URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-offic...
Submission: On August 07 via api from US

Summary

This website contacted 31 IPs in 9 countries across 27 domains to perform 94 HTTP transactions. The main IP is 52.151.96.240, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.trustwave.com.
TLS certificate: Issued by Trustwave Extended Validation SHA256 ... on November 26th 2018. Valid for: 2 years.
This is the only time www.trustwave.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 33 52.151.96.240 8075 (MICROSOFT...)
5 2606:2800:234... 15133 (EDGECAST)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
8 104.18.140.190 13335 (CLOUDFLAR...)
1 151.101.112.217 54113 (FASTLY)
4 204.79.197.234 8068 (MICROSOFT...)
4 2.21.36.164 20940 (AKAMAI-ASN1)
2 104.109.95.62 20940 (AKAMAI-ASN1)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
13 52.239.152.234 8075 (MICROSOFT...)
5 2a00:1450:400... 15169 (GOOGLE)
1 92.122.255.233 16625 (AKAMAI-AS)
1 3 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 147.75.33.229 54825 (PACKET)
3 99.86.7.81 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 192.28.144.124 15224 (OMNITURE)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 147.75.33.233 54825 (PACKET)
2 2 52.49.73.64 16509 (AMAZON-02)
1 147.75.84.31 54825 (PACKET)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2603:1030:100... 8075 (MICROSOFT...)
1 34.246.206.139 16509 (AMAZON-02)
2 2a01:111:f100... 8075 (MICROSOFT...)
2 2603:1020:c01... 8075 (MICROSOFT...)
1 51.140.6.23 8075 (MICROSOFT...)
94 31
Domain Requested by
33 www.trustwave.com 13 redirects www.trustwave.com
az416426.vo.msecnd.net
13 trustwave.blob.core.windows.net www.trustwave.com
8 npercoco.typepad.com www.trustwave.com
5 fonts.gstatic.com www.trustwave.com
5 fast.fonts.net www.trustwave.com
4 www.atmrum.net www.trustwave.com
www.atmrum.net
az416426.vo.msecnd.net
4 www.google.com 1 redirects www.trustwave.com
www.gstatic.com
3 vidassets.terminus.services www.googletagmanager.com
www.trustwave.com
3 www.google-analytics.com 1 redirects www.googletagmanager.com
www.google-analytics.com
3 cookie-cdn.cookiepro.com www.trustwave.com
cookie-cdn.cookiepro.com
2 86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com www.trustwave.com
2 f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com www.trustwave.com
2 b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com www.trustwave.com
2 match.adsrvr.org 2 redirects
2 px.ads.linkedin.com 1 redirects www.trustwave.com
2 munchkin.marketo.net www.trustwave.com
2 s7.addthis.com www.trustwave.com
s7.addthis.com
1 dc.services.visualstudio.com az416426.vo.msecnd.net
1 in.hotjar.com az416426.vo.msecnd.net
1 www.google.de www.trustwave.com
1 stats.g.doubleclick.net 1 redirects
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 www.linkedin.com 1 redirects
1 815-rfm-693.mktoresp.com az416426.vo.msecnd.net
1 geolocation.onetrust.com www.trustwave.com
1 static.hotjar.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 z.moatads.com s7.addthis.com
1 www.gstatic.com www.google.com
1 az416426.vo.msecnd.net www.trustwave.com
1 player.vimeo.com www.trustwave.com
1 www.googletagmanager.com www.trustwave.com
94 35
Subject Issuer Validity Valid
www.trustwave.com
Trustwave Extended Validation SHA256 CA, Level 1
2018-11-26 -
2020-11-25
2 years crt.sh
s9.wac.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2019-01-16 -
2021-02-03
2 years crt.sh
www.google.com
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
ssl919196.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2020-05-20 -
2020-11-26
6 months crt.sh
vimeo.map.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-04-23 -
2021-04-24
a year crt.sh
*.atmrum.net
Microsoft IT TLS CA 5
2019-08-26 -
2021-08-26
2 years crt.sh
odc-prod-01.oracle.com
DigiCert Secure Site ECC CA-1
2020-07-22 -
2021-10-13
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2020-03-14 -
2021-04-13
a year crt.sh
cookiepro.com
Cloudflare Inc ECC CA-3
2020-07-06 -
2021-07-06
a year crt.sh
sni1e6ffgl.wpc.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2020-04-16 -
2022-04-21
2 years crt.sh
*.gstatic.com
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
*.blob.core.windows.net
Microsoft IT TLS CA 4
2020-07-21 -
2022-07-21
2 years crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2021-03-17
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
static.hotjar.com
Let's Encrypt Authority X3
2020-06-17 -
2020-09-15
3 months crt.sh
*.terminus.services
Amazon
2020-01-13 -
2021-02-13
a year crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA
2020-05-21 -
2022-07-27
2 years crt.sh
*.mktoresp.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2022-01-21
2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-08-05 -
2021-02-05
6 months crt.sh
script.hotjar.com
Let's Encrypt Authority X3
2020-06-18 -
2020-09-16
3 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3
2020-06-16 -
2020-09-14
3 months crt.sh
www.google.de
GTS CA 1O1
2020-07-07 -
2020-09-29
3 months crt.sh
*.footprintdns.com
Microsoft IT TLS CA 2
2020-06-05 -
2022-06-05
2 years crt.sh
*.hotjar.com
Amazon
2019-09-27 -
2020-10-27
a year crt.sh
in.applicationinsights.azure.com
Microsoft IT TLS CA 4
2020-04-30 -
2022-04-30
2 years crt.sh

This page contains 5 frames:

Primary Page: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Frame ID: 50EA0C5287ACCEE67820265B8C31464E
Requests: 90 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 412CB92AF32AB6C1D27A160192461E46
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 4C2F2765B44AD3059BFB85435E8911AD
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=wygl39vjerd6
Frame ID: 3A62FFE1B9AF64FED944EBDF165D4064
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: C1448E8ACB25468300BA76E4EEF9F1F5
Requests: 1 HTTP requests in this frame

