www.getinfosec.news Open in urlscan Pro
172.67.138.119 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Submission: On October 04 via api (October 4th 2021, 5:18:20 am UTC) from GB — Scanned from DE

Summary HTTP 49 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 25 IPs in 4 countries across 22 domains to perform 49 HTTP transactions. The main IP is 172.67.138.119, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.getinfosec.news.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2021. Valid for: a year.

This is the only time www.getinfosec.news was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	172.67.138.119 172.67.138.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.23.106 172.217.23.106	15169 (GOOGLE) (GOOGLE)
1	104.16.18.94 104.16.18.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.86.20 104.16.86.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
3	13.225.87.15 13.225.87.15	16509 (AMAZON-02) (AMAZON-02)
1	104.16.124.175 104.16.124.175	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.186.142 142.250.186.142	15169 (GOOGLE) (GOOGLE)
1	173.194.76.155 173.194.76.155	15169 (GOOGLE) (GOOGLE)
3	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
1	52.95.134.210 52.95.134.210	16509 (AMAZON-02) (AMAZON-02)
4	172.66.40.238 172.66.40.238	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
3	195.181.175.45 195.181.175.45	60068 (CDN77 ^_^) (CDN77 ^_^)
2	151.101.128.176 151.101.128.176	54113 (FASTLY) (FASTLY)
1	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
1	34.215.192.98 34.215.192.98	16509 (AMAZON-02) (AMAZON-02)
1	87.248.118.22 87.248.118.22	203220 (YAHOO-DEB) (YAHOO-DEB)
1	13.225.87.112 13.225.87.112	16509 (AMAZON-02) (AMAZON-02)
2	151.101.114.208 151.101.114.208	54113 (FASTLY) (FASTLY)
1	151.101.114.109 151.101.114.109	54113 (FASTLY) (FASTLY)
1	23.185.0.3 23.185.0.3	54113 (FASTLY) (FASTLY)
1	199.60.103.30 199.60.103.30	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	104.21.59.72 104.21.59.72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
49	25

10 172.67.138.119 (United States)

ASN13335 (CLOUDFLARENET, US)

www.getinfosec.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.106 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.86.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.87.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-15.fra2.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.124.175 (None, )

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.76.155 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.95.134.210 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ap-southeast-2.amazonaws.com

newsyapp.s3.ap-southeast-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.66.40.238 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.iconfinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.181.175.45 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: frankfurt-44.cdn77.com

img.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.128.176 (United States)

ASN54113 (FASTLY, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.215.192.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-192-98.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.118.22 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
PTR: e1.ycpi.vip.deb.yahoo.com

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-112.fra2.r.cloudfront.net

www.thesun.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.208 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

images.unsplash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.185.0.3 (United States)

ASN54113 (FASTLY, US)

www.clearswift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.60.103.30 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.secureworld.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.59.72 (None, )

ASN13335 (CLOUDFLARENET, US)

twt-thumbs.washtimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	getinfosec.news www.getinfosec.news	525 KB
5	stripe.com js.stripe.com q.stripe.com m.stripe.com	71 KB
4	iconfinder.com cdn2.iconfinder.com	20 KB
3	icons8.com img.icons8.com	7 KB
3	gstatic.com fonts.gstatic.com	68 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	unsplash.com images.unsplash.com	704 KB
2	stripe.network m.stripe.network	87 KB
2	wp.com i1.wp.com	68 KB
2	googletagmanager.com www.googletagmanager.com	77 KB
1	washtimes.com twt-thumbs.washtimes.com	109 KB
1	secureworld.io www.secureworld.io	21 KB
1	clearswift.com www.clearswift.com
1	vimeocdn.com i.vimeocdn.com	1 KB
1	thesun.co.uk www.thesun.co.uk	775 KB
1	yimg.com s.yimg.com	27 KB
1	amazonaws.com newsyapp.s3.ap-southeast-2.amazonaws.com	103 KB
1	doubleclick.net stats.g.doubleclick.net	463 B
1	unpkg.com unpkg.com	2 KB
1	jsdelivr.net cdn.jsdelivr.net	32 KB
1	cloudflare.com cdnjs.cloudflare.com	16 KB
1	googleapis.com fonts.googleapis.com	1 KB
49	22

	Domain	Requested by
10	www.getinfosec.news	www.getinfosec.news
4	cdn2.iconfinder.com	www.getinfosec.news
3	img.icons8.com	www.getinfosec.news
3	fonts.gstatic.com	fonts.googleapis.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	js.stripe.com	www.getinfosec.news js.stripe.com
2	images.unsplash.com	www.getinfosec.news
2	m.stripe.network	js.stripe.com m.stripe.network
2	i1.wp.com	www.getinfosec.news
2	www.googletagmanager.com	www.getinfosec.news www.googletagmanager.com
1	twt-thumbs.washtimes.com	www.getinfosec.news
1	www.secureworld.io	www.getinfosec.news
1	www.clearswift.com	www.getinfosec.news
1	i.vimeocdn.com	www.getinfosec.news
1	www.thesun.co.uk	www.getinfosec.news
1	s.yimg.com	www.getinfosec.news
1	m.stripe.com	m.stripe.network
1	q.stripe.com	www.getinfosec.news
1	newsyapp.s3.ap-southeast-2.amazonaws.com	www.getinfosec.news
1	stats.g.doubleclick.net	www.google-analytics.com
1	unpkg.com	www.getinfosec.news
1	cdn.jsdelivr.net	www.getinfosec.news
1	cdnjs.cloudflare.com	www.getinfosec.news
1	fonts.googleapis.com	www.getinfosec.news
49	24

This site contains links to these domains. Also see Links.

Domain
www.buymeacoffee.com
www.linkedin.com
www.facebook.com
twitter.com
securityaffairs.co
www.proofpoint.com
i1.wp.com
yoroi.company
www.washyourhands.xyz
locofootball.com
impactosocial.co
www.winks.app
getinfosecnews.blogspot.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-06` - `2022-07-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2021-07-09` - `2021-11-03`	4 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.s3-ap-southeast-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.icons8.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-13` - `2022-05-13`	2 years	crt.sh
*.stripe.com DigiCert SHA2 Secure Server CA	`2021-09-08` - `2022-09-07`	a year	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2021-11-03`	4 months	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-09-06` - `2021-10-27`	2 months	crt.sh
*.nukcdn.com Amazon	`2021-05-17` - `2022-06-15`	a year	crt.sh
*.camp-fire.jp GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-20` - `2022-06-21`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-18` - `2022-06-19`	a year	crt.sh
clearswift.co.jp R3	`2021-09-15` - `2021-12-14`	3 months	crt.sh
www.secureworld.io Cloudflare Inc ECC CA-3	`2021-07-17` - `2022-07-16`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Frame ID: 890013599201DACF39638DC084DB7DF5
Requests: 42 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html
Frame ID: BEB512FAB0718E35D1D018AC4CFCAB37
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 012060A9A26B4320C7132EDEBFFF28D8
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TA544 group behind a spike in Ursnif malware campaigns targeting Italy ⋅ Cyber Security News

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

49
Requests

98 %
HTTPS

0 %
IPv6

22
Domains

24
Subdomains

25
IPs

4
Countries

2734 kB
Transfer

4671 kB
Size

13
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.buymeacoffee.com/getinfosec
Title: Buy me a coffee

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy&title=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy&summary=Proofpoint%20researchers%20reported%20that%20TA544%20threat%20actors%20are%20behind%20a%20new%20Ursnif%20campaign%20that%20is%20targeting%20Italian%20organizations.%20%20Proofpoint%20res&source=https://www.getinfosec.news

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=645057395962262&display=popup&href=https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy&url=https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/115245/cyber-crime/ursnif-targets-italian-banks.html
Title: Ursnif

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Title: TA544

Search URL Search Domain Scan URL

URL: https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?ssl=1

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/security-briefs/ta544-targets-italian-organizations-ursnif-malware
Title: analysis

