2567a6be4a656ef790cd9c18a07aa&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v4=s%253A.o6W7wkJsHSTU4%252BLlDruZ%252FwNjVcUZZMvakQpSatDoAgo&sa-user-id-v3=s%253AAQAKIAdQVXiq_1COnXd1xUvKXnpkBL3zcejcAYHsz-A8zHvgEAEYAyCqipvPBjABOgTfv5tpQgS4YE4s.T6LN5uraCLAkhoGiaFuy2N0Mnvfm1EaCjHoYlA%252FF8ok&sa-user-id-v2=s%253AGgS52KrCVnpr5KZW73kM2cGKB6o.B2wMSsdoKHSnAGi3tVEVH%252F%252BEOi3PuBi9dVKFZgg3udI&sa-user-id=s%253A0-1a04b9d8-aac2-567a-6be4-a656ef790cd9.3oaGciNVByzIFgdlURwKzBXAsvPrPltz4WMAPbTZF1c
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.2.203 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-236-2-203.compute-1.amazonaws.com
Software: /
Resource Hash: 885f2834b2bbeac26211719030ffabacce6389829e53e8fc95e7d9d43c4920e5

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-methods: GET
access-control-allow-origin: https://www.techrepublic.com
content-length: 185
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: *

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 19 KB
6 KB 92ms
45ms Script
application/javascript 104.18.37.212
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.techrepublic.com
URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f63b0c60c778f3b13cce838210ec9a1e5d6e9a046bd827312113f1b9409336b4

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
x-amz-version-id: .5H8H8PTSWysIb.BZ4B_z8_AJK58g2kc
etag: W/"c88aad6be2aabd1e2727c646df466a66"
age: 82516
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: LYtJe5O4Ta5TCpzzZF3g5d0R_-GNmS2unbOR4WgXyv9yJQF2Y9eUyA==
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 13 Jan 2026 08:23:43 GMT
priority: u=3,i=?0
server-timing: cfExtPri
via: 1.1 02fc2a7dd7da879ffa283078e1626e5a.cloudfront.net (CloudFront)
cf-ray: 9ef847ee0dc632d9-HEL
x-amz-cf-pop: HEL51-P5
server: cloudflare

GET
H2 200 favicon.ico
www.techrepublic.com/wp-content/themes/techrepublic-theme/inc/images/app-icons/ 15 KB
3 KB 52ms
52ms Other
image/x-icon 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.techrepublic.com/wp-content/themes/techrepublic-theme/inc/images/app-icons/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2a77f3f4986b43e107b855e7a823d0d413f21a129f0fd6f956b7260dd679209

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"69e644d3-3aee"
age: 1733
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cpXsQTAeRi%2Ba%2BBcEeHXr%2Fnl45y%2BuKoiTauutUJZ7Mtdc26BTPIR3aacCDSWUflnJEL5JZRRWtwoIqYFCI71iEoCS3NRXmQNbtZvpKwvY2Nukc0RlhQ2HZcwQ3T4%2BGDmHISq6mARqerYdv%2FJJUVhNyEuO"}]}
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/x-icon
last-modified: Mon, 20 Apr 2026 15:22:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
reporting-endpoints: default="https://ta-ad-intervention-reporting.edgecompute.app?sitename=techrepublic"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: max-age=14400
x-envoy-upstream-service-time: 1
referrer-policy: no-referrer-when-downgrade
cf-ray: 9ef847eddf152efa-OSL
server: cloudflare

GET
H2 200 fi.json Show response
cmp.inmobi.com/custom-translations/vPn77x7pBG57Y/d991b401-f166-4751-8482-0ac6310faeb3/ 3 B
539 B 217ms
217ms Fetch
application/json 2600:9000:275b:2c00:1b:cadc:ef40:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cmp.inmobi.com/custom-translations/vPn77x7pBG57Y/d991b401-f166-4751-8482-0ac6310faeb3/fi.json
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/61/cmp2ui-fi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:2c00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: PYNbUVoFCSpAu9FFopj8fxuUw2Qem-RpSIdKsuaT2HLBQ6JJ9DxI9w==
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Tue, 07 Jan 2025 06:13:45 GMT
access-control-allow-credentials: true
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: https://www.techrepublic.com
content-length: 3
x-amz-cf-pop: FRA60-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 tr-logo-large.png
assets.techrepublic.com/uploads/2022/01/ 17 KB
17 KB 62ms
62ms Image
image/avif 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://assets.techrepublic.com/uploads/2022/01/tr-logo-large.png?qc-size=746,183

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d2f37f25094a3b818b36ed3c8aace0b0abe770f54f512349c3bfdca71509c3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:;
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: br
cf-cache-status: HIT
etag: W/"cfFUKXCwr9Ks5obQQf732EJnBjGRfk0uMIfogBdGdYDQ"
age: 1929748
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mlNWD0CkhNOTcJeSs4aaVws9qOKb6ZNRoJhVwCdRsYa4g4erpKd28BrUTtZwwH%2FBYf1IlbTtsH%2Fjyl%2FZS9CiAT6YnhHHdYV8%2BiaMyfOvxulEbGPNu5LLV4ZJ4DZ12Dvwavz3Z%2F7OCdQeCf%2BTqa5mjqX93Av7"}]}
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/avif
vary: accept
cf-placement: local-OSL
access-control-allow-headers: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:;
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: public,max-age=172800,stale-while-revalidate=7200
cf-images: internal=ok/- q=0 n=449+140 c=0+73 v=2026.2.12 l=17250 f=false c2=0
cf-ray: 9ef847ee2f6d2efa-OSL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 611 B
838 B 210ms
210ms Fetch
application/json 104.18.37.212
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 262bb85893fe3089dd66b01dc7a13e3ef04ac7c98f7ba4009a47fd6d01f70b71

Request headers

sec-ch-ua-platform: "Linux"
Authorization: Bearer 15ea09908c1685545788
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Content-Type: application/json
session-id: null
visited_url: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"263-lTx9k09O9OQtucKpfdR0jZvSnnQ"
apigw-requestid: cJO-3jKSvHcEM8g=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 3lfa7d_BYQ5AUDKwOue8A0E7o7kmrWZwCpziz4RvbJnekut3HolLWA==
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: application/json; charset=utf-8
vary: Origin
priority: u=1,i
server-timing: cfExtPri
access-control-allow-credentials: true
via: 1.1 ce092593abf1e734c982d9f9b72f7234.cloudfront.net (CloudFront)
cf-ray: 9ef847efefee32d9-HEL
access-control-allow-origin: https://www.techrepublic.com
x-amz-cf-pop: HEL51-P5
x-powered-by: Express
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 249ms
214ms Preflight 104.18.37.212
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,session-id,visited_url
Access-Control-Request-Method: GET
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken,session-id
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.techrepublic.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: cJO-1hgzPHcEMFA=
cf-cache-status: DYNAMIC
cf-ray: 9ef847ee9e4632d9-HEL
date: Tue, 21 Apr 2026 00:30:35 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
vary: Origin
via: 1.1 56e454cf792979d53001005fbb2ef24c.cloudfront.net (CloudFront)
x-amz-cf-id: 8SFPn6oMG8W7ruVb5F7sTsDByxQ_NFEosnTTZ7jFtIgt38-qmCo7pg==
x-amz-cf-pop: HEL51-P5
x-cache: Miss from cloudfront
x-powered-by: Express

POST
H2 200 collect Show response
ngt-api-v2.technologyadvice.com/api/ 53 B
642 B 155ms
62ms Fetch
application/json 2606:4700:20::ac43:4a13
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ngt-api-v2.technologyadvice.com/api/collect

Requested by

Host: pixel.ngtrack.relay.cool
URL: https://pixel.ngtrack.relay.cool/client.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a13 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

349e79fc9efd2cbb4d70d6a1f44d77b013e56aef3a9580c9ce34d58975dd902f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/json
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=15552000; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: gzip
access-control-allow-credentials: true
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=iAOZnz24ZioX7A9dLKdJWshEaVSEW2JmRQ2Vnskh%2Bv14MIalGa369V1utz4deKO1TOyFwtETe%2B0Bvs9IHlnpDorM%2Fn9YnQmHQHbw7LxOUEXum37f2DQjuHUA8SwRN2k%2FxfKbsq5WRni2lahoPr4wYJ%2FKiseO29T4WVac3dw%3D"}]}
cf-ray: 9ef847f08b438be6-OSL
access-control-allow-origin: https://www.techrepublic.com
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: application/json
server: cloudflare

OPTIONS
H2 200 collect
ngt-api-v2.technologyadvice.com/api/ Frame 0
0 160ms
53ms Preflight 2606:4700:20::ac43:4a13
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ngt-api-v2.technologyadvice.com/api/collect

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a13 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.techrepublic.com
access-control-max-age: 86400
cf-ray: 9ef847efa9c256a4-OSL
content-length: 0
date: Tue, 21 Apr 2026 00:30:35 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uJbK4HIRNuBrnNMR7U59xWT47pqiCOYtFOqYw1IRBRKUazJxHjXxs%2BlIjHR5BPSoCyC1pDKAvGmlAjKjvchWoxFJIamujc455SMWaHnqQmUkfJlCw2hEOlMipYFQq2y9kkzsMvFwdwiPjteIvEsDZmo82X%2FgYbl5G%2Ft5VbY%3D"}]}
server: cloudflare
strict-transport-security: max-age=15552000; preload

GET
H2 200 tr-logo-large.png
assets.techrepublic.com/uploads/2022/01/ 17 KB
17 KB 60ms
59ms Other
image/avif 2606:4700:20::681a:26f
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://assets.techrepublic.com/uploads/2022/01/tr-logo-large.png?qc-size=746,183

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:26f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d2f37f25094a3b818b36ed3c8aace0b0abe770f54f512349c3bfdca71509c3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:;
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
content-encoding: br
cf-cache-status: HIT
etag: W/"cfFUKXCwr9Ks5obQQf732EJnBjGRfk0uMIfogBdGdYDQ"
age: 1929748
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=54CcfGy5oR%2BWh7GXJGwq%2BUu040bCsodRGuTDAs3W13laRNMJywFvtHM%2FZVkmy%2FOzZ%2Faqh93rCE9BLDievOgzw2fcBbAATsrcO06B%2FNS56YKEiVLopPippQITnzcMYsLuqg02ef0RcpBJdXHEWagNcLWYVdS5"}]}
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/avif
vary: accept
cf-placement: local-OSL
access-control-allow-headers: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:;
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: public,max-age=172800,stale-while-revalidate=7200
cf-images: internal=ok/- q=0 n=449+140 c=0+73 v=2026.2.12 l=17250 f=false c2=0
cf-ray: 9ef847ef89392efa-OSL
access-control-allow-origin: *
server: cloudflare

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 159ms
158ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:35 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: image/gif