Screenshot


Page Statistics

94
Requests

99 %
HTTPS

52 %
IPv6

27
Domains

35
Subdomains

31
IPs

9
Countries

2792 kB
Transfer

4533 kB
Size

18
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32
  • https://www.trustwave.com/media/16992/reprint_the-forrester-wave_global-managed-security-services-providers_q3-2020-cover.png?anchor=center&mode=crop&width=400&rnd=132404200250000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
Request Chain 33
  • https://www.trustwave.com/media/16795/once-future-cover-image.png?anchor=center&mode=crop&width=400&rnd=132344863110000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
Request Chain 34
  • https://www.trustwave.com/media/16254/the-underground-economy-cover.png?anchor=center&mode=crop&width=400&rnd=132094902880000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
Request Chain 35
  • https://www.trustwave.com/media/16414/cyber-multicloud-ebook-cover-image.png?anchor=center&mode=crop&width=400&rnd=132176020710000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
Request Chain 36
  • https://www.trustwave.com/media/15106/ierr37pw.png?anchor=center&mode=crop&width=400&rnd=131992175790000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
Request Chain 37
  • https://www.trustwave.com/media/7356/7145.jpg?anchor=center&mode=crop&width=400&rnd=131644845120000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
Request Chain 38
  • https://www.trustwave.com/media/16657/gartner-mdr-cover.png?anchor=center&mode=crop&width=400&rnd=132308413190000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
Request Chain 39
  • https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
Request Chain 40
  • https://www.trustwave.com/media/17018/workoutplan-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=132410205550000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg
Request Chain 41
  • https://www.trustwave.com/media/17024/security-technology-management_cover.png?anchor=center&mode=crop&width=400&rnd=132411246370000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
Request Chain 42
  • https://www.trustwave.com/media/16694/adp-trial-softwave_cover.png?anchor=center&mode=crop&width=400&rnd=132315344100000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png
Request Chain 43
  • https://www.trustwave.com/media/16961/ctf-event-header.jpg?anchor=center&mode=crop&width=400&rnd=132393847810000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg
Request Chain 44
  • https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
Request Chain 76
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen-us%252Fresources%252Fblogs%252Fspiderlabs-blog%252Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%252F%26time%3D1596801104817%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817&liSync=true
Request Chain 78
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79 HTTP 302
  • https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf
Request Chain 81
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=983692843&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&ul=en-us&de=UTF-8&dt=GoldenSpy%20Chapter%204%3A%20GoldenHelper%20Malware%20Embedded%20in%20Official%20Golden%20Tax%20Software%20%7C%20Trustwave&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQ~&jid=712984013&gjid=1008018721&cid=1075209211.1596801105&tid=UA-123880220-1&_gid=1863240545.1596801105&_r=1&gtm=2wg7v154M2ZJN&z=1307570223 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_gid=1863240545.1596801105&gjid=1008018721&_v=j83&z=1307570223 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632

94 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
139 KB
38 KB
Document
General
Full URL
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4ae63a3fa9bd6d1be795243d4d3d38e33dbb6593cdcb9447af3b292519609eb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.trustwave.com
:scheme
https
:path
/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
cache-control
no-cache
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
-1
vary
Accept-Encoding
set-cookie
ARRAffinity=3935d26f58841e3917f2e00f0df6da5c8b0d6cb2f1f0c9e9c490026921b7ee2e;Path=/;HttpOnly;Domain=trustwave-umbraco-uk.azurewebsites.net ApplicationGatewayAffinity=bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890;Path=/;Domain=www.trustwave.com ApplicationGatewayAffinityCORS=bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890;Path=/;Domain=www.trustwave.com;SameSite=None;Secure
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-aspnet-version
date
Fri, 07 Aug 2020 11:51:43 GMT
content-length
38669
9c85e15b-99ed-40a4-929d-2262f9ed2706.css
fast.fonts.net/cssapi/
6 KB
1009 B
Stylesheet
General
Full URL
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40B6) /
Resource Hash
6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:43 GMT
content-encoding
gzip
last-modified
Tue, 28 Apr 2020 14:50:47 GMT
server
ECS (fcn/40B6)
age
939577
status
200
etag
"2121817011"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-length
817
expires
Fri, 14 Aug 2020 11:51:43 GMT
styles.min.css
www.trustwave.com/dist/css/
238 KB
31 KB
Stylesheet
General
Full URL
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ef847d41d1db2e6f66c1bc66c0779de7b36b0d31eb16dc369b229e19782ce660
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:33:24 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"082a755d569d61:0"
vary
Accept-Encoding
content-type
text/css
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
31604
x-xss-protection
1; mode=block
api.js
www.google.com/recaptcha/
674 B
644 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c0af41da9f52376496beeba05110b06c5ffa60d64a9f28e305177f0cd4550d7a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
448
x-xss-protection
1; mode=block
expires
Fri, 07 Aug 2020 11:51:43 GMT
api.js
www.google.com/recaptcha/
708 B
547 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e9b8e2170d21e35516cd6b26600d47ea8507546e68d1a827185ab0eb16b733f1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
478
x-xss-protection
1; mode=block
expires
Fri, 07 Aug 2020 11:51:43 GMT
Singtel%20Logo.svg
www.trustwave.com/img/logo/
5 KB
2 KB
Image
General
Full URL
https://www.trustwave.com/img/logo/Singtel%20Logo.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ace78f63f590160b0748a26e60d8b453b4d4ac8bc4da20967632bf7e5bcb58e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"03e1b8ad569d61:0"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
2141
x-xss-protection
1; mode=block
gtm.js
www.googletagmanager.com/
140 KB
47 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bf2d7a732f4c2751a36ae6c3e3233639c8800e1b0a3031d9c77d8124c1fc43fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47736
x-xss-protection
0
last-modified
Fri, 07 Aug 2020 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 07 Aug 2020 11:51:44 GMT
Optus%20Logo.svg
www.trustwave.com/img/logo/
3 KB
1 KB
Image
General
Full URL
https://www.trustwave.com/img/logo/Optus%20Logo.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2a1c9874549a1cb94b6e0dc5822b4f5ca14386d39214a8145670fc1c50045496
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"03e1b8ad569d61:0"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
1228
x-xss-protection
1; mode=block
twitter.svg
www.trustwave.com/img/icon/social/svg/dark/
778 B
872 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/dark/twitter.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag
"011ea88d569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
778
x-xss-protection
1; mode=block
linkedin.svg
www.trustwave.com/img/icon/social/svg/dark/
636 B
680 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/dark/linkedin.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag
"011ea88d569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
636
x-xss-protection
1; mode=block
facebook.svg
www.trustwave.com/img/icon/social/svg/dark/
446 B
490 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/dark/facebook.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag
"011ea88d569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
446
x-xss-protection
1; mode=block
6a0133f264aa62970b0264e2e85034200d-800wi
npercoco.typepad.com/.a/
287 KB
288 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0264e2e85034200d-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3776502046f781250c25f64f53ca6a5dfb796c3ff900a28f9b854eb63dc593c8

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995af419c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0264e2e85034200d-800wi.png
content-length
294034
cf-request-id
046a5c518d00009c39ef3ab200000001
x-webserver
oak-tp-web093
last-modified
Mon, 13 Jul 2020 17:09:22 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
390821291 390330683
cache-control
s-maxage=14400
x-phapp
oak-tp-web093
accept-ranges
bytes
content-type
image/png
6a0133f264aa62970b0263e955a3dc200b-800wi
npercoco.typepad.com/.a/
78 KB
78 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a3dc200b-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4e0e060e859237f0792b223041322e21c0e850db78ba107b0616afc4cbd39c5

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995af449c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0263e955a3dc200b-800wi.png
content-length
79767
cf-request-id
046a5c518d00009c39ef3ac200000001
x-webserver
oak-tp-web066
last-modified
Fri, 10 Jul 2020 16:58:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
1764393772 1763995231
cache-control
s-maxage=14400
x-phapp
oak-tp-web066
accept-ranges
bytes
content-type
image/png
6a0133f264aa62970b0263ec274067200c-800wi
npercoco.typepad.com/.a/
54 KB
54 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0263ec274067200c-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e28a2515c136d5e7e0cf6e526a385f4b3998d52d8238e09c254fbdc272ce5ac8