Search URL Search Domain Scan URL

URL: https://twitter.com/luigi_martire94
Title: Luigi Martire

Search URL Search Domain Scan URL

URL: https://yoroi.company/research/ursnif-long-live-the-steganography/
Title: more complex attack chain

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://securityaffairs.co/wordpress/
Title: SecurityAffairs

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Title: TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress
Title: Security Affairs

Search URL Search Domain Scan URL

URL: http://www.washyourhands.xyz/9781516/global-industry-analysts-predicts-the-world-hand-wash-market-to-reach-98-million-by-2026
Title: Global Industry Analysts Predicts the World Hand Wash Market to Reach $9.8 Million by 2026

Search URL Search Domain Scan URL

URL: https://locofootball.com/7591289/watch-emotional-moment-lionel-messi-is-reunited-with-wife-antonela-after-returning-from-copa-america-2021
Title: Watch emotional moment Lionel Messi is reunited with wife Antonela after returning from Copa America 2021

Search URL Search Domain Scan URL

URL: https://impactosocial.co/7197360/mercado-global-de-adhesivos-de-bajo-impacto-amigables-con-la-piel-un-vistazo-a-las-oportunidades-futuras-en-todo-el-mundo-3m-scapa-healthcare-le-mans-vinoturismoriojacom
Title: Mercado global de adhesivos de bajo impacto / amigables con la piel: un vistazo a las oportunidades futuras en todo el mundo | 3M, Scapa Healthcare, Le Mans - Vinoturismorioja.com

Search URL Search Domain Scan URL

URL: https://impactosocial.co/4905946/santander-argentina-destino-173-millones-para-inversion-social-ambitocom
Title: Santander Argentina destinó $173 millones para inversión social - ámbito.com

Search URL Search Domain Scan URL

URL: http://www.winks.app/7069210/taking-patient-advocacy-for-cancer-clinical-trials-to-a-new-level
Title: Taking Patient Advocacy for Cancer Clinical Trials to a New Level

Search URL Search Domain Scan URL

URL: https://twitter.com/GetinfosecN

Search URL Search Domain Scan URL

URL: https://getinfosecnews.blogspot.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy Show response
www.getinfosec.news/10079328/ 94 KB
25 KB 959ms
910ms Document
text/html 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fd14700d478f11f6a26f6af7dd60d06180344974226fd7f58578d31d1d63f2a

Request headers

:method: GET
:authority: www.getinfosec.news
:scheme: https
:path: /10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 04 Oct 2021 05:18:13 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; expires=Mon, 04-Oct-2021 07:18:13 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D; expires=Mon, 04-Oct-2021 07:18:13 GMT; Max-Age=7200; path=/; httponly
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHDB%2Bh3O4joc99sn4q%2FBIMk8RDRyHhr8uZnXYUvA2sKR5edBXqoWF6g%2BfHSZwCiWiGNoHGnplohHI70Xx7hOqNLVTbsPv34eZj0AfpjwbQ8ZFELhZW5i%2B2koR%2BDphPh7a2MAj0VG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 698bf2c1fe91408f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 57ms
22ms Stylesheet
text/css 172.217.23.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f10.1e100.net

Software

ESF /

Resource Hash

30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:08:35 GMT
server: ESF
date: Mon, 04 Oct 2021 05:18:13 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Mon, 04 Oct 2021 05:18:13 GMT

GET
H2 200 app.css
www.getinfosec.news/css/site/ 69 KB
11 KB 174ms
172ms Stylesheet
text/css 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/css/site/app.css
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80e4a6df511aabcfa44f256c549e278654914ed7ccec2dfda39c6f200ec2934c

Request headers

:path: /css/site/app.css
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:13 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 01 Oct 2021 12:29:11 GMT
server: cloudflare
etag: W/"112e3-5cd49b5e513fe-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmumew3T2gN9QnqBuNRTJa8EUlnH4IDPsDaqPZak6RTR8EAwErCZneRKmIOG3XE84d%2BWVJ8YE1wOncrSWkv%2BwGItZuWu6e8HHGggvKdt%2Fb2D6iMRkoQlWXC6qFuGcJPDVENMsWTQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf2c7c9eb408f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 arlo.css
www.getinfosec.news/css/site/ 11 KB
2 KB 168ms
166ms Stylesheet
text/css 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/css/site/arlo.css
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6fda8f8cdeeaa0e5f548b20df29aa7411032f0a9e438910f54d6bfbcaa4539d

Request headers

:path: /css/site/arlo.css
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:13 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 12 Sep 2021 18:58:07 GMT
server: cloudflare
etag: W/"2b72-5cbd0edd83cde-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u9cNCCa2YVwG4XUNRAqzhV%2F54W3tUPNyDD6hAPLEzmhlv%2F6%2FQqlHuLfUr5SiaWmTUdxsjUIIOtDU31h2QXSzS9Kdjst33nDIEwm5qvHZHvul7oWjvgsZeQW%2BXboCUdjaIHug3Is%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf2c7c9ec408f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 moment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/ 52 KB
16 KB 40ms
16ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment.min.js

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 395215
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15508
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f26-d04c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6PWkguE1jumYessCzPb0NT96Ynm6DpK2toES05DPIZ6i3qccS9q3tBqpi9OGgGBVi8yMCgfUwQyGZmTwqHxEfGMb8jkf7PLiRnxAUoy5C2J9t7fkFhS2oBJ%2FZiT3NLIVXaU8krk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 698bf2c7fa08c4c2-DUS
expires: Sat, 24 Sep 2022 05:18:13 GMT

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.6.0/dist/ 87 KB
32 KB 45ms
21ms Script
application/javascript 104.16.86.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.86.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2122121
x-jsd-version: 3.6.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19175-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"15d9d-uC0jjU4x/fYYuuisEabIEsA90NQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 698bf2c7f9e82181-DUS

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
39 KB 90ms
35ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-166935235-1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

565bd7299e63203608ef9945b413d7f8cdec8a7c2ea1bbb153d9edd22f47578f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38922
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Oct 2021 05:18:14 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 258 KB
68 KB 743ms
694ms Script
application/javascript 13.225.87.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-15.fra2.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

37d6a9699305d6caf6db3c009200c10270e355aa6dba482f7f3197e22af3ff64

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-amz-request-id: M0XZZ62A7A9KXT3R
x-cache: Miss from cloudfront
x-edge-origin-shield-skipped: 0
x-amz-id-2: gqbDyislh3l1RS2O5HHjlvmC5VwfQJ6zQIeKJnT4btUistyomdmc5YBDfRpy/pHFveooNlJG8rM=
access-control-allow-origin: *
last-modified: Thu, 30 Sep 2021 23:06:04 GMT
server: AmazonS3
etag: W/"00424e331eee70d972b18ccf90b828f2"
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
cache-control: max-age=60
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: N0am_BE26ff14ClVyO9_8gSSGUCqYljT57sbfy9i32Iads0nVPuwmg==

GET
H2 200 vue-multiselect.min.css
unpkg.com/vue-multiselect@2.1.0/dist/ 7 KB
2 KB 48ms
18ms Stylesheet
text/css 104.16.124.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/vue-multiselect@2.1.0/dist/vue-multiselect.min.css

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.124.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddffc1fb5857d5643c0113e624d013e677a00538184616877dbce212abbbfc41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14194595
fly-request-id: 01F3XTS4RDDS19112YX61ZYS9R
content-encoding: br
vary: Accept-Encoding
last-modified: Sun, 18 Mar 2018 17:24:25 GMT
server: cloudflare
etag: W/"1c46-REXhA/xTGnqKrQ6n7ISPoCcwNxc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 698bf2c85904c4ae-DUS

GET
H3 200 app.js Show response
www.getinfosec.news/js/site/content/ 2 MB
454 KB 442ms
442ms Script
application/javascript 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/js/site/content/app.js
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 326f8198ae844997832b6357f9d20f822311b28679d25988925b686528c700a5