GET
H2 200 b65d7d7005337f7bd4bd291d1d48ebb9.js Show response
ob.forseasky.com/i/ 119 KB
45 KB 208ms
69ms Script
text/javascript 2600:9000:208a:f000:13:4898:69c0:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://ob.forseasky.com/i/b65d7d7005337f7bd4bd291d1d48ebb9.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:208a:f000:13:4898:69c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Caddy /
Resource Hash: b5d087da3a9f6a160df9b1f3d39dead9695a93fbcf2978d49285a745c539cab4

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=43200
content-encoding: gzip
etag: "1dce7-HKozq0yrT7znoOh3PFJoQ6uosbE"
age: 18602
via: 1.1 4d4680d03dbc233f4f8d4e3d75985c84.cloudfront.net (CloudFront)
expires: Tue, 21 Apr 2026 07:20:33 GMT
x-cache: Hit from cloudfront
content-length: 45266
x-amz-cf-id: pMA3Cxm8bMa5nTp6715jJ_0N7-0mB6vfggITYhZBRdaLP-0abJNMxA==
date: Mon, 20 Apr 2026 19:20:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: Caddy
x-amz-cf-pop: FRA60-P13

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/65b8177df2344349bef9263e/ Frame 0
0 244ms
195ms Preflight
text/html 104.16.117.43
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/65b8177df2344349bef9263e/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,event-id,session-id,visited-url
Access-Control-Request-Method: GET
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi,event-id,session-id
access-control-allow-origin: https://www.techrepublic.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9ef847f18d1475f5-HEL
content-length: 8
content-type: text/html; charset=utf-8
date: Tue, 21 Apr 2026 00:30:35 GMT
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
ip2org-ext: gke
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-envoy-upstream-service-time: 14
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 zischedule.js Show response
schedule.zoominfo.com/ 51 KB
17 KB 238ms
63ms Script
application/javascript 2600:9000:2251:5800:18:7586:ce00:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://schedule.zoominfo.com/zischedule.js

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:5800:18:7586:ce00:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

33a5df8c05e4e5a58d267c82b7d213e1e7819f8aa5c4902aea0f9e1e8557ece8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

vary: Accept-Encoding
content-encoding: gzip
etag: W/"a60c505519b915a6b8c0e63e56db49d6"
x-amz-version-id: GtMRWUjKzm6Xx7Z__7g3tmgWMHPECu5l
age: 53472
x-content-type-options: nosniff
via: 1.1 6ae82cc0c8a39c993134c2be90b4d120.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: PG7reujy00ojkfRstaj5Dv-TcV06V8_iLS3jlc-20j0F9vwoGEReEw==
date: Mon, 20 Apr 2026 22:59:17 GMT
content-type: application/javascript
last-modified: Thu, 23 Oct 2025 06:02:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
x-amz-server-side-encryption: AES256

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 49 KB
14 KB 97ms
52ms Script
application/javascript 104.16.118.43
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=A2aW0Q==, md5=JRurSHzL3UB0yE1Wjm0Zqg==
cf-cache-status: DYNAMIC
etag: W/"251bab487ccbdd4074c84d568e6d19aa"
age: 640
content-encoding: gzip
x-goog-stored-content-encoding: identity
expires: Tue, 21 Apr 2026 01:19:55 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 50634
server-timing: cfExtPri
date: Tue, 21 Apr 2026 00:30:35 GMT
content-type: application/javascript
last-modified: Wed, 06 Nov 2024 05:44:23 GMT
priority: u=3,i=?0
x-guploader-uploadid: AMNfjG2UJ09TbUL3MRgDe1UPQ6cmTpyXgwqompskqo0_Yad0yYe9msmgbzw731PekK6_y2k
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
cf-ray: 9ef847f18d8e70dd-HEL
x-goog-generation: 1730871862939881
server: cloudflare

GET
H3 200 / Show response
ws.zoominfo.com/pixel/65b8177df2344349bef9263e/ 6 KB
3 KB 268ms
231ms Fetch
text/javascript 104.16.117.43
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/65b8177df2344349bef9263e/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9811cf31d0fb7733c8df0db2400e313bb8695ffe29d2c4cab645067f2347914d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_vtok: MTkzLjEzOC43LjE3MA==
visited-url: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
event-id: e9d9dfb4-a463-46f4-a53b-98fea453bf8a
sec-ch-ua-mobile: ?0
_zitok: 949cca16cb8085a219ce1776731435
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Content-Type: text/javascript
session-id: 6286033ad8ecece9986e6b8b0e4c5b602fe7fadbef6e3adffff203bbb75fc114

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
ip2org-ext: gke
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: text/javascript
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi,event-id,session-id
x-envoy-upstream-service-time: 46
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 9ef847f30d7175f6-HEL
access-control-allow-origin: https://www.techrepublic.com
x-powered-by: Express
server: cloudflare

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 175ms
175ms Preflight
text/html 104.16.117.43
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok,session-id
access-control-allow-origin: https://www.techrepublic.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9ef847f21d3f75f5-HEL
content-length: 4
content-type: text/html; charset=utf-8
date: Tue, 21 Apr 2026 00:30:35 GMT
etag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 2 B
567 B 180ms
179ms Fetch
application/json 104.16.117.43
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Authorization: bearer aa9e2c281d16fe6c50798ac3f9a5d8
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/json
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json; charset=utf-8
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok, session-id
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 9ef847f32d7975f6-HEL
access-control-allow-origin: https://www.techrepublic.com
content-length: 2
x-powered-by: Express
server: cloudflare

POST
H2 200 ct Show response
obs.forseasky.com/ 7 KB
3 KB 569ms
287ms XHR
application/json 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://obs.forseasky.com/ct
Requested by: Host: ob.forseasky.com
URL: https://ob.forseasky.com/i/b65d7d7005337f7bd4bd291d1d48ebb9.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: faaa51f9b9310e729b3d869976e00dcba823b7d1ae9b8dbdd8d13cc4486a24a1

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.techrepublic.com
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.techrepublic.com
content-length: 2535
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json

GET
BLOB 200
OK 8940c511-a103-4be6-a85d-d3a9eefcf1b2 Show response
https://www.techrepublic.com/ 6 KB
0 Script
text/javascript

General

Check archive.org

Download Go to

Full URL: blob:https://www.techrepublic.com/8940c511-a103-4be6-a85d-d3a9eefcf1b2
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9811cf31d0fb7733c8df0db2400e313bb8695ffe29d2c4cab645067f2347914d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 5693

GET
H2 200 data.js Show response
tags.clickagy.com/ 40 KB
14 KB 271ms
84ms Script
text/javascript 2600:9000:2761:9000:4:8491:f2c0:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad96

Requested by

Host: www.techrepublic.com
URL: blob:https://www.techrepublic.com/8940c511-a103-4be6-a85d-d3a9eefcf1b2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2761:9000:4:8491:f2c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c664e2b2ae4ed326da469a049bd05693505f90f3a09b7e31c98e4815830a0eee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: W/"d27ded9df3d11e8cc3d6cd0af3f4d62c"
x-amz-version-id: 4WGIW0KF64_1AxefyuMKa.9moUOS12Nx
age: 86162
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: fyfv49-x2P5TgehAVX2vWKCTOGCR_fshljZYUlFyTzK__21o2BLPow==
date: Mon, 20 Apr 2026 00:34:35 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
last-modified: Mon, 02 Mar 2026 14:41:49 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: strict-origin-when-cross-origin
via: 1.1 cc4cf609fb0281d98d6d93c0f4650efa.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA60-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 37 KB
12 KB 243ms
78ms Script
application/javascript 18.172.112.126
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.techrepublic.com
URL: blob:https://www.techrepublic.com/8940c511-a103-4be6-a85d-d3a9eefcf1b2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.112.126 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-18-172-112-126.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b4b3224b47cf1a01124a946f59e93e49468741accb3729419d0c8dff1a2ebae0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: W/"e6dc9e0683fb2394273f06ce07924a8f"
Age: 44697
Connection: keep-alive
Via: 1.1 0e49b385c2bbe9db0820bc1551bde98a.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 1c0ibUpzFQOZNVrg-_-w3KyHFmXiKpkWYroI3JCp9R6X38qw5SlcZw==
Date: Mon, 20 Apr 2026 12:05:40 GMT
Content-Type: application/javascript
Last-Modified: Sun, 19 Apr 2026 12:04:50 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2

200

cei Show response
match.adsrvr.org/track/ Frame C2C8
Redirect Chain

https://insight.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https://www.techrepublic.com/article/news-android-malware-stealing-pin-overl...
https://match.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https%3a%2f%2fwww.techrepublic.com&redirect=1

385 B
369 B

94ms
82ms

Document
text/html

3.33.220.150
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://match.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https%3a%2f%2fwww.techrepublic.com&redirect=1
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 794966f3f58a1394a1f4874f1082f1f48ba519a90771d4cf321831d4c10f67ed

Request headers

Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

content-encoding: gzip
content-type: text/html
date: Tue, 21 Apr 2026 00:30:36 GMT
server: Kestrel
vary: Accept-Encoding

Redirect headers

content-length: 40
content-type: text/html
date: Tue, 21 Apr 2026 00:30:36 GMT
location: https://match.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https%3a%2f%2fwww.techrepublic.com&redirect=1
server: Kestrel

POST
H2 200 data Show response
aorta.clickagy.com/ 23 B
476 B 553ms
264ms XHR
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad96
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: 83bb09b0175b25d81f46ebb4a0f9e1d45504d9073d8209db0dd5e186c9040303

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 84b053ef4250
access-control-allow-origin: https://www.techrepublic.com
content-length: 48
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 114
aorta.clickagy.com/channel-sync/ 43 B
469 B 551ms
264ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/channel-sync/114?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 520bb12e780b
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 5
aorta.clickagy.com/channel-sync/ 43 B
469 B 425ms
138ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/channel-sync/5?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 1ff83b18e3e2
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 124
aorta.clickagy.com/channel-sync/ 43 B
470 B 424ms
138ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/channel-sync/124?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: f9c7811a6f93
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 128
aorta.clickagy.com/channel-sync/ 43 B
469 B 425ms
138ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/channel-sync/128?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 1ff83b18e3e2
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 321
aorta.clickagy.com/channel-sync/ 43 B
468 B 425ms
139ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/channel-sync/321?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 7ca310a2630e
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 318
aorta.clickagy.com/channel-sync/ 43 B
469 B 263ms
263ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/channel-sync/318?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: f9c7811a6f93
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H3 200 861593688406080 Show response
connect.facebook.net/signals/config/ 86 KB
16 KB 233ms
233ms Script
application/x-javascript 157.240.0.6
Facebook