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995af479c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0263ec274067200c-800wi.png
content-length
55364
cf-request-id
046a5c518d00009c39ef3ad200000001
x-webserver
oak-tp-web089
last-modified
Fri, 10 Jul 2020 16:59:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
1764393766 1763995224
cache-control
s-maxage=14400
x-phapp
oak-tp-web089
accept-ranges
bytes
content-type
image/png
6a0133f264aa62970b0263e955a42d200b-800wi
npercoco.typepad.com/.a/
70 KB
71 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a42d200b-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbe0e85e5e53990152ffdf4c23ab39beae2543c5fe6ee1ba55ab797805713df6

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995af499c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0263e955a42d200b-800wi.png
content-length
72135
cf-request-id
046a5c518d00009c39ef3ae200000001
x-webserver
oak-tp-web054
last-modified
Fri, 10 Jul 2020 17:01:41 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
1764393770 1763995223
cache-control
s-maxage=14400
x-phapp
oak-tp-web054
accept-ranges
bytes
content-type
image/png
6a0133f264aa62970b0263e955a45a200b-800wi
npercoco.typepad.com/.a/
33 KB
33 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a45a200b-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efb0f461e0b9b5a2b0f7bed8e66a32af54a6409faeab15810a786bac64c1ef6f

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995af4b9c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0263e955a45a200b-800wi.png
content-length
33827
cf-request-id
046a5c518d00009c39ef3af200000001
x-webserver
oak-tp-web091
last-modified
Fri, 10 Jul 2020 17:02:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
390821301 390330685
cache-control
s-maxage=14400
x-phapp
oak-tp-web091
accept-ranges
bytes
content-type
image/png
6a0133f264aa62970b0263ec2740cb200c-800wi
npercoco.typepad.com/.a/
33 KB
34 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0263ec2740cb200c-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efb0f461e0b9b5a2b0f7bed8e66a32af54a6409faeab15810a786bac64c1ef6f

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995af4c9c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0263ec2740cb200c-800wi.png
content-length
33827
cf-request-id
046a5c518d00009c39ef3b0200000001
x-webserver
oak-tp-web058
last-modified
Fri, 10 Jul 2020 17:03:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
390821269 390330682
cache-control
s-maxage=14400
x-phapp
oak-tp-web058
accept-ranges
bytes
content-type
image/png
6a0133f264aa62970b0264e2e7d403200d-800wi
npercoco.typepad.com/.a/
66 KB
67 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0264e2e7d403200d-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba4eb73fa057cd2e1eb698d44fa27569f4809729a010bc5b932c3d3ad807328f

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995bf569c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0264e2e7d403200d-800wi.png
content-length
67900
cf-request-id
046a5c519500009c39ef3b1200000001
x-webserver
oak-tp-web051
last-modified
Fri, 10 Jul 2020 17:04:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
1764393761 1763995234
cache-control
s-maxage=14400
x-phapp
oak-tp-web051
accept-ranges
bytes
content-type
image/png
6a0133f264aa62970b0263e955a482200b-800wi
npercoco.typepad.com/.a/
425 KB
426 KB
Image
General
Full URL
https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a482200b-800wi
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aac1bb952cbe044084143c5690b71b19ead7016025a3a16a826815f50a90c6b2

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 varnish
cf-cache-status
DYNAMIC
age
2579
cf-ray
5bf0c995bf589c39-AMS
status
200
content-disposition
inline; filename=6a0133f264aa62970b0263e955a482200b-800wi.png
content-length
435284
cf-request-id
046a5c519500009c39ef3b2200000001
x-webserver
oak-tp-web054
last-modified
Fri, 10 Jul 2020 17:06:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
cookie
x-varnish
1764393762 1763995219
cache-control
s-maxage=14400
x-phapp
oak-tp-web054
accept-ranges
bytes
content-type
image/png
logo-trustwave-white.svg
www.trustwave.com/img/logo/
3 KB
1 KB
Image
General
Full URL
https://www.trustwave.com/img/logo/logo-trustwave-white.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"03e1b8ad569d61:0"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
1354
x-xss-protection
1; mode=block
linkedin.svg
www.trustwave.com/img/icon/social/svg/light/
636 B
676 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/linkedin.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
46647527924f0574eded74e7ef9a93d43044a47dcd1b11b9a203c0a9a8bb65e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag
"011ea88d569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
636
x-xss-protection
1; mode=block
twitter.svg
www.trustwave.com/img/icon/social/svg/light/
778 B
818 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/twitter.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4fb02286499439e694d9a4220d6ca3ab664b2ba4bdb699b9068aa8e6fd5528c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag
"011ea88d569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
778
x-xss-protection
1; mode=block
facebook.svg
www.trustwave.com/img/icon/social/svg/light/
446 B
486 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/facebook.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
64ed842d23dcee23e4cf9257dd18ce0066a76cd75108e7fc95f13a4a9b0e892c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag
"011ea88d569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
446
x-xss-protection
1; mode=block
youtube.svg
www.trustwave.com/img/icon/social/svg/light/
525 B
569 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/youtube.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c750113ac663d3ae3adea8e042237ac1c5ea21f9ad1749efc357ea93acbc5d78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag
"011ea88d569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
525
x-xss-protection
1; mode=block
player.js
player.vimeo.com/api/
18 KB
7 KB
Script
General
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
93b1524a3b404177560f00be38ccb97fbdc44a0e9ae7061d652d79b6a07f4bfe
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Varnish-Cache
0
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1077
X-Cache
HIT
P3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
Connection
keep-alive
X-VServer
infra-playproxy-a-3
Content-Length
5776
X-Xss-Protection
1; mode=block
X-Served-By
cache-hhn4073-HHN
X-Player-Backend
p
Expires
Fri, 07 Aug 2020 12:03:47 GMT
Server
nginx
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Timer
S1596801104.055771,VS0,VE0
Date
Fri, 07 Aug 2020 11:51:44 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript;charset=utf-8
Via
1.1 varnish, 1.1 varnish
Vary
Accept-Encoding
X-Vimeo-DC
ge
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
X-Cache-Hits
1553
scripts.min.js
www.trustwave.com/dist/js/
438 KB
136 KB
Script
General
Full URL
https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
df89cc53e851559fba691a5bcd450ca97d68738c4606dc14dd73b9d03b9aaa6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:33:24 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"082a755d569d61:0"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
date
Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges
bytes
content-length
138801
x-xss-protection
1; mode=block
rum.js
www.atmrum.net/
17 KB
17 KB
Script
General
Full URL
https://www.atmrum.net/rum.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
13032ef9973485517338726dd9fcb77fa99a21f69fa91dcb48f432c8fe8df225
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:43 GMT
x-content-type-options
nosniff
last-modified
Fri, 31 Jul 2020 17:18:44 GMT
x-msedge-ref
Ref A: 44273BCDE08A4362B9749D6D704E67A8 Ref B: AMS04EDGE0812 Ref C: 2020-08-07T11:51:44Z
etag
0x8D4FC0223F2F653
status
200
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-MSEdge-Ref
cache-control
no-store
accept-ranges
bytes
timing-allow-origin
*
content-length
17523
addthis_widget.js
s7.addthis.com/js/300/
353 KB
114 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
"5ed917ff-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Fri, 07 Aug 2020 11:51:44 GMT
x-host
s7.addthis.com
content-length
116324
munchkin.js
munchkin.marketo.net/154/
8 KB
4 KB
Script
General
Full URL
https://munchkin.marketo.net/154/munchkin.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-95-62.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 11:51:44 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 May 2018 02:45:27 GMT
Server
AkamaiNetStorage
ETag
"808fc844032f646c32adce24553838be:1526611527"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3700
Expires
Sun, 15 Nov 2020 11:51:44 GMT
5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js
cookie-cdn.cookiepro.com/langswitch/
2 KB
1 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
2Q95fkKCF+yYcVGygzYfBA==
age
4323
status
200
cf-request-id
046a5c514f000005d8751be200000001
x-ms-lease-status
unlocked
last-modified
Mon, 29 Apr 2019 14:20:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
5c642d12-a01e-0046-7f75-340cca000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
5bf0c9954ff005d8-FRA
1.css
fast.fonts.net/t/
0
125 B
Stylesheet
General
Full URL
https://fast.fonts.net/t/1.css?apiType=css&projectid=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41AE) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
last-modified
Wed, 21 Feb 2018 12:55:22 GMT
server
ECS (fcn/41AE)
age
9763602
etag
"616070693"
status
200
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-length
0
expires
Fri, 14 Aug 2020 11:51:44 GMT
ai.0.js
az416426.vo.msecnd.net/scripts/a/
94 KB
22 KB
Script
General
Full URL
https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FA5) /
Resource Hash
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
gzip
content-md5
HdY95yzx9wIyQkVEGES+Ew==
age
889
x-cache
HIT
status
200
content-length
22495
x-ms-lease-status
unlocked
last-modified
Tue, 04 Feb 2020 19:23:51 GMT
server
ECAcc (frc/8FA5)
etag
0x8D7A9A7C460F06C
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
82787c44-201e-0028-13af-6c935b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800
x-ms-version
2009-09-19
expires
Fri, 07 Aug 2020 12:21:44 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/
332 KB
131 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 03 Aug 2020 17:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 04:06:51 GMT
server
sffe
age
325744
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133278
x-xss-protection
0
expires
Tue, 03 Aug 2021 17:22:40 GMT
63414b969e6787641dc91084b6f18b91fbc35a81.png
trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/
Redirect Chain
  • https://www.trustwave.com/media/16992/reprint_the-forrester-wave_global-managed-security-services-providers_q3-2020-cover.png?anchor=center&mode=crop&width=400&rnd=132404200250000000
  • https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
81 KB
82 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
44f60c08d39f76681af5e1eada34c18b7754a089f1403eea70c86c56c171a425