Request headers

:path: /js/site/content/app.js
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:14 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 01 Oct 2021 12:29:11 GMT
server: cloudflare
etag: W/"1b1b1e-5cd49b5e5815e-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6BjFWlywOPVfNWQNtQSSdYOT41w5J5s2v3GBF%2B94oio%2FhSAPXCYcM5%2FYPkqRG5XB1ikToSw0j11dSFfqY04Mq%2BazX8S%2FzBYsZFyPuc4HA23xDFCJVBfjowy1Bp0loGNjxxd1550l"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf2c8298965f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 73ms
46ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153426991-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-166935235-1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6249a71fc280a0b1d93bbb07ffa5169a9e4bb07539d6025d158452eb9a828f73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38932
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Oct 2021 05:18:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 81ms
24ms Script
text/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153426991-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 4628
date: Mon, 04 Oct 2021 04:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Mon, 04 Oct 2021 06:01:06 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 57ms
28ms XHR
text/plain 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1194630318&t=pageview&_s=1&dl=https%3A%2F%2Fwww.getinfosec.news%2F10079328%2Fta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy&ul=en-us&de=UTF-8&dt=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy%20%E2%8B%85%20Cyber%20Security%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1791352024&gjid=950253866&cid=1372009611.1633324695&tid=UA-153426991-1&_gid=1104024021.1633324695&_r=1&gtm=2ou9r0&z=76881137

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getinfosec.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.getinfosec.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 52ms
29ms XHR
text/plain 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1194630318&t=pageview&_s=1&dl=https%3A%2F%2Fwww.getinfosec.news%2F10079328%2Fta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy&ul=en-us&de=UTF-8&dt=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy%20%E2%8B%85%20Cyber%20Security%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=1890165408&gjid=508378207&cid=1372009611.1633324695&tid=UA-166935235-1&_gid=1104024021.1633324695&_r=1&gtm=2ou9r0&z=378021552

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getinfosec.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.getinfosec.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
463 B 63ms
20ms XHR
text/plain 173.194.76.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-166935235-1&cid=1372009611.1633324695&jid=1890165408&gjid=508378207&_gid=1104024021.1633324695&_u=YEDAAUABAAAAAC~&z=1972248374

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getinfosec.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 04 Oct 2021 05:18:14 GMT
content-type: text/plain
access-control-allow-origin: https://www.getinfosec.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 78ms
23ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getinfosec.news
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:11:30 GMT
x-content-type-options: nosniff
age: 569205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Sep 2022 15:11:30 GMT

GET
H3 200 feather-sprite.svg
www.getinfosec.news/img/ 58 KB
12 KB 172ms
171ms Other
image/svg+xml 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/img/feather-sprite.svg
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc2604e4b0c63665fe5c730c319b560b47ef23b9dad0e6a6b5a9192a428afe17

Request headers

:path: /img/feather-sprite.svg
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D; _ga=GA1.2.1372009611.1633324695; _gid=GA1.2.1104024021.1633324695; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: same-origin
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Nov 2019 23:16:55 GMT
server: cloudflare
etag: W/"e76b-597e37e41ab90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbf4em42uu5zSSycyzTWicKLfWMHfnh%2BAYnypY7xVAvznYKUh67mSUFxKyidducXTHpTiznzE4Rb4YGNEwdcA2pa6muwamneRpy%2FRB1STD9DFhpoOd8ifgXc8k1GxQ2PXawdR5%2Fm"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf2d1593c65f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
22 KB 39ms
39ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getinfosec.news
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 07:34:56 GMT
x-content-type-options: nosniff
age: 596599
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:56 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Sep 2022 07:34:56 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 54ms
54ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getinfosec.news
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 08:57:05 GMT
x-content-type-options: nosniff
age: 418870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 08:57:05 GMT

GET
H/1.1 200
OK 441-skull-4751587-640-1591904604.png
newsyapp.s3.ap-southeast-2.amazonaws.com/production/ 103 KB
103 KB 1134ms
290ms Image
image/png 52.95.134.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://newsyapp.s3.ap-southeast-2.amazonaws.com/production/441-skull-4751587-640-1591904604.png
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.134.210 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 92ea613270d1df64f254b35b96044cff459dcd34a5b8767743626866479ce38a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:17 GMT
Last-Modified: Thu, 11 Jun 2020 19:43:26 GMT
Server: AmazonS3
x-amz-request-id: BXJA8XERCYS5VTEB
ETag: "ea218222cfcc904c8979f90acd80fdee"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 105541
x-amz-id-2: RfcTAsfcwZTPbYWqEReMsQINHzf5W/QxOtGDGVsiEPd43bwpTacdCwCbOkknbvvc90/2VY3seoM=

GET
H2 200 Jee-61-512.png
cdn2.iconfinder.com/data/icons/pinterest-ui/48/ 7 KB
8 KB 54ms
20ms Image
image/webp 172.66.40.238
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/pinterest-ui/48/Jee-61-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.238 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a2969a29378d4ee5f0771e46e3d9e663a06ccc2101d97033442184fd7327355

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 240907
cf-polished: origFmt=png, origSize=16248
content-disposition: inline; filename="Jee-61-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 7486
x-request-id: ba6f1f62-a6ee-428c-ac36-670bf0412eca
expires: Tue, 04 Oct 2022 05:18:15 GMT
last-modified: Fri, 01 Oct 2021 09:38:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf2d21a66219f-DUS
cf-bgj: imgq:100,h2pri

GET
H2 200 social_style_3_in-512.png
cdn2.iconfinder.com/data/icons/social-icon-3/512/ 4 KB
4 KB 56ms
22ms Image
image/webp 172.66.40.238
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/social-icon-3/512/social_style_3_in-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.238 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f76c3cf15fc3f9f7e8d4faa34bdc1df43d03c2009090db4e78542137768bb550

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 240907
cf-polished: origFmt=png, origSize=11037
content-disposition: inline; filename="social_style_3_in-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3598
x-request-id: bcccb9d4-da52-4765-a419-6916f3e9df08
expires: Tue, 04 Oct 2022 05:18:15 GMT
last-modified: Fri, 01 Oct 2021 09:38:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf2d21a60219f-DUS
cf-bgj: imgq:100,h2pri

GET
H2 200 social_style_3_facebook-512.png
cdn2.iconfinder.com/data/icons/social-icon-3/512/ 2 KB
3 KB 54ms
21ms Image
image/webp 172.66.40.238
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/social-icon-3/512/social_style_3_facebook-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.238 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ca19963383a46a2cc4c97af98af5d81bd6935eb816a6be6bb8a6c1c7dab8591

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 215405
cf-polished: origFmt=png, origSize=8003
content-disposition: inline; filename="social_style_3_facebook-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2418
x-request-id: b2d5fb5d-4d39-40d2-8377-0b2166fd905e
expires: Tue, 04 Oct 2022 05:18:15 GMT
last-modified: Fri, 01 Oct 2021 09:38:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf2d21a63219f-DUS
cf-bgj: imgq:100,h2pri

GET
H2 200 social_style_3_twiter-512.png
cdn2.iconfinder.com/data/icons/social-icon-3/512/ 6 KB
6 KB 54ms
21ms Image
image/webp 172.66.40.238
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/social-icon-3/512/social_style_3_twiter-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.238 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dadb3cc5d2f39d2ce8d7086f952917fa40f2577c89a54977f4223618fc7d0541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 240907
cf-polished: origFmt=png, origSize=12958
content-disposition: inline; filename="social_style_3_twiter-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5712
x-request-id: f1f51903-3cbf-41c9-9972-b26d789524f2
expires: Tue, 04 Oct 2022 05:18:15 GMT
last-modified: Fri, 01 Oct 2021 09:38:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf2d21a64219f-DUS
cf-bgj: imgq:100,h2pri

GET
H2 200 Ursnif-TA544.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 29 KB
30 KB 21ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?resize=547%2C458&ssl=1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