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/861593688406080?v=2.9.303&r=stable&domain=www.techrepublic.com&hme=97937018cefade17726f0472876fc101316b2ce9008a35a6a5a7977d7436151a&ex_m=104%2C205%2C154%2C22%2C72%2C73%2C145%2C68%2C67%2C11%2C162%2C90%2C16%2C138%2C127%2C39%2C75%2C78%2C134%2C159%2C164%2C8%2C4%2C5%2C7%2C6%2C3%2C91%2C101%2C165%2C170%2C219%2C62%2C186%2C187%2C55%2C276%2C30%2C74%2C231%2C230%2C229%2C23%2C33%2C103%2C61%2C10%2C63%2C97%2C98%2C99%2C105%2C130%2C31%2C29%2C132%2C133%2C129%2C128%2C155%2C76%2C158%2C156%2C157%2C50%2C60%2C123%2C15%2C161%2C45%2C263%2C264%2C262%2C26%2C27%2C28%2C48%2C146%2C77%2C112%2C18%2C20%2C44%2C40%2C42%2C41%2C83%2C92%2C96%2C110%2C144%2C147%2C46%2C111%2C24%2C21%2C119%2C69%2C36%2C149%2C148%2C150%2C141%2C139%2C25%2C35%2C59%2C109%2C160%2C70%2C17%2C152%2C114%2C81%2C66%2C19%2C85%2C86%2C116%2C84%2C136%2C135%2C34%2C278%2C293%2C212%2C201%2C202%2C200%2C296%2C288%2C52%2C213%2C107%2C131%2C80%2C121%2C54%2C47%2C49%2C113%2C120%2C126%2C58%2C64%2C151%2C115%2C37%2C32%2C53%2C56%2C100%2C163%2C1%2C124%2C14%2C122%2C12%2C2%2C57%2C93%2C65%2C118%2C89%2C88%2C166%2C167%2C94%2C95%2C9%2C125%2C102%2C51%2C142%2C87%2C79%2C71%2C117%2C106%2C43%2C143%2C0%2C82%2C137%2C140%2C153%2C38%2C108%2C13%2C168%2C228%2C227%2C222%2C224%2C225%2C226%2C223%2C211%2C221%2C193%2C190%2C191%2C185%2C189%2C192%2C188%2C183%2C316%2C196%2C215%2C184%2C182%2C235%2C206%2C176%2C177%2C172%2C178%2C175%2C173%2C174%2C171%2C169%2C180%2C181%2C179%2C265%2C315%2C194%2C238%2C239%2C244%2C241%2C243%2C242%2C240%2C237%2C252%2C248%2C249%2C247%2C253%2C250%2C246%2C251%2C245

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

f0c988a75f18d9d2fe4db5273f1843153ee09bea99b93d502e5404c0219bc56f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob:;script-src .facebook.com .fbcdn.net .facebook.net blob: 'self' 'nonce-uYAWHHsL';style-src 'self' data: blob: 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.fbcdn.net attachment.fbsbx.com .cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net blob: 'self' 'nonce-uYAWHHsL';style-src 'self' data: blob: 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=145, mss=1232, tbw=156864, tp=140, tpl=0, uplat=169, ullat=0
pragma: public
x-fb-debug: bUSTd7X8Jr872h2ojHuF/A6hNCR/XD3YoEwJ1YcStu6Y3T+gDroM8WLcgTeCzbu7X85iV0RD2y+gW5UYsx1ktQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 bat.js Show response
bat.bing.com/ 54 KB
15 KB 205ms
72ms Script
application/javascript 2620:1ec:33::10
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: ob.forseasky.com
URL: https://ob.forseasky.com/i/b65d7d7005337f7bd4bd291d1d48ebb9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

855230e1321917153b6859521e1ccfab0dce7497f88645e73d7e6db9c4bbe3b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "808fed96cbddc1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0701F5F6C285440A8A2BC2D86C37560B Ref B: STOEDGE1211 Ref C: 2026-04-21T00:30:36Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 15402
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/javascript
last-modified: Thu, 26 Mar 2026 22:06:51 GMT
vary: Accept-Encoding

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 367 KB
132 KB 82ms
82ms Script
application/javascript 142.251.20.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-613565886&cx=c&gtm=4e64h1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.20.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bx-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

d8a93d054b8ad0ec1343898462d446cbbbdb742b85f2eeb743c7bf543e19742a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
expires: Tue, 21 Apr 2026 00:30:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 21 Apr 2026 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 135584
x-xss-protection: 0
server: Google Tag Manager

POST
H3 204 /
pagead2.googlesyndication.com/pagead/conversion/613565886/ 0
0 75ms
75ms Fetch
text/html 142.251.127.154
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/conversion/613565886/?random=1776731436549&cv=11&fst=1776731436549&bg=ffffff&guid=ON&async=1&en=conversion&gtm=45be64h1v871098444za20gzb849030200zd849030200xec&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0~115938466~115938468~117266400&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rcb=8&label=9X7nCO6Sr78ZEL6LyaQC&gtm_ee=1&frm=0&tiba=Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign&hn=www.googleadservices.com&npa=1&us_privacy=1---&pscdl=denied&uaa=x86&uab=64&uafvl=Chromium%3B147.0.0.0%7CGoogle%2520Chrome%3B147.0.0.0%7CNot-A.Brand%3B24.0.0.0&uamb=0&uam=&uap=Linux&uapv=&uaw=0&gpp=DBAA&gpp_sid=2&_tu=CA&data=event%3Dconversion&category=acrcp_v1_512&fmt=8

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-613565886&cx=c&gtm=4e64h1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.127.154 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lcfrai-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.techrepublic.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 21 Apr 2026 00:30:36 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET
H2

200

/
www.google.fi/pagead/1p-conversion/613565886/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGx...
https://www.google.com/pagead/1p-conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGxAgiwwbECCLHDsQIIisWxA...
https://www.google.fi/pagead/1p-conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGxAgiwwbECCLHDsQIIisWxAg...

42 B
455 B

214ms
78ms

Image
image/gif

2a00:1450:4001:c0f::5e
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.fi/pagead/1p-conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCLTGsQIIk9qxAgjb3LECCIfbsQII08WxAgjrzLECCO3OsQII1c-xAgj02rECCJfUsQIIyduxAgix4bECCLPhsQIIpt2xAgiw3rECCIDbsQI&cerd=CgEA&fsk=ChEI8J2XzwYQtPrI6ansi_GNARIsAPY4WZl7D0vfwNzuWcvd4EOjWlXPCrKSem8YH0KzXRwIyVEXV_BON5Y0v3YaAgCH&is_vtc=1&cid=CAQSUAAFq6B98bnpmMN26FsNoFUvPQ96M2bXhne36GujJN0zSHyEXFgjuyhthehUlJUSMhPbbo2_R1LAfzEVXbMQtPtUbrFEOdHiN7zJsDaerM4r&random=3509592619&ipr=y&pscrd=IhMI4-mTsdj9kwMV0kIdCR1c7AXrMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOlZodHRwczovL3d3dy50ZWNocmVwdWJsaWMuY29tL2FydGljbGUvbmV3cy1hbmRyb2lkLW1hbHdhcmUtc3RlYWxpbmctcGluLW92ZXJsYXktYXR0YWNrL3oMCAliCAgAEAAYACAA

Protocol

Server

2a00:1450:4001:c0f::5e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 21 Apr 2026 00:30:37 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.fi/pagead/1p-conversion/613565886/?label=9X7nCO6Sr78ZEL6LyaQC&guid=ON&script=0&ct_cookie_present=false&random=268674260&crd=CLTesQII8t-xAgit4bECCKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCLTGsQIIk9qxAgjb3LECCIfbsQII08WxAgjrzLECCO3OsQII1c-xAgj02rECCJfUsQIIyduxAgix4bECCLPhsQIIpt2xAgiw3rECCIDbsQI&cerd=CgEA&fsk=ChEI8J2XzwYQtPrI6ansi_GNARIsAPY4WZl7D0vfwNzuWcvd4EOjWlXPCrKSem8YH0KzXRwIyVEXV_BON5Y0v3YaAgCH&is_vtc=1&cid=CAQSUAAFq6B98bnpmMN26FsNoFUvPQ96M2bXhne36GujJN0zSHyEXFgjuyhthehUlJUSMhPbbo2_R1LAfzEVXbMQtPtUbrFEOdHiN7zJsDaerM4r&random=3509592619&ipr=y&pscrd=IhMI4-mTsdj9kwMV0kIdCR1c7AXrMgwIA2IICAAQABgAIAAyDAgEYggIABAAGAAgADIMCAdiCAgAEAAYACAAMgwICGIICAAQABgAIAAyDAgJYggIABAAGAAgADIMCApiCAgAEAAYACAAMgwIAmIICAAQABgAIAAyDAgLYggIABAAGAAgADIMCBViCAgAEAAYACAAMgwIH2IICAAQABgAIAAyDAgTYggIABAAGAAgADIMCBJiCAgAEAAYACAAOlZodHRwczovL3d3dy50ZWNocmVwdWJsaWMuY29tL2FydGljbGUvbmV3cy1hbmRyb2lkLW1hbHdhcmUtc3RlYWxpbmctcGluLW92ZXJsYXktYXR0YWNrL3oMCAliCAgAEAAYACAA
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 21 Apr 2026 00:30:36 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 tc_imp.gif
obs.forseasky.com/tracker/ 43 B
79 B 134ms
133ms Image
image/gif 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://obs.forseasky.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126de8c036eb43899b9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5811856b2117070100b1eabfd72e30d691830529381cf6646541c2628b70cd16390772c007060b30070dc6ec634766f633b76ddd41a5c238f45b68a85b7f7f19c84ffe1fbe85ddcd3fe02805f52b94a851678d0139427b4499d6006ef572afe6dce34d4fbd438fb739e82b8f6bc506971932eb6e50bb451151728f5b24b4a2e3be3eb321bc19d90df35e691bb8d63c69472307c02d99d511f66b33fc8aa1530d3a7e83e17b72f0d918012f47761908a19e341b0563d9865569d0f2ae7b80970e214673b2b6d6ccda28e388c15bef5182582062d3e88ad6a762c19ebb74923009cffacf3e0404b5342eba9a0664bb8bae768707a946e1d71bc01bc2c777c26d63c49f24db6695d2bbf189beb20b36e471e3a9f02b5433bbdb7f82f100ef574c138f191ec593db858ce99025843cd79fbf987ffc6b7b3a8f796795999e0324c0fe78aa0fe0de419162be32414752dc3bb40b93c8ad71ad8428c053f699dbd86985554122ef55181c735d79d7a260af0ad7da9127a49728bdde6cdc85a9a62ec1f0f758656f85e51e1c8ae6521442f5acba74d24388f64ebdf224b360b274c441de15cbba7e924c72a6ecc7242d35721136190f4fb8eb9e3f8a57f6410e037aeaa85d81c95e55a9e99be3e332d0e7f6a294e4bda61a3c60a212d8f2203a91497706c57f4f273e8527f62347869295718072d63b8aac2bcbbf0e987f0c252800780d9bc7eddc3e7e569c194093d0dcbfb3c2531782a2ff2184c51878dbdb0e3d69f991d94a20b727855c831be33f9b14c7c913f8ba35fe9a88d29b477eeee03b60836aa78db0af10806f280b06936f5f4db2a45693f112ca98f6d44699c2de671c3d55bf23aa02ad53b582689231463f0458343681328ec04b3dc12e97d88b67cbd35fcf312afb03763e9ef6d00d5de876f68f14d9022f762fff3a53fda7b66b8a093e928177e3cdc1edc4078309472807f36924559b960b5fbb38e4fbdf4cfdb98c0f5f00d76d4a6878ad6e30998bf20a53d03463d9fcea5ddb96fe964b28bb2ca9533b129d327c2c84945d1ed5b4b681bbed4df330a772c77194cd10ceeefb222bfdc61d938cb4b3d8e1969061009eec26569223804ac01cf3ee2bb4dd929622e394dff9e75424d7b2b3bc51cb578b5b0a704d2b99d22b3cdc79f80483df24a71634f03c1ddc3ab68e7c74a17b625301c5b2ca27db9e027e65557483cdd7a8912a8409a9fe7167c1901c43191e2a4b7dbc64f0ae3945f4b5ac9cbae3eedfe48d77bfa09803383a1230227674579857094ca0effdad35b48e7a1dcac312fbcb46d2cb9491c2b8e942a2408551ab70fccabeded125228b84cced2b2e6c3980dbdbb27d55ffc0007514b86ca4322402f70eb2379d442f90065396d8c2ade791cfab8b668f12dad46987b9fe803a&cri=RUWmc3SAHd&ts=592&cb=1776731436562
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
date: Tue, 21 Apr 2026 00:30:36 GMT
pragma: no-cache
content-type: image/gif