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Tue, 28 Jul 2020 14:27:48 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
OXk1n/bqvmijIZPuBQ7LaQ==
ETag
0x8D8330266F08072
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
2ae57988-e01e-00d8-6ab1-6c4a3f000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
82963

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/
Redirect Chain
  • https://www.trustwave.com/media/16795/once-future-cover-image.png?anchor=center&mode=crop&width=400&rnd=132344863110000000
  • https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
26 KB
27 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c99841b9fa07daa705c029caca740cbd2d8c4b53b07c5b7999e7fe7da91e6670

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Wed, 20 May 2020 22:13:32 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
af88Lml3DW25n2ABu8zXOw==
ETag
0x8D7FD0B08C41D31
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
b65cc630-801e-0144-5eb1-6c77d7000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
26903

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/
Redirect Chain
  • https://www.trustwave.com/media/16254/the-underground-economy-cover.png?anchor=center&mode=crop&width=400&rnd=132094902880000000
  • https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
276 KB
277 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
19a5abc3ee71d9689286163dd786564ab2d59a118563fc140e62fa96d0d386df

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified
Tue, 04 Aug 2020 14:54:14 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
2nJMTgekKPiIq9CgmTKqrg==
ETag
0x8D83886411BDC9F
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
5aa6f149-c01e-0148-68b1-6c9926000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
282667

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
5a6834a869db6f970c8f090a022f77a1c482c6a8.png
trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/
Redirect Chain
  • https://www.trustwave.com/media/16414/cyber-multicloud-ebook-cover-image.png?anchor=center&mode=crop&width=400&rnd=132176020710000000
  • https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
53 KB
54 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
049bf83ad4e353fb4bce7d9fff2ba6b0996aa1a8bbdba76ca83a2ee78c887687

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Thu, 07 Nov 2019 12:23:34 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
7yCcZEg8vp+Cqn2BqP21Mw==
ETag
0x8D7637D4EF0E3A5
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
780bd183-501e-0024-68b1-6c74a0000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
54413

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/
Redirect Chain
  • https://www.trustwave.com/media/15106/ierr37pw.png?anchor=center&mode=crop&width=400&rnd=131992175790000000
  • https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
142 KB
143 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
2e45a8996ec5c8b3fce4c3f71fc56ef806673998113d09c32f73c7a3d6efdb38

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Tue, 07 Apr 2020 18:45:01 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
5UtgQThYJzYHnzR2krDd3w==
ETag
0x8D7DB23C7529E1A
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
b5719189-a01e-0057-56b1-6c0463000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
145855

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/
Redirect Chain
  • https://www.trustwave.com/media/7356/7145.jpg?anchor=center&mode=crop&width=400&rnd=131644845120000000
  • https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
32 KB
32 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
14da1d6311764bee490145f7909d480858b94fc01c6ba2b5d8c112feabe53a99

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Wed, 29 Jan 2020 22:23:46 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
wcV8714ZrmJmS6VqXbqxbQ==
ETag
0x8D7A509E865C6AD
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
595081aa-801e-00c3-0eb1-6c64ad000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
32269

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/
Redirect Chain
  • https://www.trustwave.com/media/16657/gartner-mdr-cover.png?anchor=center&mode=crop&width=400&rnd=132308413190000000
  • https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
39 KB
40 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
6fbc9436bf1ea8e9568562182031024ae2960a3c3dfdd706ccec19c0fb04b445

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Wed, 08 Apr 2020 17:55:20 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
wPZ3WeOl75NahAH1egrikg==
ETag
0x8D7DBE6013FC4E5
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
595082c1-801e-00c3-0fb1-6c64ad000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
40008

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/
Redirect Chain
  • https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000
  • https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
9 KB
10 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified
Wed, 29 Jan 2020 22:23:46 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
MsdJ7/i6e4BXG2Gh7eeTmQ==
ETag
0x8D7A509E865C6AD
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
b65cc72b-801e-0144-47b1-6c77d7000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
9529