6b86c6ae7b5af2b9cbaed71f58731bb6446fbebadb68e1ef38f7af406423f044

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 04 Oct 2021 05:18:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Oct 2021 19:53:00 GMT
server: nginx
etag: "7aff7301493370b3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png>; rel="canonical"
content-length: 30152
expires: Wed, 04 Oct 2023 07:53:00 GMT

GET
H3 200 data Show response
www.getinfosec.news/comment/ 2 B
1 KB 357ms
357ms XHR
application/json 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/comment/data?contentId=10079328&siteId=441&orderBy=updated_at&orderType=desc
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
accept-language: de-DE,de;q=0.9
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D; _ga=GA1.2.1372009611.1633324695; _gid=GA1.2.1104024021.1633324695; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
:path: /comment/data?contentId=10079328&siteId=441&orderBy=updated_at&orderType=desc
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
X-XSRF-TOKEN: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBoXW6o9jZC2JdF4ltkZ9DKvZcsXFB8rqqX1LCtzXGB1xOHY9%2BrSrxBA%2FC4mFibekLA0SZX0KbiLB%2FjhhaEk6nC3yIKJKpyWKYE5dWHHtDNYXfC7G8vODiXWiejmo8bnz%2BousBsH"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InRRS0ZhblhBZHFWR1pPT3VDcVRqemc9PSIsInZhbHVlIjoiRFB6bmZYZGlpN2Q3M1pZUGluM1FlOFlwZGJidHRhSGJOSGNUZkt2TWhldXE2b21oVjNveEh5bHNCWExPcmsrMHhlcWMwVkNxeEFaZU9YM3NRYkFNWWJxbENDOGtTWmcvTkVUTFAzOCsrU0VwRTMzMk5mNzhYVHAyTzJZdHVJNEEiLCJtYWMiOiI4MGY2OTdkNWZhZWNiZDM3MWE1OTdlZmU2ZTY3YWE3ODQzMjk3MjRhMmEzOGJiZGRiMWExNmVlMDAyZDUxYjA4In0%3D; expires=Mon, 04-Oct-2021 07:18:15 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6IkFQRnBNWm1QRUM5dWcreEM4R0JyS3c9PSIsInZhbHVlIjoiV1kyUnRTQitsK0tTc2xWS1l4aU9PQkpHamhNS0ZqV2hzWEdYdW12RDFuQWdnK1hJZkNvWkJWSGNaWXpzZm9YeHkrcGZUMzR1bVNPYVlMMHdkMGJHd1pOZE9iZkRORmkwbzhyV2NPbkpVbE5IakhPR0ZvZTQ4RDFwUWVVNzZVMHgiLCJtYWMiOiIxYjkzMmU0MGIwOWU1YWY5NDkwNmQ1MjdkYzhkMmE3Nzg0MjUwMDkyNGI0YzBiYTAzZGI5ZmYxYzJhM2E2MDAxIn0%3D; expires=Mon, 04-Oct-2021 07:18:15 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf2d1e9b765f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2

GET
H3 200 related-contents Show response
www.getinfosec.news/content/ 13 KB
4 KB 381ms
381ms XHR
application/json 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/content/related-contents?siteId=441&contentId=10079328&limit=5
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0521c1db32bd8ef76c1b0d6d764feefa167409ef81b4fd4cd08142ec5814592

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
accept-language: de-DE,de;q=0.9
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D; _ga=GA1.2.1372009611.1633324695; _gid=GA1.2.1104024021.1633324695; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
:path: /content/related-contents?siteId=441&contentId=10079328&limit=5
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
X-XSRF-TOKEN: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VlKBmN%2BxxM0JOMPFNwnsRKEmfuw7kzFBy6fxVyk3RoeJnf6O52r9bfnwXhBdsjqnaVXRiTbeWFyDlr7UuqenLHuEqOJnFX%2Bs6Arux5OSC7GC6xl0D5xYIorpaaFlHl6cRiMsPN%2B2"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkhpZ1pXTnc5VVNaY1pGUHplemc2L3c9PSIsInZhbHVlIjoiMFFGbFpJWlRMUllkZStLUWMxckJ2a3dkbzF0RjBhK3htQ1BPdzRlRC9sV3l0WWNDTmE1blpYWDBJS0hka2lLNURjRlZ3ZndBM0VzdlNzZEVwMXFwS0hGVUZmVDZpN3VybnJnNlpDOVhOOG5tSVI2Z2dkaEVCTzRMcHludVRkTkEiLCJtYWMiOiI5NGU4MjNkNjk1MDZkY2QwYjliMDU0YWYyMmVlZTk3ZjlmZWMzNWNlNjNiZGU2OGE0YjVkMWNjYWI2NDJkZGQ1In0%3D; expires=Mon, 04-Oct-2021 07:18:15 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6InBJYnQ2Mnd3MjYwTmpHV1ZwWEZvY0E9PSIsInZhbHVlIjoiRXdqL1ZFbU15WThGZGhKMjRjcTB4RmJ0NHVjL21ObmdQZnFZSzNhdW5YUlMxK2dWZXN0bk1PN1FXMGs5QXJKVU16QXNNWkt4eHlUQ0lqYm9MNDl2OE9xN2w2aHFkUUp1bnZRZFpnbHZXZTJ2eVoyc2VLZkp6ZktaRWs2dlhOOHEiLCJtYWMiOiJkNDgxNDZjZDc0MzYzZTVkMDU0ZGZiZGY3ZmQyNGE4MzEzZjc0ZWJkYzRhODM1ZmVmYWU4NmIyN2ZkZDQ3YjBkIn0%3D; expires=Mon, 04-Oct-2021 07:18:15 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf2d1e9b865f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 most-discussed Show response
www.getinfosec.news/content/ 4 KB
3 KB 953ms
953ms XHR
application/json 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/content/most-discussed?siteId=441&limit=3&period=7
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5c154fa037f2d7f3fb6732ac0a4146a82b22e146e11f1f37f5ec92f54fcd475

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
accept-language: de-DE,de;q=0.9
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D; _ga=GA1.2.1372009611.1633324695; _gid=GA1.2.1104024021.1633324695; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
:path: /content/most-discussed?siteId=441&limit=3&period=7
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
X-XSRF-TOKEN: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:16 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dRT8DqELfs6wCMpGX4ZgvDBQXTIq02lyINZpMvf2SK68H4bT0i13TqQyw6RcoMfkq9EOjKEdnHDPd6CYPfezM%2F%2Bl32Y0TLKelTfR99HnGaB28zsZgz9VJp0kdEB1Fc820h%2B8AH1s"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlhRc2FCaTF6VURQeC9zQks1dzdRNVE9PSIsInZhbHVlIjoiYVB4bzlHZFNqdGtsYjE1emEvbTJlKysvQXpLRGRMVEdrMnd4VnBIOWJYUFJqOFpaSTB6TDNLQVlwTzFzUmhXRU4vdmVGaHpwa2c1NU92bit5dVpvQTUvZVp5QlIvSTFIbDVaQWN1VDZCR1hiQmZ3Q3dLbFRZTUluUjZrRjVLbUciLCJtYWMiOiI0ZTBlMDFkYjA3OGRhMjU4MDUxYjcwMjQyNDFjMGI4ODM3ZmEwODc3ZDdiODY4YmZkNmE3OTVlOGM3NmU5M2I2In0%3D; expires=Mon, 04-Oct-2021 07:18:16 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6InhhblFLNXZ0L09MMkpib1pzTWVBTGc9PSIsInZhbHVlIjoiSHhEMC8zR2k3SUQ3TGthaHNPQlY5eGJsNGhoM05qUWlZYU04UjZpS2p1MlByT25rc2R3ZkxURHNacmhpcVRZUC9FN254TGk4RHdKYy9hbTI4eWtrVFRFMTRJbjFMNkNTalE1Y1J6V3VJcmRGUjd0MlVRUEppZFJzRE9aL2k5dmkiLCJtYWMiOiI2MDFkODFmMTVhODk1MzcwMTJjN2U0ZDc0ZmFhZTNkN2RkNDE3NmFjMDc2NGJiM2I5ZWU0MDI1MTcwMmIyYzc4In0%3D; expires=Mon, 04-Oct-2021 07:18:16 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf2d1e9b965f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 twitter.png
img.icons8.com/fluent/96/000000/ 3 KB
3 KB 50ms
6ms Image
image/png 195.181.175.45
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/fluent/96/000000/twitter.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.175.45 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