GET bb54d2b1-1a39-4ac5-acb9-aada557fcfa0
https://www.techrepublic.com/ 0
0

GET /
invalid/ 0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 155ms
155ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A35%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:36 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: image/gif

GET
H2 200 355032810.js Show response
bat.bing.com/p/action/ 399 B
427 B 74ms
73ms Script
application/javascript 2620:1ec:33::10
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/p/action/355032810.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

0622e3fde788e8f4938993664ebe05946ff8085c891eb94415561c784f62876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5A81499E10474B599BFF84D1416C9165 Ref B: STOEDGE1211 Ref C: 2026-04-21T00:30:36Z
x-cache: CONFIG_NOCACHE
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H3 200 1522913644386643 Show response
connect.facebook.net/signals/config/ 96 KB
18 KB 247ms
246ms Script
application/x-javascript 157.240.0.6
Facebook

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/1522913644386643?v=2.9.303&r=stable&domain=www.techrepublic.com&hme=97937018cefade17726f0472876fc101316b2ce9008a35a6a5a7977d7436151a&ex_m=104%2C205%2C154%2C22%2C72%2C73%2C145%2C68%2C67%2C11%2C162%2C90%2C16%2C138%2C127%2C39%2C75%2C78%2C134%2C159%2C164%2C8%2C4%2C5%2C7%2C6%2C3%2C91%2C101%2C165%2C170%2C219%2C62%2C186%2C187%2C55%2C276%2C30%2C74%2C231%2C230%2C229%2C23%2C33%2C103%2C61%2C10%2C63%2C97%2C98%2C99%2C105%2C130%2C31%2C29%2C132%2C133%2C129%2C128%2C155%2C76%2C158%2C156%2C157%2C50%2C60%2C123%2C15%2C161%2C45%2C263%2C264%2C262%2C26%2C27%2C28%2C48%2C146%2C77%2C112%2C18%2C20%2C44%2C40%2C42%2C41%2C83%2C92%2C96%2C110%2C144%2C147%2C46%2C111%2C24%2C21%2C119%2C69%2C36%2C149%2C148%2C150%2C141%2C139%2C25%2C35%2C59%2C109%2C160%2C70%2C17%2C152%2C114%2C81%2C66%2C19%2C85%2C86%2C116%2C84%2C136%2C135%2C34%2C278%2C293%2C212%2C201%2C202%2C200%2C296%2C288%2C52%2C213%2C107%2C131%2C80%2C121%2C54%2C47%2C49%2C113%2C120%2C126%2C58%2C64%2C151%2C115%2C37%2C32%2C53%2C56%2C100%2C163%2C1%2C124%2C14%2C122%2C12%2C2%2C57%2C93%2C65%2C118%2C89%2C88%2C166%2C167%2C94%2C95%2C9%2C125%2C102%2C51%2C142%2C87%2C79%2C71%2C117%2C106%2C43%2C143%2C0%2C82%2C137%2C140%2C153%2C38%2C108%2C13%2C168%2C228%2C227%2C222%2C224%2C225%2C226%2C223%2C211%2C221%2C193%2C190%2C191%2C185%2C189%2C192%2C188%2C183%2C316%2C196%2C215%2C184%2C182%2C235%2C206%2C176%2C177%2C172%2C178%2C175%2C173%2C174%2C171%2C169%2C180%2C181%2C179%2C265%2C315%2C194%2C238%2C239%2C244%2C241%2C243%2C242%2C240%2C237%2C252%2C248%2C249%2C247%2C253%2C250%2C246%2C251%2C245

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

04755d9e4839e486e18240aa4f1a238890ea2962611c85e54b4dca5a50cf9c6a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob:;script-src .facebook.com .fbcdn.net .facebook.net blob: 'self' 'nonce-WspXBqWA';style-src 'self' data: blob: 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.fbcdn.net attachment.fbsbx.com .cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net blob: 'self' 'nonce-WspXBqWA';style-src 'self' data: blob: 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=154, mss=1232, tbw=175136, tp=160, tpl=0, uplat=182, ullat=0
pragma: public
x-fb-debug: XB77hAkBYdsqCy7WywUNyAP0IBqQe4lJigWs5Si4HW8Kr71/TY/IhZlpfZQOhEgYDdHy5v0zHV0jSX/xNZzW6w==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 65ms
65ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=195238849417509&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731436792&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=27, mss=1232, tbw=9308, tp=21, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
194 B 96ms
96ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=195238849417509&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731436792&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-4B1bFn2u' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003412153770253&cpp=C3&cv=1037726364&st=1776731436842"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: AEz8MozvLLJAa+fuGRsXnPBnnFj51E3nJetTa8fks/F4tHBRrY2qWJTBWqSJEGHLwRA9W+X/eGrfovXjBeUL2Q==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003412153770253&cpp=C3&cv=1037726364&st=1776731436842", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-4B1bFn2u' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=27, mss=1232, tbw=9660, tp=25, tpl=0, uplat=31, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 65ms
64ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=861593688406080&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731436795&sw=1600&sh=1200&v=2.9.303&r=stable&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=27, mss=1232, tbw=9500, tp=23, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
194 B 99ms
98ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=861593688406080&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731436795&sw=1600&sh=1200&v=2.9.303&r=stable&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-G9ybbFMX' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003411799310186&cpp=C3&cv=1037726364&st=1776731436841"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:36 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003411799310186&cpp=C3&cv=1037726364&st=1776731436841", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-G9ybbFMX' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: ZYKHwbB/1rsNUmbIopY+or5yPt8XpZudyUsKBmmF7frZhul3qAQDiHehrsSvX/Hu6bgYM/+D5qfPOgoip3mL2Q==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=27, mss=1232, tbw=12268, tp=28, tpl=0, uplat=33, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H/1.1 200
OK universal_pixel.js Show response
js.adsrvr.org/ Frame C2C8 422 B
958 B 441ms
147ms Script
application/javascript 18.172.112.61
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://js.adsrvr.org/universal_pixel.js
Requested by: Host: match.adsrvr.org
URL: https://match.adsrvr.org/track/cei?advertiser_id=xchfcvh&cookie_sync=1&upv=3.0.0&upid=5fjyxkv&gdpr=1&gdpr_consent=&ref=https%3a%2f%2fwww.techrepublic.com&redirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.112.61 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-18-172-112-61.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2538590b87a5eb44bb27a7a5039451a5606d80c587cb361de40ed4193c9a552f

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://match.adsrvr.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

Vary: Accept-Encoding
ETag: "4e7de5ca0248ffa6216174e643f3112d"
Age: 44698
Connection: keep-alive
Via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 422
X-Amz-Cf-Id: f4JyXeKmnVSH6eHkN_tOXW_q_zZ9WYkN2gb7ClFq2TAsdg-rT7RMFw==
Date: Mon, 20 Apr 2026 12:05:40 GMT
Content-Type: application/javascript
Last-Modified: Sun, 19 Apr 2026 12:04:51 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
x-amz-server-side-encryption: AES256

POST
H2 204 0
bat.bing.net/actionp/ 0
119 B 214ms
76ms Ping
text/plain 2620:1ec:33:1::10
Microsoft Corpora...

General

Check archive.org

Download Go to

Full URL: https://bat.bing.net/actionp/0?ti=355032810&Ver=2&mid=b2ce0dc4-4b00-427b-870f-a40c6ea956b2&bo=1&evt=consent&src=default&cdb=AQAU&asc=D
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4085078315BA48AB9F4FB0B7136D479F Ref B: STOEDGE1621 Ref C: 2026-04-21T00:30:36Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Tue, 21 Apr 2026 00:30:36 GMT

GET
H2 204 0
bat.bing.net/action/ 0
118 B 212ms
76ms Image
text/plain 2620:1ec:33:1::10
Microsoft Corpora...

General

Check archive.org

Download Go to Show image

Full URL: https://bat.bing.net/action/0?ti=355032810&Ver=2&mid=b2ce0dc4-4b00-427b-870f-a40c6ea956b2&bo=2&pi=918639831&lg=fi-FI&sw=1600&sh=1200&sc=24&tl=Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign&p=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&r=&lt=1753&evt=pageLoad&sv=2&asc=D&cdb=AQAU&rn=347995
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC733220219E4AAF81F7A7BEBE7AB75A Ref B: STOEDGE1621 Ref C: 2026-04-21T00:30:36Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Tue, 21 Apr 2026 00:30:36 GMT

GET
H2 204 0
bat.bing.net/action/ 0
344 B 212ms
76ms Image
text/plain 2620:1ec:33:1::10
Microsoft Corpora...