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
0450c1be878051498f0c2330230d93f52934a703.jpg
trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/
Redirect Chain
  • https://www.trustwave.com/media/17018/workoutplan-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=132410205550000000
  • https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg
10 KB
10 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
6c354c40f91293a1558c447aaf710fb24f11c235cb23ae08f3e5bcfaeb3aabc8

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Tue, 04 Aug 2020 13:24:20 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
catYr2pvkH1GQfcoNOLYCg==
ETag
0x8D83879B2192570
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
2ae57ae4-e01e-00d8-35b1-6c4a3f000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
10078

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/
Redirect Chain
  • https://www.trustwave.com/media/17024/security-technology-management_cover.png?anchor=center&mode=crop&width=400&rnd=132411246370000000
  • https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
86 KB
86 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
61bc73b49e96aa8d7ac9c315d14da6d4455e08eae472313058d3d00187590f88

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Wed, 05 Aug 2020 18:35:55 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
pT0d0VfkrKO20X8cqgr7rw==
ETag
0x8D8396E6388749D
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
780bd29f-501e-0024-75b1-6c74a0000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
87804

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
d811ec63c804742ec35245598815fd42261061c5.png
trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/
Redirect Chain
  • https://www.trustwave.com/media/16694/adp-trial-softwave_cover.png?anchor=center&mode=crop&width=400&rnd=132315344100000000
  • https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png
17 KB
18 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
931d1e18c99133e074631d74ef9b90050a447af3c0cfa7df64c963428d829631

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified
Thu, 16 Apr 2020 18:30:42 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
LTrmvDJtyOYYOIRhwdpPCg==
ETag
0x8D7E234450BFDE2
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
b65cc7ac-801e-0144-3db1-6c77d7000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
17533

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
b349523142a51bd76c6413d5c4638187b830b782.jpg
trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/
Redirect Chain
  • https://www.trustwave.com/media/16961/ctf-event-header.jpg?anchor=center&mode=crop&width=400&rnd=132393847810000000
  • https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg
11 KB
12 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
aef04833469c4ac740e87c2d8cf43fdb4227aa7ac8d0669703bd49bee337146b

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified
Thu, 16 Jul 2020 14:53:47 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
PAw7XJizyo0HoFUD5KXTdg==
ETag
0x8D829980B9FFBBB
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
b571930c-a01e-0057-40b1-6c0463000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
11321

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/
Redirect Chain
  • https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000
  • https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
8 KB
9 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
cb8fd428f0d96267a4df07e3603d7e9fc4f424096eec1923269d49efa9f31dbb

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified
Wed, 29 Jan 2020 22:23:46 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
YYg1/108u00f4mbVmhIfVw==
ETag
0x8D7A509E868AD64
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
5950835f-801e-00c3-1ab1-6c64ad000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
8271

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
status
302
date
Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
loading-white.svg
www.trustwave.com/img/utility/
687 B
731 B
Image
General
Full URL
https://www.trustwave.com/img/utility/loading-white.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
etag
"03e1b8ad569d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges
bytes
content-length
687
x-xss-protection
1; mode=block
MaterialIcons-Regular.woff2
www.trustwave.com/fonts/material-icons/
43 KB
43 KB
Font
General
Full URL
https://www.trustwave.com/fonts/material-icons/MaterialIcons-Regular.woff2
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin
https://www.trustwave.com

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:33:24 GMT
x-aspnet-version
etag
"082a755d569d61:0"
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff2
status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges
bytes
content-length
44300
x-xss-protection
1; mode=block
KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v20/
35 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxP.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin
https://www.trustwave.com

Response headers

date
Fri, 17 Jul 2020 04:16:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1841743
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20742
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:36 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 17 Jul 2021 04:16:01 GMT
KFOlCnqEu92Fr1MmEU9fBBc9.ttf
fonts.gstatic.com/s/roboto/v20/
36 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc9.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
719df7954428f52779f3fa18641c19fc854b39394193d87eea5a61795dec8dbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin
https://www.trustwave.com

Response headers

date
Fri, 17 Jul 2020 13:18:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1809213
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20908
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:36 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 17 Jul 2021 13:18:11 GMT
KFOlCnqEu92Fr1MmWUlfBBc9.ttf
fonts.gstatic.com/s/roboto/v20/
35 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc9.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin
https://www.trustwave.com

Response headers

date
Wed, 15 Jul 2020 19:17:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1960456
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20796
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:59 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jul 2021 19:17:28 GMT
d9dabe05-624c-4f28-8eee-b3b6f1841abf.woff2
fast.fonts.net/dv2/14/
20 KB
20 KB
Font
General
Full URL
https://fast.fonts.net/dv2/14/d9dabe05-624c-4f28-8eee-b3b6f1841abf.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4193) /
Resource Hash
f422b8961953524e333d562521c3b4e0a2ed33da87079bd92c08ec4389372358

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Origin
https://www.trustwave.com

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
last-modified
Fri, 05 Dec 2014 01:40:36 GMT
server
ECS (fcn/4193)
age
17434153
etag
"2369653874"
status
200
x-cache
HIT
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
content-length
20472
expires
Thu, 05 Nov 2020 11:51:44 GMT
KFOlCnqEu92Fr1MmSU5fBBc9.ttf
fonts.gstatic.com/s/roboto/v20/
35 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc9.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b4c96f55c265e0a80be4243a16f7e88b9a67c85b71b4e2aa8cea4e1aa989b0d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin
https://www.trustwave.com

Response headers

date
Fri, 07 Aug 2020 08:27:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12258
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20827
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:53 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 07 Aug 2021 08:27:26 GMT
71e645d2-276d-4568-b9e4-e215b8e5b24f.woff2
fast.fonts.net/dv2/14/
20 KB
20 KB
Font
General
Full URL
https://fast.fonts.net/dv2/14/71e645d2-276d-4568-b9e4-e215b8e5b24f.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40E7) /
Resource Hash
bd1f1f47a863ac3be54dab002af884683776e666b68d50ec7641ca732991d54f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Origin
https://www.trustwave.com

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
last-modified
Fri, 05 Dec 2014 01:42:38 GMT
server
ECS (fcn/40E7)
age
1358874
etag
"2674825278"
status
200
x-cache
HIT
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
content-length
20080
expires
Thu, 05 Nov 2020 11:51:44 GMT
KFOkCnqEu92Fr1Mu51xIIzc.ttf
fonts.gstatic.com/s/roboto/v20/
37 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzc.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0dfa4684ad9c52a1a97d91764ef1d404c15dd95ed20f00a2f9f3f4d11df2abf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin
https://www.trustwave.com

Response headers

date
Sat, 18 Jul 2020 13:36:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1721743
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22299
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:19:00 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 18 Jul 2021 13:36:01 GMT
52be0694-00c1-4daa-8782-419021c48e95.woff2
fast.fonts.net/dv2/14/
20 KB
20 KB
Font
General
Full URL
https://fast.fonts.net/dv2/14/52be0694-00c1-4daa-8782-419021c48e95.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/418C) /
Resource Hash
34ede3e0ed28152b38a721fd42c348162e01e6e53fd526b80e385c095b2b4082

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Origin
https://www.trustwave.com