frankfurt-44.cdn77.com

Software

CDN77-Turbo /

Resource Hash

ebe7f14bba97f98b8bfc5d1e959dbbfe26509adc4bfb32b27f55b52d204776d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Oct 2021 05:18:15 GMT
icon-size: 96
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 138188
x-dns-prefetch-control: off
content-length: 2736
x-xss-protection: 1; mode=block
x-77-nzt: AcO1rywrgkLvzBsCAA==
x-accel-expires: @1633488907
not-found-platform: false
last-modified: Thu, 30 Sep 2021 15:00:43 GMT
server: CDN77-Turbo
x-77-nzt-ray: 0lpHsOpv3qw=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: true
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: 5MQ0gPAYYx7a
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210708094556621

GET
H2 200 tumblr.png
img.icons8.com/color/96/000000/ 1 KB
2 KB 50ms
6ms Image
image/png 195.181.175.45
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/color/96/000000/tumblr.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.175.45 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

frankfurt-44.cdn77.com

Software

CDN77-Turbo /

Resource Hash

e9db9f4845d50ce4cfb88a6d0f81f3ce432e2d0893684b5c4819c87732b6b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Oct 2021 05:18:15 GMT
icon-size: 96
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 31539
x-dns-prefetch-control: off
content-length: 1381
x-xss-protection: 1; mode=block
x-77-nzt: AcO1rywVvsrvM3sAAA==
x-accel-expires: @1633595556
not-found-platform: false
last-modified: Sat, 02 Oct 2021 23:05:09 GMT
server: CDN77-Turbo
x-77-nzt-ray: W2mRa6qY+Ec=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: true
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: 13976
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210930223957658

GET
H2 200 blogger.png
img.icons8.com/color/96/000000/ 1 KB
2 KB 50ms
7ms Image
image/png 195.181.175.45
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/color/96/000000/blogger.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.175.45 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

frankfurt-44.cdn77.com

Software

CDN77-Turbo /

Resource Hash

a1a8769db6fd1e983f9dba8483855c7d9486e4ba9ca39c85bd352ad80ab74094

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Oct 2021 05:18:15 GMT
icon-size: 96
x-content-type-options: nosniff
memory-svg-cache: false
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 225680
x-dns-prefetch-control: off
content-length: 1368
x-xss-protection: 1; mode=block
x-77-nzt: AcO1ryzh/Br/kHEDAA==
x-accel-expires: @1633401415
not-found-platform: false
last-modified: Fri, 01 Oct 2021 00:18:16 GMT
server: CDN77-Turbo
x-77-nzt-ray: fUzBubtjNK0=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: 65072
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210930223958474

POST
H3 200 activity Show response
www.getinfosec.news/auth/ 0
1 KB 309ms
309ms XHR
text/html 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/auth/activity
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode: cors
origin: https://www.getinfosec.news
x-xsrf-token: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: XSRF-TOKEN=eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0%3D; newsy_session=eyJpdiI6ImlTeVlJUCs4R3gwNGdQN2VYK1F5SUE9PSIsInZhbHVlIjoidkxsS3hGV25TOTVFdWMwTTY5bHc2eks0WkVpUGdBVnZ4cnROeXpUbWNBYURlVUllSFN5T2ljenVFbWVGSk56a1VWOFFQeEpjTmhyNmNaeWZqdUUyYVIvR1JkOHZCdzNzZmkvQ1dGMkdpeitWUTJzVWM4Y3VYbkdvM1RsbEJhQzQiLCJtYWMiOiJiMTY2YzA1ZTkwODYzNjc2NmZiYmQwMTAzNTg1NTkxZDY0MDdhMjk5MWVlMzA3NjRkOTJhYzUyZGIzNzEzMjU5In0%3D; _ga=GA1.2.1372009611.1633324695; _gid=GA1.2.1104024021.1633324695; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
content-length: 319
:path: /auth/activity
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
X-XSRF-TOKEN: eyJpdiI6InBoTUdIQjEyQ1k2Q0dWVmpUNG5aVGc9PSIsInZhbHVlIjoiUWxlMTNZVThaa0NEbHZ5THZNRFJseTRISUlxM3lITDlKWTZWMkhSK0w1aVdqQjZaY0hhdE9yZm9wV1VrUE1IbGtiRU1sMHJPUFVQc1lMTXFPTUZIcXVUWmNmY3F5SmdBUUhWTEdYcGN5TitiQXpmUjg3UjNLNVdjSkg4SUMxMSsiLCJtYWMiOiIxZGQyZjgwZjI4YmY2YTc1NDdhMjA5OWQ3YTI3ZGNjNTM1NDlkYTc5MGZkZjYzZDZkZmI4ZTA3YTdlNTY2MTA1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mjInghy3i%2BzNmlW28T3FiPc342h%2BF6QPKQxeOHvR8dsycL%2FEAe7biZH8mBceOw0SSzKolX4KV7VYXJEEGuCxVbpBr%2FiGto9NkqhKExV1VbjXfGOMx4RrnFxWYGue38iJlPg7uQg2"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InRpVjNQVmtsQkxpYi90NlNXQTBzQWc9PSIsInZhbHVlIjoiZHozYVRRMTUvejh2WW1iYjltK3FUUCtpLzBSckNadVA1K3Y0cFBvbW14VzlyeU5MM0lPcG1sN1NCMHNNSlV6UkFTZTZCaG0xajkrbnJoVk5JWDJ0bUs2b2tuRUFWOGNpRzNJZ3pkUWhWYWxqVTJGZ2diUkhLMHZhd2ptbUsvU3AiLCJtYWMiOiI0Zjk1M2Y3OWQ2ZmNmMzdiMjJiMWMyNDM2MGU4NTU4NGY2NGQ0NzA2ZjJkY2Q0ZjdmYTJmYTE3OWU1OGY4ZjgxIn0%3D; expires=Mon, 04-Oct-2021 07:18:15 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6Ill4bjc2M0hZc0VIZGIzWFNHNi9yOUE9PSIsInZhbHVlIjoia3U5NCtaS2JOSUdubVRNbEEyS3A2bWQwMnJoRHArVjRKV040UDdrNFE5eDJGdjJwcVlEcDZMNU9ydWFLcG1VYXd3c2tzRG9rdnM5SlkweitjZXBCc2JYNWJ6RVN6aDc4VFJKMWJxSWtucXRDdjZZMlJEbGVMSFJFWTk2dDF5MWsiLCJtYWMiOiIzZjBmNTE4ZTc2Y2IyZGJjYzU3ZGI2MWE4M2JlYjVkZmEwNDM3YmNkZWI1NDFkODYzMDc5ZTQ1M2ExYjE2NDI4In0%3D; expires=Mon, 04-Oct-2021 07:18:15 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf2d1e9c065f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html Show response
js.stripe.com/v3/ Frame BEB5 215 B
968 B 19ms
19ms Document
text/html 13.225.87.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-15.fra2.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1942d92c0cf67997cea0dc7c6058f7d4231a56aadafacacc15ed65c1e8a49925

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.getinfosec.news/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/