General

Check archive.org

Download Go to Show image

Full URL: https://bat.bing.net/action/0?ti=355032810&Ver=2&mid=b2ce0dc4-4b00-427b-870f-a40c6ea956b2&bo=3&ec=CHEQ&el=Invalid_Users&ev=0&ea=Invalid_Users&en=Y&p=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&sw=1600&sh=1200&sc=24&evt=custom&asc=D&cdb=AQAU&rn=931637
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3DA81DCF32F048DF9C5A841CFC8C70E2 Ref B: STOEDGE1621 Ref C: 2026-04-21T00:30:36Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Tue, 21 Apr 2026 00:30:36 GMT

GET
H2 200 pixel.gif
aorta.clickagy.com/ 43 B
469 B 135ms
134ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/pixel.gif?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 84b053ef4250
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 4
aorta.clickagy.com/channel-sync/ 43 B
469 B 136ms
135ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/channel-sync/4?clkgypv=jstag
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 520bb12e780b
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 pixel.gif
aorta.clickagy.com/ 43 B
469 B 135ms
135ms Image
application/json 3.208.130.193
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://aorta.clickagy.com/pixel.gif?ch=319&cm=949cca16cb8085a219ce1776731435
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.130.193 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-130-193.compute-1.amazonaws.com
Software: Aorta/20260420.b197bb96a /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: f9c7811a6f93
access-control-allow-origin: *
content-length: 61
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/json
server: Aorta/20260420.b197bb96a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H3 200 1694856440786573 Show response
connect.facebook.net/signals/config/ 86 KB
16 KB 234ms
234ms Script
application/x-javascript 157.240.0.6
Facebook

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/1694856440786573?v=2.9.303&r=stable&domain=www.techrepublic.com&hme=97937018cefade17726f0472876fc101316b2ce9008a35a6a5a7977d7436151a&ex_m=104%2C205%2C154%2C22%2C72%2C73%2C145%2C68%2C67%2C11%2C162%2C90%2C16%2C138%2C127%2C39%2C75%2C78%2C134%2C159%2C164%2C8%2C4%2C5%2C7%2C6%2C3%2C91%2C101%2C165%2C170%2C219%2C62%2C186%2C187%2C55%2C276%2C30%2C74%2C231%2C230%2C229%2C23%2C33%2C103%2C61%2C10%2C63%2C97%2C98%2C99%2C105%2C130%2C31%2C29%2C132%2C133%2C129%2C128%2C155%2C76%2C158%2C156%2C157%2C50%2C60%2C123%2C15%2C161%2C45%2C263%2C264%2C262%2C26%2C27%2C28%2C48%2C146%2C77%2C112%2C18%2C20%2C44%2C40%2C42%2C41%2C83%2C92%2C96%2C110%2C144%2C147%2C46%2C111%2C24%2C21%2C119%2C69%2C36%2C149%2C148%2C150%2C141%2C139%2C25%2C35%2C59%2C109%2C160%2C70%2C17%2C152%2C114%2C81%2C66%2C19%2C85%2C86%2C116%2C84%2C136%2C135%2C34%2C278%2C293%2C212%2C201%2C202%2C200%2C296%2C288%2C52%2C213%2C107%2C131%2C80%2C121%2C54%2C47%2C49%2C113%2C120%2C126%2C58%2C64%2C151%2C115%2C37%2C32%2C53%2C56%2C100%2C163%2C1%2C124%2C14%2C122%2C12%2C2%2C57%2C93%2C65%2C118%2C89%2C88%2C166%2C167%2C94%2C95%2C9%2C125%2C102%2C51%2C142%2C87%2C79%2C71%2C117%2C106%2C43%2C143%2C0%2C82%2C137%2C140%2C153%2C38%2C108%2C13%2C168%2C228%2C227%2C222%2C224%2C225%2C226%2C223%2C211%2C221%2C193%2C190%2C191%2C185%2C189%2C192%2C188%2C183%2C316%2C196%2C215%2C184%2C182%2C235%2C206%2C176%2C177%2C172%2C178%2C175%2C173%2C174%2C171%2C169%2C180%2C181%2C179%2C265%2C315%2C194%2C238%2C239%2C244%2C241%2C243%2C242%2C240%2C237%2C252%2C248%2C249%2C247%2C253%2C250%2C246%2C251%2C245%2C233%2C210

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

e52edee8baf9c6b89fabaaf4fd2f0eeb717b1fd707d5a4c31214ae75240fa349

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob:;script-src .facebook.com .fbcdn.net .facebook.net blob: 'self' 'nonce-PPRPDk1Q';style-src 'self' data: blob: 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.fbcdn.net attachment.fbsbx.com .cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net blob: 'self' 'nonce-PPRPDk1Q';style-src 'self' data: blob: 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src 'self' data: blob:;img-src 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=154, mss=1232, tbw=195328, tp=178, tpl=0, uplat=170, ullat=1
pragma: public
x-fb-debug: CnsR7g2AHE/QWCzwDwSY7IUCrsXPF4Edy1j8gp55m23sSmtXU/DWjYOwKDpmd89ZKa2dJPauTclPnhQRpBUaPA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 64ms
63ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=195238849417509&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437055&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=2&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=32, mss=1232, tbw=15388, tp=37, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
192 B 95ms
95ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=195238849417509&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437055&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=2&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-3UdfhePr' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003417827920008&cpp=C3&cv=1037726364&st=1776731437103"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: LwxkY921/iNWmvebvGcGFOegVMj268yZ5NcxjQ6U2VQ69gIo6xWJ693YAkw2fnlcOuwCKFT0ntbts9FrfO33SA==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003417827920008&cpp=C3&cv=1037726364&st=1776731437103", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-3UdfhePr' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=32, mss=1232, tbw=15932, tp=43, tpl=0, uplat=30, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 65ms
64ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=861593688406080&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437057&sw=1600&sh=1200&v=2.9.303&r=stable&ec=1&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=32, mss=1232, tbw=15612, tp=39, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 99ms
99ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=861593688406080&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437057&sw=1600&sh=1200&v=2.9.303&r=stable&ec=1&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-6dBPSwJ4' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003415920512000&cpp=C3&cv=1037726364&st=1776731437105"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: ws5OPfjEhl+A/hUdPMso08hUA9tDYoXfOym9z2jUbnrNqYtVQ05GpuNqSgTbEx4HVgRB0EV0oOaU/IgZcjzSOA==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003415920512000&cpp=C3&cv=1037726364&st=1776731437105", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-6dBPSwJ4' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=32, mss=1232, tbw=21196, tp=50, tpl=0, uplat=35, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 65ms
64ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1522913644386643&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437059&sw=1600&sh=1200&v=2.9.303&r=stable&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=32, mss=1232, tbw=15772, tp=41, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
197 B 95ms
95ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1522913644386643&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437059&sw=1600&sh=1200&v=2.9.303&r=stable&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-YhWefuA2' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003416666353092&cpp=C3&cv=1037726364&st=1776731437105"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: m+rhAeFW0bZYTzej4gOG+5FXJBO+s1WXAVPdiL7Bfvp0tODjFNtdG18RW/aNtKvZ/JLnNCSdsKUqYpYxnQsE7g==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003416666353092&cpp=C3&cv=1037726364&st=1776731437105", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-YhWefuA2' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=32, mss=1232, tbw=18540, tp=46, tpl=0, uplat=30, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 did-0060.min.js Show response
d-code.liadm.com/ 137 KB
47 KB 200ms
66ms Script
application/javascript 2600:9000:2013:7400:1c:2afd:fb00:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://d-code.liadm.com/did-0060.min.js
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2013:7400:1c:2afd:fb00:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: 7a444cf388a2ef2a53ecf19cbca8043d8327b3d16c6cdb4a00dca61efd6350d2

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: public,max-age=86400
content-encoding: gzip
etag: W/"7dd6c438"
age: 48654
via: 1.1 a6a96f99e311fd858031f2643574b448.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: FH7zPwWrenjXmuX2YCmBb6MBUqo8j7Ck5VI7X46-wvmrG2QndLsM1A==
date: Mon, 20 Apr 2026 10:59:43 GMT
content-type: application/javascript
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P14

GET
H2 200 quant.js Show response
secure.quantserve.com/ 33 KB
12 KB 219ms
61ms Script
application/javascript 2620:116:800d:21:b314:a0ef:ab7c:d546
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: dab57fd1fa79022a4fc26533b9c0d5d2f59ae80d86a2a0d72ca53639b2f633c3

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private, max-age=86400
content-encoding: gzip
etag: "ynV3urHYPJfGyLW/1QBWiQ=="
expires: Wed, 22 Apr 2026 00:30:37 GMT
accept-ranges: bytes
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 142 KB
48 KB 243ms
72ms Script
application/javascript 18.66.112.45
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57GHMWX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.45 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-18-66-112-45.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75534697de4704806bc35430ff4f3aa6e44a440ed57baf1a7c5172467b57bad3

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

vary: Accept-Encoding
cache-control: max-age=600; must-revalidate
content-encoding: gzip
etag: W/"73260119db06802524d26f628a3293b3"
age: 557
via: 1.1 fc562aab29280948aa0691960bee3d6a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: CmdEFoNnTut5zfcsePBcihJXkMseD--YOJGz6kYxXKseeONxCO7O2g==
date: Tue, 21 Apr 2026 00:21:21 GMT
content-type: application/javascript
last-modified: Tue, 07 Apr 2026 14:35:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
330 B 452ms
136ms XHR
text/plain 44.207.218.96
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.207.218.96 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-44-207-218-96.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-expose-headers: content-length, last-modified, expires, content-type
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://www.techrepublic.com
content-length: 28
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain; charset=utf-8
vary: origin

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 63ms
63ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=195238849417509&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437302&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=3&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=24044, tp=58, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 97ms
96ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=195238849417509&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437302&sw=1600&sh=1200&v=2.9.303&r=stable&a=tmSimo-GTM-WebTemplate&ec=3&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-5Jr3Epy1' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003415914351959&cpp=C3&cv=1037726364&st=1776731437352"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: o/8wAl/0wt3KiA6Ay0eWEhu8yo6bN5rpdJkvKprJjxVpkBGtSDyLgdGh9+rW5Q20z7EXSaeDXZ2rkzewfCKz1w==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003415914351959&cpp=C3&cv=1037726364&st=1776731437352", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-5Jr3Epy1' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=27500, tp=72, tpl=0, uplat=33, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 64ms
63ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=861593688406080&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437304&sw=1600&sh=1200&v=2.9.303&r=stable&ec=2&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=24332, tp=62, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
197 B 98ms
98ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=861593688406080&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437304&sw=1600&sh=1200&v=2.9.303&r=stable&ec=2&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-QplvDgGb' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003416151512060&cpp=C3&cv=1037726364&st=1776731437353"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003416151512060&cpp=C3&cv=1037726364&st=1776731437353", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-QplvDgGb' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: gQNR6QSX72tdHeGpmXfrKUD1C7h36qIuKKZgMAlX2WF65+ioEiCUljCTltnsA2X75pguzOfhSXkSEDrJASNUgA==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=32764, tp=79, tpl=0, uplat=33, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 65ms
64ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1522913644386643&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437306&sw=1600&sh=1200&v=2.9.303&r=stable&ec=1&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=24524, tp=64, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
197 B 94ms
94ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1522913644386643&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437306&sw=1600&sh=1200&v=2.9.303&r=stable&ec=1&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el3&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-5HDF4IAL' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003417303482329&cpp=C3&cv=1037726364&st=1776731437352"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: +8iStWYrSEN91cHKhchfBtRvmPZwQpzy+IOGcZ4FOC/XkwtCgZcKvnSt6Ldz1Diwcd4vXxZtxK9YzF3iwOZdLQ==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003417303482329&cpp=C3&cv=1037726364&st=1776731437352", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-5HDF4IAL' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=24844, tp=68, tpl=0, uplat=30, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 66ms
65ms Image
text/plain 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1694856440786573&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437308&sw=1600&sh=1200&v=2.9.303&r=stable&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=24684, tp=66, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=1,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 98ms
98ms Image
image/png 157.240.0.35
Facebook