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
last-modified
Fri, 05 Dec 2014 01:27:43 GMT
server
ECS (fcn/418C)
age
4719537
etag
"3413759195"
status
200
x-cache
HIT
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
content-length
20524
expires
Thu, 05 Nov 2020 11:51:44 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-95-62.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 11:51:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 03:11:00 GMT
Server
AkamaiNetStorage
ETag
"a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
fpv2.min.js
www.atmrum.net/client/v1/atm/
20 KB
20 KB
Script
General
Full URL
https://www.atmrum.net/client/v1/atm/fpv2.min.js
Requested by
Host: www.atmrum.net
URL: https://www.atmrum.net/rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
40c107ee62b8927c82c86c5487de6da6b506b946f8ef5452421ef5b44bbea363
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:43 GMT
x-content-type-options
nosniff
last-modified
Fri, 31 Jul 2020 17:18:44 GMT
x-msedge-ref
Ref A: F88B828CFD8944089EEEF1494F9A3253 Ref B: AMS04EDGE0812 Ref C: 2020-08-07T11:51:44Z
etag
0x8D501F7AFB7338D
status
200
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-MSEdge-Ref
cache-control
no-store
accept-ranges
bytes
timing-allow-origin
*
content-length
20177
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 412C
0
0

moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.255.233 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-255-233.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
61EC92F13BB22DD4
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=27111
accept-ranges
bytes
content-length
948
x-amz-id-2
e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js
cookie-cdn.cookiepro.com/consent/
69 KB
16 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
tokLCuVTsBOR85IgoPx1iA==
age
4322
status
200
cf-request-id
046a5c530a000005d8751df200000001
x-ms-lease-status
unlocked
last-modified
Mon, 29 Apr 2019 14:20:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
127d04d8-301e-0036-27d7-23b53d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
5bf0c9981ffe05d8-FRA
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-5286e9523a723348/
166 B
325 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-5286e9523a723348/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
gzip
etag
659743217
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=59, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
154
300lo.json
m.addthis.com/live/red_lojson/
90 B
250 B
Script
General
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=5f2d4050a746c3f9&bkl=0&bl=1&pdt=690&sid=5f2d4050a746c3f9&pub=ra-5286e9523a723348&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=www.trustwave.com&fp=en-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1596801104663&jsl=1&uvs=5f2d405003590928000&skipb=1&callback=addthis.cbs.jsonp__179531380536090080
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4b99171ccf97c3a699c661183b30befd0f2cc8d5bbc8d10143dd77da6497ed40

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
pragma
no-cache
date
Fri, 07 Aug 2020 11:51:44 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
90
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 4C2F
0
0
Document
General
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Response headers

status
200
server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 09 Sep 2019 15:34:57 GMT
etag
W/"5d767121-1115f"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
25412
date
Fri, 07 Aug 2020 11:51:44 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
anchor
www.google.com/recaptcha/api2/ Frame 3A62
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=wygl39vjerd6
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-T6I9JmGOjy/pFxS+GxAHgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=wygl39vjerd6
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 07 Aug 2020 11:51:44 GMT
content-security-policy
script-src 'report-sample' 'nonce-T6I9JmGOjy/pFxS+GxAHgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
9614
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
5765
date
Fri, 07 Aug 2020 10:15:39 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Fri, 07 Aug 2020 12:15:39 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 11:51:44 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=23235
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
hotjar-1372211.js
static.hotjar.com/c/
7 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.33.229 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress12
Software
/
Resource Hash
771f96b10088b405754149e86af6029c4d288f702e9cbbfe155a07477344bc2d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
br
x-content-type-options
nosniff
content-type
application/javascript
section-io-tag
hotjarjs
age
23
status
200
section-io-cache
Hit
vary
Accept-Encoding
content-length
2119
cache-control
max-age=60
etag
W/534a4232bd4d52d44035fdbe35d4b880
access-control-max-age
600
section-io-origin-status
304
access-control-allow-origin
*
x-cache-hit
1
section-io-origin-time-seconds
0.018
accept-ranges
bytes
section-io-id
ac92c584828560ab67e772f2b4c7dd83
section-origin-responded
true
t.js
vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/
4 KB
2 KB
Script
General
Full URL
https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.81 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-81.fra6.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
4014a05aacaa586346e71903afbc4537863681e4df786fa132e4a547cd6cfeb0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Fri, 26 Jun 2020 16:23:01 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
via
1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
RKvUS1gpWTVp6QEKER_9bTX9ZtN-gik_zL1wV8mKPS9iajJKRbFzkg==
en-us.json
www.trustwave.com/locale/en-us/LC_MESSAGES/
1 KB
636 B
XHR
General
Full URL
https://www.trustwave.com/locale/en-us/LC_MESSAGES/en-us.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With
XMLHttpRequest
Request-Id
|hkzK2.qFtCW
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"03e1b8ad569d61:0"
vary
Accept-Encoding
content-type
application/json
status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges
bytes
content-length
590
x-xss-protection
1; mode=block
ja-jp.json
www.trustwave.com/locale/ja-jp/LC_MESSAGES/
1 KB
923 B
XHR
General
Full URL
https://www.trustwave.com/locale/ja-jp/LC_MESSAGES/ja-jp.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With
XMLHttpRequest
Request-Id
|hkzK2.A0Uhb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"03e1b8ad569d61:0"
vary
Accept-Encoding
content-type
application/json
status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges
bytes
content-length
877
x-xss-protection
1; mode=block
de-de.json
www.trustwave.com/locale/de-de/LC_MESSAGES/
1 KB
638 B
XHR
General
Full URL
https://www.trustwave.com/locale/de-de/LC_MESSAGES/de-de.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With
XMLHttpRequest
Request-Id
|hkzK2.EDEsv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"03e1b8ad569d61:0"
vary
Accept-Encoding
content-type
application/json
status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges
bytes
content-length
564
x-xss-protection
1; mode=block
fpconfig.min.json
www.atmrum.net/conf/v1/atm/
191 B
481 B
XHR
General
Full URL
https://www.atmrum.net/conf/v1/atm/fpconfig.min.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
x-content-type-options
nosniff
last-modified
Fri, 31 Jul 2020 17:18:43 GMT
x-msedge-ref
Ref A: 2477847022264433ACC3C425F3F70A5F Ref B: BRU30EDGE0509 Ref C: 2020-08-07T11:51:44Z
etag
0x8D501F7AFB7338D
status
200
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-MSEdge-Ref
cache-control
no-store
accept-ranges
bytes
timing-allow-origin
*
content-length
191
optanon.css
cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/
23 KB
5 KB
Stylesheet
General
Full URL
https://cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/optanon.css
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
jzLE25vmrDR3ZmMxTSa8+w==
age
1166
status
200
cf-request-id
046a5c5395000005d8751e7200000001
x-ms-lease-status
unlocked
last-modified
Thu, 19 Sep 2019 18:59:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
df1cc734-401e-0085-58d7-231590000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
cf-ray
5bf0c998eaa805d8-FRA
EU
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/
32 B
403 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery331010600004571916011_1596801104578&_=1596801104579
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
5bf0c9991a73c277-FRA
content-length
32
cf-request-id
046a5c53ab0000c277373c6200000001
visitWebPage
815-rfm-693.mktoresp.com/webevents/
2 B
304 B
XHR
General
Full URL
https://815-rfm-693.mktoresp.com/webevents/visitWebPage?_mchNc=1596801104796&_mchCn=&_mchId=815-RFM-693&_mchTk=_mch-trustwave.com-1596801104794-39773&_mchHo=www.trustwave.com&_mchPo=&_mchRu=%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
akka-http/10.1.11 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 07 Aug 2020 11:51:45 GMT
Content-Encoding
gzip
Server
akka-http/10.1.11
Transfer-Encoding
chunked
X-Request-Id
e21a7ae7-e622-43ef-bce3-736abef48917
Content-Type
text/plain; charset=UTF-8
js
www.google-analytics.com/gtm/
80 KB
31 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-5B38B7F&t=gtm2&cid=1075209211.1596801105
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6095b5d40ee85bf118e96ccac747755bd3b33e907d88f52765fbc461212acd0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31932
x-xss-protection
0
expires
Fri, 07 Aug 2020 11:51:44 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-off...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen-us%252Fresources%252Fb...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-off...
0
297 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817&liSync=true
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:45 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
0
x-li-uuid
BpEyICX6KBYgA8OOBisAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
Wm4JGiX6KBYQXbOjmisAAA==
pragma
no-cache
x-li-pop
afd-prod-lva1
x-msedge-ref
Ref A: 6F045244E95F46069A08DB4A6C7522C7 Ref B: FRAEDGE1208 Ref C: 2020-08-07T11:51:45Z
x-frame-options
sameorigin
date
Fri, 07 Aug 2020 11:51:44 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
modules.9e0dfa53977fdaaa37e1.js
script.hotjar.com/
355 KB
69 KB
Script
General
Full URL
https://script.hotjar.com/modules.9e0dfa53977fdaaa37e1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.33.233 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress14
Software
/
Resource Hash
5aa59976259ce2568a094d8d2605551354f43fe4b883c26a4de607b99abe8ba7