Response headers

content-type: text/html; charset=utf-8
content-length: 215
x-amz-id-2: xBhRFvvtkeo6fE8O1E514bQZo9Pd1fWnnjilE3UgBDqQwF/fvamhs7CBoQcyA3aggjMWyyMRmKE=
x-amz-request-id: 9EF7KVV79F0X26KK
last-modified: Thu, 30 Sep 2021 22:19:33 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
x-edge-origin-shield-skipped: 0
date: Mon, 04 Oct 2021 05:17:22 GMT
cache-control: max-age=60
etag: "79f4c4ec97e4a9c650a8aa5dc0a621df"
x-cache: Hit from cloudfront
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: YZUaFYfEm4x7xnxh-ZO8O7Udyo5JW6S4FsA69mn_TTqdBozWXiDY7Q==
age: 53

GET
H2 200 Ursnif-TA544.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 38 KB
39 KB 14ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?w=646&ssl=1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

80b47c89ad12957e2f936f5b0dcbb4590c359cbc89e5050da3493f24604f7632

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 04 Oct 2021 05:18:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Oct 2021 19:46:32 GMT
server: nginx
etag: "790df15d0f8d8244"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png>; rel="canonical"
content-length: 39410
expires: Wed, 04 Oct 2023 07:46:32 GMT

GET
H2 200 m-outer-a630934868d6eead16233600eabc02b0.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame BEB5 1 KB
2 KB 21ms
18ms Script
application/javascript 13.225.87.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-a630934868d6eead16233600eabc02b0.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-15.fra2.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7aa8a31521fca34e454549169275a559b334ff604261a4a2ef89319d3bf5cf6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"8240ee835643f4c573d637d6184b80e7"
age: 52
x-cache: Hit from cloudfront
x-edge-origin-shield-skipped: 0
x-amz-request-id: H8NTXKWP97CKX4ZV
x-amz-id-2: YMnVadun8F1/3behfeMg8ezyNIX5/8gJjRGVkdzjE169abADRNUjjtP+xY1QtotHIRbGEX1+pLc=
access-control-allow-origin: *
last-modified: Thu, 30 Sep 2021 22:19:33 GMT
server: AmazonS3
date: Mon, 04 Oct 2021 05:17:24 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
cache-control: max-age=60
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: 0kSHwhaFm-TdQeF1uY13c03THgKdLuLQeezbZ2no9JwzSj34PXYxxg==

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 0120 932 B
1 KB 41ms
8ms Document
text/html 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-a630934868d6eead16233600eabc02b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: m.stripe.network
:scheme: https
:path: /inner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.stripe.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: max-age=300, public
content-security-policy: connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
accept-ranges: bytes
date: Mon, 04 Oct 2021 05:18:15 GMT
via: 1.1 varnish
age: 32
x-served-by: cache-hhn4037-HHN
x-cache: HIT
x-cache-hits: 16
x-timer: S1633324695.448829,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 932

POST
H2 200 csp-report
q.stripe.com/ Frame 0120 0
121 B 508ms
165ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
x-envoy-upstream-service-time: 0
server: nginx
content-length: 0
strict-transport-security: max-age=31556926; includeSubDomains; preload

GET
H2 200 out-4.5.40.js Show response
m.stripe.network/ Frame 0120 85 KB
85 KB 6ms
6ms Script
application/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.40.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
via: 1.1 varnish
x-content-type-options: nosniff
server: Fastly
age: 7
date: Mon, 04 Oct 2021 05:18:15 GMT
x-served-by: cache-hhn4037-HHN
vary: Accept-Encoding, Origin
x-cache: HIT
content-type: application/javascript
cache-control: max-age=300, public
accept-ranges: bytes
x-timer: S1633324695.464500,VS0,VE0
content-length: 87228
x-cache-hits: 3

POST
H2 200 6 Show response
m.stripe.com/ Frame 0120 156 B
518 B 500ms
167ms XHR
text/plain 34.215.192.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.40.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.215.192.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-215-192-98.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

0ee4a906a2b2ff27cb21631d377c3125f3f38daeababeaf523c5a523a0bd0da3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

GET
H2 200 fc0a46f3afadff082713c647af5d7160
s.yimg.com/uu/api/res/1.2/vi7du2NNd0s_pQmdhcZ7Jw--~B/aD0zNTA7dz00MDA7YXBwaWQ9eXRhY2h5b24-/https://media.zenfs.com/en/prnewswire.com/ 26 KB
27 KB 62ms
20ms Image
image/jpeg 87.248.118.22
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/uu/api/res/1.2/vi7du2NNd0s_pQmdhcZ7Jw--~B/aD0zNTA7dz00MDA7YXBwaWQ9eXRhY2h5b24-/https://media.zenfs.com/en/prnewswire.com/fc0a46f3afadff082713c647af5d7160

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.118.22 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

e1.ycpi.vip.deb.yahoo.com

Software

ATS /

Resource Hash

9c6364f36b51319619fa0927fb7d9464190560679aeeb0c3bc5ddf258b57f4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:15:09 GMT
x-content-type-options: nosniff
age: 186
cld_latency: 1
edge-cache-tag: 289811272935654050523388859859489405728,249131114936749253239845780442754598620,ae7a14591aaf8d474cdb3f92111c923e
cld_cache: HIT
cld_hits: 1
x-cache: HIT
strict-transport-security: max-age=15552000
content-length: 26610
x-xss-protection: 1; mode=block
cld_by: cache-wdc5531-WDC
x-served-by: cache-wdc5531-WDC
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Sep 2021 14:35:51 GMT
server: ATS
x-timer: S1633324510.754360,VS0,VE1
etag: "67e36b6677288b8eb88b7ce0e3f18c3d"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1

GET
H2 200 SPORT-PREVIEW-Messi-5.jpg
www.thesun.co.uk/wp-content/uploads/2021/07/ 773 KB
775 KB 58ms
20ms Image
image/webp 13.225.87.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thesun.co.uk/wp-content/uploads/2021/07/SPORT-PREVIEW-Messi-5.jpg?strip=all&quality=100&w=1200&h=800&crop=1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-112.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

28d9b78d460e1eb7cb2718dd999ff6882a9241bc13ffb921d4dc020da267cb8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
via: 1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
age: 12
x-edge-origin-shield-skipped: 0, 0
x-cache: Hit from cloudfront
content-length: 791818
x-rq: lhr3 109 195 443
last-modified: Sun, 19 Sep 2021 09:10:09 GMT
server: nginx
etag: "793fed882117ef86"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: KMW-322jbgOHZ-ifBZAwu_Wboppx12pUHaxzWFXIMZ25UCSWgOhTSQ==
expires: Mon, 19 Sep 2022 09:10:09 GMT

GET
H2 200 photo-1610654398165-2a9cf95137fd
images.unsplash.com/ 465 KB
465 KB 46ms
16ms Image
image/jpeg 151.101.114.208
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.unsplash.com/photo-1610654398165-2a9cf95137fd?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=MXwyMzg1fDB8MXxzZWFyY2h8MTR8fEludmVyc2klQzMlQjNuJTIwZGUlMjBJbXBhY3RvfGVufDB8fDJ8&ixlib=rb-1.2.1&q=80&w=1080

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.208 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

85881872103df3e6b5645e0011fd2bbfcfca491b0996b2a92ff11a91f22108c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Oct 2021 15:06:01 GMT
server: imgix
age: 223934
x-cache: HIT, HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=315360000
x-imgix-id: 5d4d00bdd10dcc5d52637a46a37355a3bd53e886
accept-ranges: bytes
content-length: 475904
cross-origin-resource-policy: cross-origin
x-served-by: cache-sjc10030-SJC, cache-hhn4078-HHN

GET
H2 200 photo-1610662037089-70d7e77c1534
images.unsplash.com/ 238 KB
239 KB 38ms
8ms Image
image/jpeg 151.101.114.208
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.unsplash.com/photo-1610662037089-70d7e77c1534?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=MXwyMzg1fDB8MXxzZWFyY2h8MTJ8fEludmVyc2klQzMlQjNuJTIwZGUlMjBJbXBhY3RvfGVufDB8fDJ8&ixlib=rb-1.2.1&q=80&w=1080