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1694856440786573&ev=CHEQ&dl=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&rl=&if=false&ts=1776731437308&sw=1600&sh=1200&v=2.9.303&r=stable&ec=0&o=4126&fbp=fb.1.1776731434824.77972536156354380&ler=empty&cdl=API_unavailable&pmd[locale]=en_US&pmd[description]=Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.&plt=576.5&it=1776731434556&coo=false&dpo=LDU&dpoco=0&dpost=0&expv2[0]=pl0&expv2[1]=el2&expv2[2]=bc1&expv2[3]=ra2&expv2[4]=rp2&expv2[5]=ct3&expv2[6]=hf0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-4RFlJNE7' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7631003415800180983&cpp=C3&cv=1037726364&st=1776731437354"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: VHuegRokD/rHR+JHvI3b5r2sRAR8cg6UZCbEBMHRJTB/Ek/z1nBfRhWvqB4iu9YaicLKxkWnf9jjhzjXunyxOQ==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7631003415800180983&cpp=C3&cv=1037726364&st=1776731437354", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-4RFlJNE7' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=39, mss=1232, tbw=30156, tp=76, tpl=0, uplat=32, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 rules-p-vPn77x7pBG57Y.js Show response
rules.quantcount.com/ 160 B
642 B 273ms
82ms Script
application/javascript 2600:9000:223c:2000:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://rules.quantcount.com/rules-p-vPn77x7pBG57Y.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:2000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57e25351698008c152def2252df991ef9ea533a9ae65349a4373c566f10cdb20

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

etag: "87da5e86bb69919cf8f217fb885e757d"
age: 291
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: bTOucmf26hSVl7NPnMy14dOqXwq5INSLZa0rTch23j0eMPKqtNsHhg==
date: Tue, 21 Apr 2026 00:25:47 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 13 Oct 2022 15:23:25 GMT
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 160
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 407ms
145ms Preflight
text/plain 99.83.154.140
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method: GET
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin: https://www.techrepublic.com
access-control-max-age: 1800
allow: HEAD,GET,OPTIONS
content-length: 18
content-type: text/plain
date: Tue, 21 Apr 2026 00:30:37 GMT

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 288 B
498 B 150ms
150ms Fetch
application/json 99.83.154.140
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by: Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: 1d3e8990254a6cde3934fc7bffd3bec73c39468565b2b0a95b23fb6ab30d67ff

Request headers

sec-ch-ua-platform: "Linux"
authorization: Bearer c111b46e82c7b26105b18e294b06bc60
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
x-lib-version: v1.0.1
x-referring-url: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
accept: application/json
content-type: application/json
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

cache-control: no-store
content-encoding: gzip
pragma: no-cache
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
access-control-allow-credentials: true
allowedorigins: *
expires: -1
access-control-allow-origin: *
allowedmethods: GET,OPTIONS
content-length: 197
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/json
vary: Accept-Encoding

POST
H2 200 realtimeconversion Show response
insight.adsrvr.org/track/ 36 B
354 B 244ms
82ms XHR
application/json 15.197.193.217
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://insight.adsrvr.org/track/realtimeconversion
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 15a3dc247a9802298e21568c4d7d501a6236c246e9a2257177799a5400844740

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
eventDataSourceVersion: 3.0.0
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Content-type: application/json
eventDataSource: JsSdk

Response headers

content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://www.techrepublic.com
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/json
vary: Accept-Encoding
server: Kestrel
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type

OPTIONS
H2 200 realtimeconversion
insight.adsrvr.org/track/ Frame 0
0 246ms
82ms Preflight
application/json 15.197.193.217
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://insight.adsrvr.org/track/realtimeconversion
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,eventdatasource,eventdatasourceversion
Access-Control-Request-Method: POST
Origin: https://www.techrepublic.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, ttdSignature, eventDataSource, eventDataSourceVersion
access-control-allow-origin: https://www.techrepublic.com
content-encoding: gzip
content-type: application/json
date: Tue, 21 Apr 2026 00:30:37 GMT
server: Kestrel
vary: Accept-Encoding

GET
H2 204 any Show response
idx.liadm.com/idex/did-0060/ 0
375 B 413ms
137ms XHR
text/plain 44.215.230.32
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://idx.liadm.com/idex/did-0060/any?duid=4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev&did=did-0060&cd=.techrepublic.com&pu=https%3A%2F%2Fwww.techrepublic.com%2F&us_privacy=1---&gpp_s=DBAA&gpp_as=2&_fbp=fb.1.1776731434824.77972536156354380&resolve=md5

Requested by

Host: d-code.liadm.com
URL: https://d-code.liadm.com/did-0060.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.215.230.32 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-44-215-230-32.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3599, private
trace-id: 3e2163a99a615dda
request-time: 2
access-control-allow-credentials: true
expires: Tue, 21 Apr 2026 01:30:37 GMT
access-control-allow-origin: https://www.techrepublic.com
date: Tue, 21 Apr 2026 00:30:37 GMT
vary: Origin

POST
H2 200 mon Show response
obs.forseasky.com/ 0
41 B 136ms
135ms XHR
application/json 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://obs.forseasky.com/mon
Requested by: Host: ob.forseasky.com
URL: https://ob.forseasky.com/i/b65d7d7005337f7bd4bd291d1d48ebb9.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.techrepublic.com
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 mon Show response
obs.forseasky.com/ 0
16 B 139ms
138ms XHR
application/json 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://obs.forseasky.com/mon
Requested by: Host: ob.forseasky.com
URL: https://ob.forseasky.com/i/b65d7d7005337f7bd4bd291d1d48ebb9.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.techrepublic.com
content-length: 0
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 154ms
153ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A36%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:37 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:37 GMT
content-type: image/gif

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1776731438494&did=did-0060&se=e30&duid=4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev&tv=v3.14.0&pu=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-steal...
https://rp4.liadm.com/j?dtstmp=1776731438494&did=did-0060&se=e30&duid=4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev&tv=v3.14.0&pu=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stea...

13 B
339 B

436ms
138ms

XHR
application/json

3.220.93.70
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://rp4.liadm.com/j?dtstmp=1776731438494&did=did-0060&se=e30&duid=4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev&tv=v3.14.0&pu=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&ext__fbp=fb.1.1776731434824.77972536156354380&us_privacy=1---&wpn=lc-bundle&wpv=v3.14.0&gpp_s=DBAA&gpp_as=2&cd=.techrepublic.com&pv=7cc2fa15-ee8a-44b3-ba59-7d9898c6e403&i6=MmEwMjplZDA0OjM1ODE6Mjo6ZTAxZg%3D%3D
Protocol: H2
Server: 3.220.93.70 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-220-93-70.compute-1.amazonaws.com
Software: /
Resource Hash: efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/

Response headers

x-pixel-event-id: b1e4b17e-f925-4ebf-b22f-6ab709de3f33
access-control-max-age: 86400
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: null
content-length: 13
date: Tue, 21 Apr 2026 00:30:39 GMT
content-type: application/json

Redirect headers

access-control-max-age: 86400
access-control-expose-headers: *
location: https://rp4.liadm.com/j?dtstmp=1776731438494&did=did-0060&se=e30&duid=4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev&tv=v3.14.0&pu=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&ext__fbp=fb.1.1776731434824.77972536156354380&us_privacy=1---&wpn=lc-bundle&wpv=v3.14.0&gpp_s=DBAA&gpp_as=2&cd=.techrepublic.com&pv=7cc2fa15-ee8a-44b3-ba59-7d9898c6e403&i6=MmEwMjplZDA0OjM1ODE6Mjo6ZTAxZg%3D%3D
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.techrepublic.com
content-length: 0
date: Tue, 21 Apr 2026 00:30:38 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 167ms
167ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A37%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:38 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:38 GMT
content-type: image/gif

POST
H2 200 mon Show response
obs.forseasky.com/ 0
39 B 142ms
140ms XHR
application/json 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://obs.forseasky.com/mon
Requested by: Host: ob.forseasky.com
URL: https://ob.forseasky.com/i/b65d7d7005337f7bd4bd291d1d48ebb9.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.techrepublic.com
content-length: 0
date: Tue, 21 Apr 2026 00:30:39 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 153ms
153ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A38%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:39 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:39 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 155ms
155ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A39%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:40 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:40 GMT
content-type: image/gif

POST
H2 200 collect Show response
ngt-api-v2.technologyadvice.com/api/ 53 B
385 B 53ms
51ms Fetch
application/json 2606:4700:20::ac43:4a13
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ngt-api-v2.technologyadvice.com/api/collect

Requested by

Host: pixel.ngtrack.relay.cool
URL: https://pixel.ngtrack.relay.cool/client.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a13 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

349e79fc9efd2cbb4d70d6a1f44d77b013e56aef3a9580c9ce34d58975dd902f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/json
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=15552000; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: gzip
access-control-allow-credentials: true
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DdKEKAXqk8ledRf9GPLynDH6tB2MXHDH3dwxy544pdC7tdQ1iYWqbl%2Fl6xUBkjCyeQq0%2F1mB81EboCdJGP1SPUkWiOUGVZL8QHIf4VamKV3Z60D9WQR%2BbekR0LAOWPu5oRxPaeQrqJO8S%2BTL8iEacu%2BAtzmamw9%2FYzGAE40%3D"}]}
cf-ray: 9ef848103a538be6-OSL
access-control-allow-origin: https://www.techrepublic.com
date: Tue, 21 Apr 2026 00:30:40 GMT
content-type: application/json
server: cloudflare

POST
H2 200 mon Show response
obs.forseasky.com/ 0
39 B 138ms
137ms XHR
application/json 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://obs.forseasky.com/mon
Requested by: Host: ob.forseasky.com
URL: https://ob.forseasky.com/i/b65d7d7005337f7bd4bd291d1d48ebb9.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.techrepublic.com
content-length: 0
date: Tue, 21 Apr 2026 00:30:41 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 154ms
154ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A40%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%227004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:41 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:41 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 154ms
154ms Image
image/gif 23.50.131.146
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f86eb9c23c229cf85c914907bf3b2e6f&svisitor=8aa2371735e639002ac5e669220300004b7e3100&visitor=c4dbcd77-f6a5-4136-8265-6106ef46f5b5&session=12ca50cb-967e-46d0-8eb4-3091779bf656&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Apr%202026%2000%3A30%3A41%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%228005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Four%20Android%20banking%20malware%20campaigns%20are%20targeting%20more%20than%20800%20apps%20by%20abusing%20overlays%2C%20Accessibility%20permissions%2C%20and%20sideloaded%20fake%20apps%20to%20steal%20PINs.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Over%20800%20Android%20Apps%20Targeted%20in%20PIN-Stealing%20Trojan%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-android-malware-stealing-pin-overlay-attack%2F&pageViewId=c52f5bd8-82a9-4473-8e95-525d405858f2&an_uid=-1&webTagId=01192dc3-157f-4d5a-bea4-02f62692239e&ipv6=2a02%3Aed04%3A3581%3A2%3A%3Ae01f&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-50-131-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 21 Apr 2026 00:30:42 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 21 Apr 2026 00:30:42 GMT
content-type: image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuidj