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
content-encoding
br
age
24418
status
200
section-io-cache
Hit
content-length
70592
last-modified
Thu, 06 Aug 2020 15:41:38 GMT
etag
"1dc18948738035294e4ca2d8276406b4"
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=31536000
section-io-origin-time-seconds
0.102
section-io-id
bbb6f489efefd4c508f39a9aa606aea4
accept-ranges
bytes
content-type
application/javascript
section-origin-responded
true
s.gif
vidassets.terminus.services/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79
  • https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf
42 B
682 B
Image
General
Full URL
https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.81 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-81.fra6.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:33:33 GMT
via
1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
1094
x-cache
Hit from cloudfront
status
200
content-length
42
last-modified
Fri, 26 Jun 2020 16:23:01 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
x-amz-cf-pop
FRA6-C1
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
uJ-MHzfv3RhfpGiYu2Py2NdLicjpHLQGSdhSkDoIQl5meKZeleAC3A==

Redirect headers

pragma
no-cache
date
Fri, 07 Aug 2020 11:51:45 GMT
x-aspnet-version
4.0.30319
status
302
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
343
t.gif
vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/
42 B
682 B
Image
General
Full URL
https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif?d=cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&s=82537ce4-2c0e-4626-92c6-f1c4bdf283d6&p=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&cb=1596801104868
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.81 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-81.fra6.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 11:51:44 GMT
via
1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
status
200
content-length
42
last-modified
Fri, 26 Jun 2020 16:23:01 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
7gFnqN_wl-ACaEB03ceq9gsIqYFICJb2a7O16hFOjS8mxD2YcnRxdg==
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame C144
0
0
Document
General
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.84.31 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Response headers

status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
content-type
text/html
content-length
851
last-modified
Mon, 27 Jul 2020 17:12:24 GMT
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control
max-age=31536000
content-encoding
br
section-io-origin-status
200
section-io-origin-time-seconds
0.031
section-origin-responded
true
age
902338
vary
Accept-Encoding
section-io-cache
Hit
accept-ranges
bytes
section-io-id
25ae96e39459239807fdc7d6b2f09b50
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=983692843&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_gid=1863240545.1596801105&gjid=1008018721&_v=j83&z=1307570223
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632
42 B
106 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 Aug 2020 11:51:45 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 07 Aug 2020 11:51:45 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
trans.gif
b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/
43 B
243 B
Image
General
Full URL
https://b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/trans.gif?e1f3dddc30fa7c32b1bb0f06dab50fa5
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1030:1000::58 Québec, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 06 May 2020 21:53:26 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges
bytes
content-length
43
etag
"a6573bc5f023d61:0"
IsUserAusi
www.trustwave.com/umbraco/surface/AJAX/
5 B
172 B
XHR
General
Full URL
https://www.trustwave.com/umbraco/surface/AJAX/IsUserAusi
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With
XMLHttpRequest
Request-Id
|hkzK2.vGlz8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-aspnet-version
date
Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
status
200
cache-control
private
vary
Accept-Encoding
content-length
123
x-xss-protection
1; mode=block
IsUserAPAC
www.trustwave.com/umbraco/surface/AJAX/
5 B
163 B
XHR
General
Full URL
https://www.trustwave.com/umbraco/surface/AJAX/IsUserAPAC
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With
XMLHttpRequest
Request-Id
|hkzK2.1yn1F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-aspnet-version
date
Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
status
200
cache-control
private
vary
Accept-Encoding
content-length
123
x-xss-protection
1; mode=block
visit-data
in.hotjar.com/api/v2/client/sites/1372211/
178 B
320 B
XHR
General
Full URL
https://in.hotjar.com/api/v2/client/sites/1372211/visit-data?sv=7
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.246.206.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-246-206-139.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Fri, 07 Aug 2020 11:51:45 GMT
content-encoding
br
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-max-age
86400
access-control-allow-credentials
true
trans.gif
b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/
43 B
81 B
Image
General
Full URL
https://b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/trans.gif?53e114d74afbd520c15fcc86c05f2c31
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1030:1000::58 Québec, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 06 May 2020 21:53:26 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
status
200
date
Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges
bytes
content-length
43
etag
"a6573bc5f023d61:0"
trans.gif
f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/
43 B
243 B
Image
General
Full URL
https://f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/trans.gif?56d62365ee9e66030c2126249759b48d
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:111:f100:2002::8975:2c41 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 06 May 2020 21:53:26 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
status
200
date
Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges
bytes
content-length
43
etag
"a6573bc5f023d61:0"
trans.gif
f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/
43 B
81 B
Image
General
Full URL
https://f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/trans.gif?f5d10258d0054f457ffae09adfec8a22
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:111:f100:2002::8975:2c41 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 06 May 2020 21:53:26 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
status
200
date
Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges
bytes
content-length
43
etag
"a6573bc5f023d61:0"
trans.gif
86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/
43 B
243 B
Image
General
Full URL
https://86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/trans.gif?1bbd342cc999685d9e8052e446a7c56b
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1020:c01:2::3 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 06 May 2020 21:53:26 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
status
200
date
Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges
bytes
content-length
43
etag
"a6573bc5f023d61:0"
trans.gif
86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/
43 B
81 B
Image
General
Full URL
https://86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/trans.gif?7456978755ebf67a031d2f607ce018b5
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1020:c01:2::3 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 06 May 2020 21:53:26 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
status
200
date
Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges
bytes
content-length
43
etag
"a6573bc5f023d61:0"
r.gif
www.atmrum.net/report/v1/atm/
42 B
195 B
XHR
General
Full URL
https://www.atmrum.net/report/v1/atm/r.gif?MonitorID=atm&rid=e2cca30e2bc95ed151b0f1d774556a94&w3c=true&prot=https:&v=2017061301&tag=602cc9bb0a513db2b327299487211347&DATA=[{%22RequestID%22:%22b28b9221d0641c6f26e5018d5e01c077%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:409},{%22RequestID%22:%22b28b9221d0641c6f26e5018d5e01c077%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:116},{%22RequestID%22:%22f361daca3aff07445f92c3747bd2b71c%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:320},{%22RequestID%22:%22f361daca3aff07445f92c3747bd2b71c%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:94},{%22RequestID%22:%2286f45dcb5d614a14ec56784532507a39%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:69},{%22RequestID%22:%2286f45dcb5d614a14ec56784532507a39%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:7}]
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 07 Aug 2020 11:51:45 GMT
cache-control
no-store
x-msedge-ref
Ref A: 5C1A42700BE14563BF0D4689A2D3219D Ref B: BRU30EDGE0509 Ref C: 2020-08-07T11:51:45Z
access-control-allow-origin
https://www.trustwave.com
content-type
image/gif
track
dc.services.visualstudio.com/v2/
98 B
238 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1d82df0bfd24b62e856a6d322dc0983a0d74fbd0995272d30fd34ce49d3f5540
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
7292E312-48F1-49C5-BAFB-E07C3DD89279
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
status
200
date
Fri, 07 Aug 2020 11:51:46 GMT
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
content-length
98