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.208 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

ddd82454b3228d2a49d9b133e912a6011d23edcaf3cf9290c040a90b995b65a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 09:55:04 GMT
server: imgix
age: 2316191
x-cache: HIT, HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=315360000
x-imgix-id: 609476c3ca861e2ac4048ce07c48f0db11e88521
accept-ranges: bytes
content-length: 243886
cross-origin-resource-policy: cross-origin
x-served-by: cache-sjc10070-SJC, cache-hhn4078-HHN

GET
H2 200 1170653964_1280
i.vimeocdn.com/video/ 958 B
1 KB 29ms
7ms Image
image/avif 151.101.114.109
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vimeocdn.com/video/1170653964_1280
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d58b45299511217e52f494af4b0bdc4471ef55db555429263a866f46d5dafa3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:15 GMT
via: vvarnish, 1.1 varnish, 1.1 varnish
age: 2144078
x-viewmaster-lossless-format: false
x-cache: miss, HIT, HIT
x-backend-server: varnish
content-length: 958
viewmaster-server: viewmaster-us-central1-0x7d
x-served-by: cache-dfw18657-DFW, cache-hhn4057-HHN
x-timer: S1633324696.813129,VS0,VE1
etag: 8b59593be94ef6cebd376ebbe25a25aa
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 404 file-transfer-collaboration.png
www.clearswift.com/sites/default/files/styles/blog-main-image/public/images/blog/ 0
0 29ms
7ms Image
text/html 23.185.0.3
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.clearswift.com/sites/default/files/styles/blog-main-image/public/images/blog/file-transfer-collaboration.png?itok=IaffPL0d
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.185.0.3 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 Trojan%20App%20Stats.jpg
www.secureworld.io/hs-fs/hubfs/ 20 KB
21 KB 117ms
30ms Image
image/webp 199.60.103.30
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hs-fs/hubfs/Trojan%20App%20Stats.jpg?width=600&name=Trojan%20App%20Stats.jpg
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.30 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68fd2db599418d133b6b3411e0cb342cb61ccea3b21cf7b204edf7e7ccb66c29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

age: 236716
x-amz-server-side-encryption: AES256
edge-cache-tag: F-56471435397,P-2221756,FLS-ALL
x-edge-origin-shield-skipped: 0
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Trojan%20App%20Stats.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
cf-bgj: imgq:85,h2pri
etag: "6dd7d3d19fd50567775c1ba9c5bfec5e"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1633026405655
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
date: Mon, 04 Oct 2021 05:18:16 GMT
via: 1.1 9b097dfab92228268a37145aac5629c1.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=73392
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 20118
last-modified: Thu, 30 Sep 2021 18:26:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5mGA6BrYtFxUfGk%2Bf4FKp4JJiFzMs%2B8uCTJRdQzwZVnl85Y0OyPoaSPruNO0rfntr7B%2BUJTmh9C5Z7%2BGk%2FzQ4OCAVOAWJMr3okVhbfNhisjZ%2Ft18hC7EoKfIgDQFQXy3N1I%2Fug%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 698bf2d869d64a85-FRA
x-amz-cf-id: lfeJMn3elLp8zw6TTM0sRecGWXg_MIhb-6RkzA5-CFUUpFX5_2dnDA==

GET
H2 200 ccba50cfccdd1b18580f6a70670087f3_c0-155-2362-1532_s1200x700.jpg
twt-thumbs.washtimes.com/media/image/2014/06/26/ 108 KB
109 KB 531ms
485ms Image
image/jpeg 104.21.59.72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twt-thumbs.washtimes.com/media/image/2014/06/26/ccba50cfccdd1b18580f6a70670087f3_c0-155-2362-1532_s1200x700.jpg?8b0ecdf04148a292d977849569ac05e79bc8322e
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.72 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: becfedee633c9b73e5df5873896ddff0cb8c45a310f2b2a5722df31a6837b2a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:16 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "77e7b6aef722564c503726122aee136f5ad52df6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdSJ0mrvpysqUnWG3ps04lkzZaZxBtcs6uPlO5sdMkrHN0v8vJ6Dvku7lAE9pwOOX43otHnSUxfEkJ8PfRug%2F5c4wmDG990Yt7bIgWT6%2BFLpz%2BjecUH4ipuJPJJLk4D4MYUFoXQuCMAR4Ek%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 698bf2d82e300472-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 111062
expires: Tue, 05 Oct 2021 05:18:16 GMT

GET
H3 200 feather-sprite.svg
www.getinfosec.news/img/ 58 KB
12 KB 26ms
26ms Other
image/svg+xml 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/img/feather-sprite.svg
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc2604e4b0c63665fe5c730c319b560b47ef23b9dad0e6a6b5a9192a428afe17

Request headers

:path: /img/feather-sprite.svg
pragma: no-cache
cookie: _ga=GA1.2.1372009611.1633324695; _gid=GA1.2.1104024021.1633324695; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1; __stripe_mid=fda04b2b-2f8c-43d4-aa19-822e62dec3d8670c00; __stripe_sid=bed84f8b-bd63-4018-8d5b-cf50b3b6558cf759bc; XSRF-TOKEN=eyJpdiI6IlhRc2FCaTF6VURQeC9zQks1dzdRNVE9PSIsInZhbHVlIjoiYVB4bzlHZFNqdGtsYjE1emEvbTJlKysvQXpLRGRMVEdrMnd4VnBIOWJYUFJqOFpaSTB6TDNLQVlwTzFzUmhXRU4vdmVGaHpwa2c1NU92bit5dVpvQTUvZVp5QlIvSTFIbDVaQWN1VDZCR1hiQmZ3Q3dLbFRZTUluUjZrRjVLbUciLCJtYWMiOiI0ZTBlMDFkYjA3OGRhMjU4MDUxYjcwMjQyNDFjMGI4ODM3ZmEwODc3ZDdiODY4YmZkNmE3OTVlOGM3NmU5M2I2In0%3D; newsy_session=eyJpdiI6InhhblFLNXZ0L09MMkpib1pzTWVBTGc9PSIsInZhbHVlIjoiSHhEMC8zR2k3SUQ3TGthaHNPQlY5eGJsNGhoM05qUWlZYU04UjZpS2p1MlByT25rc2R3ZkxURHNacmhpcVRZUC9FN254TGk4RHdKYy9hbTI4eWtrVFRFMTRJbjFMNkNTalE1Y1J6V3VJcmRGUjd0MlVRUEppZFJzRE9aL2k5dmkiLCJtYWMiOiI2MDFkODFmMTVhODk1MzcwMTJjN2U0ZDc0ZmFhZTNkN2RkNDE3NmFjMDc2NGJiM2I5ZWU0MDI1MTcwMmIyYzc4In0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: same-origin
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 21 Nov 2019 23:16:55 GMT
server: cloudflare
age: 3
etag: W/"e76b-597e37e41ab90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KkRmlykvC1vccVOXeZ6qF%2F1U40SpoxgVSNZsBGZ2eZgC1Xpt8rnxtbJ27hHINrsP13VHsHSLviC4jLUGj732nlgRCDOCI79pOdo3e0x4ukkyZJdqLjxHVe0zMbFw0AQROOiaJTBE"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf2e489be65f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST 6
m.stripe.com/ Frame 0120 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: m.stripe.com
URL: https://m.stripe.com/6