Domain: www.techrepublic.com
URL: blob:https://www.techrepublic.com/bb54d2b1-1a39-4ac5-acb9-aada557fcfa0

Domain: invalid
URL: chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

113 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.techrepublic.com/	1970-01-21 22:17:47	Name: cf_clearance Value: ypssTdsUfDHOFGNIvzCACaM4EW2KNbq_oFA27LAq1Is-1776731434-1.2.1.1-vI0GJCSCMmK9sT8XDOwghDGMxcvW9XmqVliycc9TqSXkvgpd1YMz4D2g_0oXSmxTeTBrHEWZuuV37xtwujyAtSOH3_RUMt9J.iCeoDjGwExmpW930DvzgM9SrKJ96mgQcAH5dtNYwErS6TUstTNq0qBnaGeYvvhEQ0B8M6pq0zvhH83HGwJJkMbJmbL27zuFzs1Zqvj6x4Sgeg.UeoA.aVptUd4YUg4Mf_fUAfDGnovSyaNdv_2RmVNEP5.2Yam.YozpLs.onU0eLx7sOMml5l5vihVpHL87we3xaVjuX_1p1Yho6cx1fElWzyDNRg02MqRCfKto3G6z8caQvp0CdA
.techrepublic.com/	1970-01-21 15:41:47	Name: _rdt_uuid Value: 1776731434429.35f42031-a605-493f-ade6-072e292ca8d0
tags.srv.stackadapt.com/	1970-01-21 22:17:47	Name: sa-user-id Value: s%3A0-1a04b9d8-aac2-567a-6be4-a656ef790cd9.3oaGciNVByzIFgdlURwKzBXAsvPrPltz4WMAPbTZF1c
.srv.stackadapt.com/	1970-01-21 22:17:47	Name: sa-user-id Value: s%3A0-1a04b9d8-aac2-567a-6be4-a656ef790cd9.3oaGciNVByzIFgdlURwKzBXAsvPrPltz4WMAPbTZF1c
tags.srv.stackadapt.com/	1970-01-21 22:17:47	Name: sa-user-id-v2 Value: s%3AGgS52KrCVnpr5KZW73kM2cGKB6o.B2wMSsdoKHSnAGi3tVEVH%2F%2BEOi3PuBi9dVKFZgg3udI
.srv.stackadapt.com/	1970-01-21 22:17:47	Name: sa-user-id-v2 Value: s%3AGgS52KrCVnpr5KZW73kM2cGKB6o.B2wMSsdoKHSnAGi3tVEVH%2F%2BEOi3PuBi9dVKFZgg3udI
tags.srv.stackadapt.com/	1970-01-21 22:17:47	Name: sa-user-id-v3 Value: s%3AAQAKIAdQVXiq_1COnXd1xUvKXnpkBL3zcejcAYHsz-A8zHvgEAEYAyCqipvPBjABOgTfv5tpQgS4YE4s.T6LN5uraCLAkhoGiaFuy2N0Mnvfm1EaCjHoYlA%2FF8ok
.srv.stackadapt.com/	1970-01-21 22:17:47	Name: sa-user-id-v3 Value: s%3AAQAKIAdQVXiq_1COnXd1xUvKXnpkBL3zcejcAYHsz-A8zHvgEAEYAyCqipvPBjABOgTfv5tpQgS4YE4s.T6LN5uraCLAkhoGiaFuy2N0Mnvfm1EaCjHoYlA%2FF8ok
www.techrepublic.com/	1970-01-21 22:17:47	Name: sa-user-id Value: s%253A0-1a04b9d8-aac2-567a-6be4-a656ef790cd9.3oaGciNVByzIFgdlURwKzBXAsvPrPltz4WMAPbTZF1c
www.techrepublic.com/	1970-01-21 22:17:47	Name: sa-user-id-v2 Value: s%253AGgS52KrCVnpr5KZW73kM2cGKB6o.B2wMSsdoKHSnAGi3tVEVH%252F%252BEOi3PuBi9dVKFZgg3udI
www.techrepublic.com/	1970-01-21 22:17:47	Name: sa-user-id-v3 Value: s%253AAQAKIAdQVXiq_1COnXd1xUvKXnpkBL3zcejcAYHsz-A8zHvgEAEYAyCqipvPBjABOgTfv5tpQgS4YE4s.T6LN5uraCLAkhoGiaFuy2N0Mnvfm1EaCjHoYlA%252FF8ok
www.techrepublic.com/	1970-01-21 22:17:47	Name: sa-user-id-v4 Value: s%253A.o6W7wkJsHSTU4%252BLlDruZ%252FwNjVcUZZMvakQpSatDoAgo
www.techrepublic.com/	1970-01-21 13:42:16	Name: _an_uid Value: -1
www.techrepublic.com/	1970-01-21 23:08:11	Name: _gd_visitor Value: c4dbcd77-f6a5-4136-8265-6106ef46f5b5
www.techrepublic.com/	1970-01-21 13:32:25	Name: _gd_session Value: 12ca50cb-967e-46d0-8eb4-3091779bf656
.techrepublic.com/	1970-01-21 15:41:47	Name: _fbp Value: fb.1.1776731434824.77972536156354380
.6sc.co/	1970-01-21 23:08:11	Name: 6suuid Value: 8aa2371735e639002ac5e669220300004b7e3100
.www.techrepublic.com/	1970-01-21 22:53:47	Name: usprivacy Value: 1---
www.techrepublic.com/	1970-01-21 23:08:11	Name: _gd_svisitor Value: 8aa2371735e639002ac5e669220300004b7e3100
.technologyadvice.com/	1970-01-21 22:17:51	Name: ta-vid Value: 6e39a614-367d-4c3a-bc1a-ce8dbebea49b
.www.techrepublic.com/	1970-01-21 22:17:47	Name: _zitok Value: 949cca16cb8085a219ce1776731435
.techrepublic.com/	1970-01-21 15:43:35	Name: _cq_duid Value: 1.1776731435.uRyyPX0qHXHqgONb
.techrepublic.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1776731435.FUs1OO8Q3qn084Tr
.techrepublic.com/	1970-01-21 23:08:11	Name: _cq_session Value: 1.1776731435971.SCcIbFwgBskMlZnX.1776731435971
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: r4pM_drnY9IHnMX_w7yPeeFoAqbRKTmZ8e4nAdJYOOk-1776731436.0015783-1.0.1.1-fBeEIDeHEdz6QRuTlK8LdrYDNy5jhpCxlzOU9hjIBpk
obs.forseasky.com/	1970-01-21 21:36:01	Name: cg_uuid Value: 92ace6d53b0b883d7e848ea34974fb58
.doubleclick.net/	1970-01-21 13:32:12	Name: test_cookie Value: CheckForPermission
www.techrepublic.com/	1970-01-21 13:32:13	Name: sailthru_pageviews Value: 1
.techrepublic.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .techrepublic.com
.techrepublic.com/	1970-01-21 23:08:11	Name: _lc2_fpi Value: 4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev
.techrepublic.com/	1969-12-31 23:59:59	Name: _lc2_fpi_js Value: 4b73aa2591fd--01kppq4edn69wqnhbw57zfjsev
.liadm.com/	1970-01-21 23:08:11	Name: lidid Value: f04bedbd-170f-480a-aa7b-e3cbc3b2d67d
www.techrepublic.com/	1970-01-21 22:17:47	Name: sailthru_content Value: 8ba4c500b5ac229524fc7b05497732f8
www.techrepublic.com/	1970-01-21 22:17:47	Name: sailthru_visitor Value: 037ebbd0-bc3d-4f11-9f1b-462850058b14