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.getinfosec.news/	1970-01-20 15:13:16	Name: _ga Value: GA1.2.1372009611.1633324695
.getinfosec.news/	1970-01-19 21:43:31	Name: _gid Value: GA1.2.1104024021.1633324695
.getinfosec.news/	1970-01-19 21:42:04	Name: _gat_gtag_UA_153426991_1 Value: 1
.getinfosec.news/	1970-01-19 21:42:04	Name: _gat_gtag_UA_166935235_1 Value: 1
.unsplash.com/	1970-01-20 06:27:40	Name: ugid Value: 458aaaa2925b6d4ddee2a11294af55845444415
www.thesun.co.uk/	1969-12-31 23:59:59	Name: nuk_customer_country_code Value: DE
www.thesun.co.uk/	1969-12-31 23:59:59	Name: nuk_customer_region_code Value: HE
m.stripe.com/	1970-01-20 15:13:16	Name: m Value: 9da62df2-479f-4518-bae9-5a0b39c3b3d49064b0
.www.getinfosec.news/	1970-01-20 06:27:40	Name: __stripe_mid Value: fda04b2b-2f8c-43d4-aa19-822e62dec3d8670c00
.www.getinfosec.news/	1970-01-19 21:42:06	Name: __stripe_sid Value: bed84f8b-bd63-4018-8d5b-cf50b3b6558cf759bc
www.getinfosec.news/	1970-01-19 21:42:11	Name: XSRF-TOKEN Value: eyJpdiI6IlhRc2FCaTF6VURQeC9zQks1dzdRNVE9PSIsInZhbHVlIjoiYVB4bzlHZFNqdGtsYjE1emEvbTJlKysvQXpLRGRMVEdrMnd4VnBIOWJYUFJqOFpaSTB6TDNLQVlwTzFzUmhXRU4vdmVGaHpwa2c1NU92bit5dVpvQTUvZVp5QlIvSTFIbDVaQWN1VDZCR1hiQmZ3Q3dLbFRZTUluUjZrRjVLbUciLCJtYWMiOiI0ZTBlMDFkYjA3OGRhMjU4MDUxYjcwMjQyNDFjMGI4ODM3ZmEwODc3ZDdiODY4YmZkNmE3OTVlOGM3NmU5M2I2In0%3D
www.getinfosec.news/	1970-01-19 21:42:11	Name: newsy_session Value: eyJpdiI6InhhblFLNXZ0L09MMkpib1pzTWVBTGc9PSIsInZhbHVlIjoiSHhEMC8zR2k3SUQ3TGthaHNPQlY5eGJsNGhoM05qUWlZYU04UjZpS2p1MlByT25rc2R3ZkxURHNacmhpcVRZUC9FN254TGk4RHdKYy9hbTI4eWtrVFRFMTRJbjFMNkNTalE1Y1J6V3VJcmRGUjd0MlVRUEppZFJzRE9aL2k5dmkiLCJtYWMiOiI2MDFkODFmMTVhODk1MzcwMTJjN2U0ZDc0ZmFhZTNkN2RkNDE3NmFjMDc2NGJiM2I5ZWU0MDI1MTcwMmIyYzc4In0%3D
.www.secureworld.io/	1969-12-31 23:59:59	Name: __cfruid Value: c2fef019dd2375f8730f44fa99ebee47b6d0ae94-1633324696

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.clearswift.com/sites/default/files/styles/blog-main-image/public/images/blog/file-transfer-collaboration.png?itok=IaffPL0d Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdn2.iconfinder.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
i.vimeocdn.com
i1.wp.com
images.unsplash.com
img.icons8.com
js.stripe.com
m.stripe.com
m.stripe.network
newsyapp.s3.ap-southeast-2.amazonaws.com
q.stripe.com
s.yimg.com
stats.g.doubleclick.net
twt-thumbs.washtimes.com
unpkg.com
www.clearswift.com
www.getinfosec.news
www.google-analytics.com
www.googletagmanager.com
www.secureworld.io
www.thesun.co.uk
m.stripe.com
104.16.124.175
104.16.18.94
104.16.86.20
104.21.59.72
13.225.87.112
13.225.87.15
142.250.186.142
142.250.186.40
142.250.186.67
151.101.114.109
151.101.114.208
151.101.128.176
172.217.23.106
172.66.40.238
172.67.138.119
173.194.76.155
192.0.77.2
195.181.175.45
199.60.103.30
23.185.0.3
34.215.192.98
52.95.134.210
54.187.119.242
87.248.118.22
0ee4a906a2b2ff27cb21631d377c3125f3f38daeababeaf523c5a523a0bd0da3
1942d92c0cf67997cea0dc7c6058f7d4231a56aadafacacc15ed65c1e8a49925
1a2969a29378d4ee5f0771e46e3d9e663a06ccc2101d97033442184fd7327355
28d9b78d460e1eb7cb2718dd999ff6882a9241bc13ffb921d4dc020da267cb8a
2ca19963383a46a2cc4c97af98af5d81bd6935eb816a6be6bb8a6c1c7dab8591
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
326f8198ae844997832b6357f9d20f822311b28679d25988925b686528c700a5
37d6a9699305d6caf6db3c009200c10270e355aa6dba482f7f3197e22af3ff64
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fd14700d478f11f6a26f6af7dd60d06180344974226fd7f58578d31d1d63f2a
565bd7299e63203608ef9945b413d7f8cdec8a7c2ea1bbb153d9edd22f47578f
6249a71fc280a0b1d93bbb07ffa5169a9e4bb07539d6025d158452eb9a828f73
68fd2db599418d133b6b3411e0cb342cb61ccea3b21cf7b204edf7e7ccb66c29
6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b86c6ae7b5af2b9cbaed71f58731bb6446fbebadb68e1ef38f7af406423f044
7aa8a31521fca34e454549169275a559b334ff604261a4a2ef89319d3bf5cf6c
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
80b47c89ad12957e2f936f5b0dcbb4590c359cbc89e5050da3493f24604f7632
80e4a6df511aabcfa44f256c549e278654914ed7ccec2dfda39c6f200ec2934c
85881872103df3e6b5645e0011fd2bbfcfca491b0996b2a92ff11a91f22108c6
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
92ea613270d1df64f254b35b96044cff459dcd34a5b8767743626866479ce38a
9c6364f36b51319619fa0927fb7d9464190560679aeeb0c3bc5ddf258b57f4a3
a0521c1db32bd8ef76c1b0d6d764feefa167409ef81b4fd4cd08142ec5814592
a1a8769db6fd1e983f9dba8483855c7d9486e4ba9ca39c85bd352ad80ab74094
a6fda8f8cdeeaa0e5f548b20df29aa7411032f0a9e438910f54d6bfbcaa4539d
becfedee633c9b73e5df5873896ddff0cb8c45a310f2b2a5722df31a6837b2a7
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a
cc2604e4b0c63665fe5c730c319b560b47ef23b9dad0e6a6b5a9192a428afe17
d58b45299511217e52f494af4b0bdc4471ef55db555429263a866f46d5dafa3d
d5c154fa037f2d7f3fb6732ac0a4146a82b22e146e11f1f37f5ec92f54fcd475
dadb3cc5d2f39d2ce8d7086f952917fa40f2577c89a54977f4223618fc7d0541
ddd82454b3228d2a49d9b133e912a6011d23edcaf3cf9290c040a90b995b65a6
ddffc1fb5857d5643c0113e624d013e677a00538184616877dbce212abbbfc41
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9db9f4845d50ce4cfb88a6d0f81f3ce432e2d0893684b5c4819c87732b6b875
ebe7f14bba97f98b8bfc5d1e959dbbfe26509adc4bfb32b27f55b52d204776d1
f76c3cf15fc3f9f7e8d4faa34bdc1df43d03c2009090db4e78542137768bb550
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.getinfosec.news Open in urlscan Pro 172.67.138.119 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

49 Requests

98 %HTTPS

0 %IPv6

22 Domains

24 Subdomains

25 IPs

4 Countries

2734 kBTransfer

4671 kBSize

13 Cookies

23 Outgoing links

Redirected requests

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.getinfosec.news Open in urlscan Pro
172.67.138.119 Public Scan

Screenshot
Live screenshot

Full Image

49
Requests

98 %
HTTPS

0 %
IPv6

22
Domains

24
Subdomains

25
IPs

4
Countries

2734 kB
Transfer

4671 kB
Size

13
Cookies

49 HTTP transactions
0 data transactions