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/ Message: [GroupMarkerNotSet(crbug.com/242999)!:3ABC0BD070A0]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
javascript	error	URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/ Message: Access to XMLHttpRequest at 'https://secure.adnxs.com/getuidj' from origin 'https://www.techrepublic.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.adnxs.com/getuidj Message: Failed to load resource: net::ERR_FAILED
rendering	warning	URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/ Message: [GroupMarkerNotSet(crbug.com/242999)!:3ABC0BD040A0]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
network	error	URL: chrome-extension://invalid/ Message: Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
worker	warning	URL: https://www.techrepublic.com/article/news-android-malware-stealing-pin-overlay-attack/ Message: [GroupMarkerNotSet(crbug.com/242999)!:3ABC0BD070A0]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.quora.com
ak.sail-horizon.com
alb.reddit.com
aorta.clickagy.com
api.cmp.inmobi.com
api.sail-personalize.com
assets.techrepublic.com
b.6sc.co
bat.bing.com
bat.bing.net
c.6sc.co
cmp.inmobi.com
connect.facebook.net
d-code.liadm.com
epsilon.6sense.com
googleads.g.doubleclick.net
hemsync.clickagy.com
idx.liadm.com
insight.adsrvr.org
invalid
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.zi-scripts.com
match.adsrvr.org
ngt-api-v2.technologyadvice.com
ob.forseasky.com
obs.forseasky.com
pagead2.googlesyndication.com
pixel-config.reddit.com
pixel.ngtrack.relay.cool
q.quora.com
rp.liadm.com
rp4.liadm.com
rules.quantcount.com
schedule.zoominfo.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
tags.clickagy.com
tags.srv.stackadapt.com
traction.technologyadvice.com
visit-server.inmobi-choice.io
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.google.com
www.google.fi
www.googleadservices.com
www.googletagmanager.com
www.redditstatic.com
www.techrepublic.com
invalid
secure.adnxs.com
www.techrepublic.com
104.16.117.43
104.16.118.43
104.18.37.212
13.248.160.219
142.250.154.155
142.251.110.156
142.251.127.154
142.251.14.156
142.251.157.119
142.251.20.97
15.197.193.217
151.101.129.140
157.240.0.35
157.240.0.6
162.159.152.17
162.159.153.247
18.172.112.126
18.172.112.61
18.194.46.132
18.198.90.178
18.66.112.45
23.50.131.146
23.55.163.138
2600:1f18:730:b120:8e6c:887b:2bd8:852f
2600:1f18:e8a:cd00:e7aa:3ac6:9899:87c4
2600:9000:2013:7400:1c:2afd:fb00:93a1
2600:9000:208a:f000:13:4898:69c0:93a1
2600:9000:223c:2000:6:44e3:f8c0:93a1
2600:9000:2251:5800:18:7586:ce00:93a1
2600:9000:2644:1a00:1e:a1ed:6400:93a1
2600:9000:275b:2c00:1b:cadc:ef40:93a1
2600:9000:2761:9000:4:8491:f2c0:93a1
2606:4700:20::681a:26f
2606:4700:20::ac43:4a13
2620:116:800d:21:b314:a0ef:ab7c:d546
2620:1ec:33:1::10
2620:1ec:33::10
2a00:1450:4001:c0f::5e
2a00:1450:4001:c0f::61
2a02:26f0:480:23::1726:62a7
2a04:4e42:200::396
2a04:4e42:400::396
3.208.130.193
3.220.93.70
3.33.220.150
34.236.2.203
44.207.218.96
44.215.230.32
99.83.154.140
99.83.231.3
0085e5ab573d43511563b001ad6a06c7e32ecae8257895e8c6a890ae9b86de24
00cd519defdbc1ddeba378c2b76b4b626bce37f66fbf6ffce2f088a08efa21c3
02fd8ca8c6199da3fda3c3298e2449049573156c9cc40e5301a24bc00c481a08
04755d9e4839e486e18240aa4f1a238890ea2962611c85e54b4dca5a50cf9c6a
0622e3fde788e8f4938993664ebe05946ff8085c891eb94415561c784f62876d
0aaff7b7646e8d6561ae6ad6d2b074c7b4d04f0e3a779a03c8d2af294a4ae2fd
15a3dc247a9802298e21568c4d7d501a6236c246e9a2257177799a5400844740
164f62b37fb48fd6da1e7ed0663cc5ef7b52ea1bbdbad412299a581b516ebc65
194e01cf067c997ffbefbd2d009d5c9d673afdbeefaa2f0e558d7dfe032db20c
1b0b25af806cb91abd1ad6a4a4f3aec52912a07e2eb7bc7e2894e147415ed657
1bc4fd06422d89bbedbf19a9762538f035f2ae744a656dd5664cecf36520e2b4
1d3e8990254a6cde3934fc7bffd3bec73c39468565b2b0a95b23fb6ab30d67ff
1f5d726220c5548a8299ad33abaca06c411b6c3aab5ef04f6198be2e5af5d6c2
2538590b87a5eb44bb27a7a5039451a5606d80c587cb361de40ed4193c9a552f
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
262bb85893fe3089dd66b01dc7a13e3ef04ac7c98f7ba4009a47fd6d01f70b71
27096be45a7df72be876e557b2ef25deebff750400b48eeb66d07fad50af2237
2c43a6ffd64d600f668296e33a1b91c8ad24d71c17691f088e377a6ed6f9701a
2e4e8abe8957ae6bdefeea9ae3c038c9dd219147cde3f5b5b6e4483f3faf10ba
33a5df8c05e4e5a58d267c82b7d213e1e7819f8aa5c4902aea0f9e1e8557ece8
349e79fc9efd2cbb4d70d6a1f44d77b013e56aef3a9580c9ce34d58975dd902f
3604812dbf7c5d6a35b490f22140c1bcb4f274f8325b05d342e1def7b4972224
4018c71a4e0dd8425ec8d2b5efc5a7f101e65cb4edd82dd8d1d2f739bea91d4c
4d9f3bbb614c8a48a34b16a784e109ad89d051cca39aa476ff40acd1d8044608
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50492dfbeed3de4a8b6c8d8ef3d7dfd3b391b92b5b3ae0baee8d6ce1905b047c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57e25351698008c152def2252df991ef9ea533a9ae65349a4373c566f10cdb20
5a8ed7422b37d5f19879afb2e0397f7e73503753db03454d932439d29717f201
5e84342b84b96b2570c7fb0a39483f96d4262e8c9d98436e1aa2aa813ca9f01b
69de8b31da3aaa093c9dd9769287f9b8a4abfa269ceb3e146efb705d8ac36f0a
6decbd9fecae78851b7c01c9c59b2b0b5d8e743f5583eb4d04c442b4798465af
6f507ff63d2d8ce4e30a1b4aa2e5e63412ec162bbefb5f965b4b7977bd3bd171
72da494867e9515e8ee693bd8a10d32a6c6b0dc6aaff0279cbeb312b01a0e754
7456bb2727dfda34b2f98d3db99e7b7cf3f85bfee88decbed6c7a0abc055a02b
746b0e6ae54037034aab84971823462b1795d8d55104d2d4a79f3f15f6a89d3a
7540a8bfcb1646c28958186c7d83e858225b4864a8bac099866749b718d8e961
75534697de4704806bc35430ff4f3aa6e44a440ed57baf1a7c5172467b57bad3
780fc58e32776194c184f4c861b9abd4cdc1d8481354a9381267d8e58bb340df
794966f3f58a1394a1f4874f1082f1f48ba519a90771d4cf321831d4c10f67ed
7a444cf388a2ef2a53ecf19cbca8043d8327b3d16c6cdb4a00dca61efd6350d2
83bb09b0175b25d81f46ebb4a0f9e1d45504d9073d8209db0dd5e186c9040303
850e8662c3adb0c54c9db0288609f693ecdabec9c7da696e72f1abdc4fa423af
855230e1321917153b6859521e1ccfab0dce7497f88645e73d7e6db9c4bbe3b1
856d9f8af130794593655be2c4698e9229b3e0509a088233ce4be91449712018
86a174c37c093e48e3576e3e7b376e7be5f6a9fbc3b0a8d904904610153a1c43
8733601294e091acb9761da4937f16764b18e54a3448d2ee0e72287ef14bce3d
885f2834b2bbeac26211719030ffabacce6389829e53e8fc95e7d9d43c4920e5
9043f7871e3e83306814ab6059d5d09b29ab1ba497dd19160bea23805f531f08
91c20c70d36b608cf919e894b0ac9e32298d6b3ac3ca59c45a85e7c44161d170
930b4fca002c49ac4061a5e2d9f778c922317bf1d9828b2befbf373e63e3800b
9355443525e8821e920dca71c8b88120b9086d405f1e75bad670a868d909465a
94a7b5450a5d960c2cb5a21517a01b638a3911384ffe0be8b74ed66b029e9fe3
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
9811cf31d0fb7733c8df0db2400e313bb8695ffe29d2c4cab645067f2347914d
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9d2f37f25094a3b818b36ed3c8aace0b0abe770f54f512349c3bfdca71509c3e
9e7fe0edbc32bbda00bdef6dc0241bc78277a37d4ceeab5991c64d11915746b9
a03ff3c5e90f8a490583e6234244a83fe547ed8e37da298c9014b35f467f3cc4
a1a7e2097976f3136aa5bb366bd1ddad5ea9155180ad1ff1395134c8207ce5f9
a3b9afdd92edf30d72dd52262c76b75781740b1cb885772194a47529eb1052df
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b18c4a1b228e07a07ed18ddf7b7b697f6e956b6e37ec9a0637ff90fbdd2c92f1
b1e55296ac5008ee9da085011e84164dd5889f5c5ecc71f01a166f376d79b9cd
b4b3224b47cf1a01124a946f59e93e49468741accb3729419d0c8dff1a2ebae0
b5d087da3a9f6a160df9b1f3d39dead9695a93fbcf2978d49285a745c539cab4
b68beca8f71220e0fb8f9eeb42b9084041b526f292d491510c95b7455acfe36f
c492ba8669f9c264c2a5cbe5f2d8c69036c82f167b0fe3dd3902ab7b84689685
c664e2b2ae4ed326da469a049bd05693505f90f3a09b7e31c98e4815830a0eee
c952f1bf8495c4ad385081a5b48eace81ef49b67bcb280d80bcb1196a013bd32
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ceb9866597325d65c2f7a0e075bb91a2c5df5ae578a6ce6132ed8b4670b49c72
d1bae83c970a1937466b17bc239591f5f94afea943454ba03188cd1c70cb92dc
d2a2f4e30e0dfc471b96be769a867673261bc12e96f79b117d04f6b17448279c
d5ff4d35d405d734c57c020a0e012cfb805b54475516e27cf2660137a54830f3
d8a93d054b8ad0ec1343898462d446cbbbdb742b85f2eeb743c7bf543e19742a
da523fb26b27306ffefcb80641e922c543bf69ff74091aba6a7bd0ccca7a9d9b
dab57fd1fa79022a4fc26533b9c0d5d2f59ae80d86a2a0d72ca53639b2f633c3
db33c3f8c0fdeccb17edfe988dca685b714c7b5b354b83a57bbfa8fa31e6624f
dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e268b163247d09b6ebcb1cd3d10706956ef3398e0c055269df9697dfcfcb6ccb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52edee8baf9c6b89fabaaf4fd2f0eeb717b1fd707d5a4c31214ae75240fa349
ed16cb30483f1430551662281772315350f958538c5f6fecd967889b064cb800
eebefd95a54988b1c131330ff7eb7528c87f2ce42fb0e38b224f8c39f3c3dc51
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f05897bbb47bf6243c7958283257df723d6cd2e5826c6f8ac10da6e9d9c3d7fc
f0c988a75f18d9d2fe4db5273f1843153ee09bea99b93d502e5404c0219bc56f
f1610a6c5ebe3300253823fb7aa3b879441da6ee53a7d43e3748adf7b71cfb5d
f2a77f3f4986b43e107b855e7a823d0d413f21a129f0fd6f956b7260dd679209
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
f49492fd5a577d8fd1c7a531650b79c5f79e1ef189d17cad2225962693f3d76d
f5c282c3872dd67c84445707dccded91dbdbd1eeeb9818b194c596fdd342b005
f5f4371911536f2ff28896f1e60b6edf1a1754852633a6de7006927399501375
f63b0c60c778f3b13cce838210ec9a1e5d6e9a046bd827312113f1b9409336b4
faaa51f9b9310e729b3d869976e00dcba823b7d1ae9b8dbdd8d13cc4486a24a1
ffe02d385f0f12f64ec9a59a27e852b65eb77188de35840cdfd68161cc2f9d61

www.techrepublic.com 2606:4700:20::681a:26f Public Scan Open in urlscan Pro

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

169 Requests

95 %HTTPS

38 %IPv6

33 Domains

52 Subdomains

47 IPs

4 Countries

2587 kBTransfer

10173 kBSize

34 Cookies

18 Outgoing links

Redirected requests

169 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.techrepublic.com
2606:4700:20::681a:26f Public Scan Open in urlscan Pro

Screenshot
Live screenshot

Full Image

169
Requests

95 %
HTTPS

38 %
IPv6

33
Domains

52
Subdomains

47
IPs

4
Countries

2587 kB
Transfer

10173 kB
Size

34
Cookies

169 HTTP transactions
3 data transactions