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| appInsights object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client number| SThreshold number| globalmktoid boolean| globalpartnerform boolean| globalfooterform object| Vimeo boolean| VimeoPlayerResizeEmbeds_ object| google_tag_manager function| postscribe object| AI object| Microsoft function| __extends function| _endsWith object| recaptcha object| FormAbandonmentTracker string| ajaxReq function| autoSuggest string| navAjaxReq function| navAutoSuggest object| loadmorexrh function| objectifyForm function| trim function| rgb2hex function| rgbaToHex function| UpdateResults function| ShowHideLoadMore function| LoadingOn function| LoadingOff function| LoadMore function| GetCurrentLang function| MediaReleases function| closeResetMobile function| closeResetDesktop string| currentCheckSize function| checkSize function| FixScrollOnLoad function| doMenu function| MainMenu function| CardListCheckForZero function| OutputFooterGlobalForm function| FixButtonColorsinSections function| AddAusiLogo function| AddAPACLogo function| AddTaglineToLogo function| LoadDefaultMKTOForms function| FixConsoleErrors function| FixFooterSectionColorAngle function| ScrollToScript function| SpecialEventMenu function| PressReleases function| ToggleFilterOptions function| ResourceLibrary function| SearchResults function| SLBlog function| CardHeroSliders function| CardLists function| CardListOurHistory function| SWUpdates function| TWBlog function| getParameterByName function| jsonToUrl function| SetupImgClickToVideo object| videoLabels object| lastP object| _playerTitle object| _playerAuthor object| _playerAuthorURL object| _playerUploadDate function| Vimeoinit function| updateUrl function| onMessageReceived function| post function| getLabel function| getVimeoInfo function| vimeoCallback function| onReady function| onPlay function| onPause function| onPlayProgress object| Modernizr function| $ function| jQuery function| Cookies function| pluralRuleParser function| TWFilters object| MktoForms2 function| TWLang object| mktoprefilldata function| TWMkto function| TWStepsForm function| supportInfo object| rum function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| OneTrust string| containerName string| languageSwitcherFileName string| useDocumentLanguage string| languageSwitcherFilePathPart string| languageSwitcherURL function| getLanguageSwitcherScriptPath function| isLanguageSwitcherFile function| OptanonWrapper object| addthis_share object| addthis_config object| closure_lm_212382 string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| hj object| _hjSettings object| Munchkin object| MunchkinTracker function| mktoMunchkin function| mktoMunchkinFunction object| Footprint undefined| a undefined| c function| jsonFeed object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups boolean| __@@##MUH object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| lintrk boolean| _already_called_lintrk object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| oattr object| fpconfig object| google_optimize function| filterHandler

18 Cookies

Domain/Path Name / Value
.addthis.com/ Name: loc
Value: MDAwMDBFVUJFMDAyMjk4MTg1MzAwMDAwMDBDSA==
.addthis.com/ Name: uvc
Value: 1%7C32
.trustwave.com/ Name: OptanonConsent
Value: landingPath=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&datestamp=Fri+Aug+07+2020+13%3A51%3A45+GMT%2B0200+(Central+European+Summer+Time)&version=4.8.0&EU=true&groups=1%3A1%2C2%3A0%2C3%3A0%2C0_32924%3A1%2C4%3A0%2C0_32898%3A0%2C0_32899%3A0%2C0_32900%3A0%2C0_32901%3A0%2C0_32902%3A0%2C0_32903%3A0%2C0_32904%3A0%2C0_32905%3A0%2C0_32893%3A0%2C0_32894%3A0%2C0_32895%3A0%2C0_32896%3A0%2C0_32897%3A0
www.trustwave.com/ Name: _hjIncludedInSample
Value: 1
www.trustwave.com/ Name: _hjIncludedInCCSample
Value: 1
.trustwave.com/ Name: _gat_UA-123880220-1
Value: 1
www.trustwave.com/ Name: s-9da4
Value: 82537ce4-2c0e-4626-92c6-f1c4bdf283d6
.trustwave.com/ Name: _gid
Value: GA1.2.1863240545.1596801105
www.trustwave.com/ Name: ai_session
Value: V0XsT|1596801104899.245|1596801104899.245
www.trustwave.com/ Name: d-a8e6
Value: cb1ed8fa-226d-4c3f-8497-0b7c13f22d79
.trustwave.com/ Name: _ga
Value: GA1.2.1075209211.1596801105
www.trustwave.com/ Name: ai_user
Value: KWiQo|2020-08-07T11:51:44.530Z
www.trustwave.com/ Name: __atuvs
Value: 5f2d405003590928000
.trustwave.com/ Name: _hjid
Value: 812b5ab7-e805-4140-9ba3-e72058959cf6
.trustwave.com/ Name: _mkto_trk
Value: id:815-RFM-693&token:_mch-trustwave.com-1596801104794-39773
www.trustwave.com/ Name: __atuvc
Value: 1%7C32
.www.trustwave.com/ Name: ApplicationGatewayAffinityCORS
Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890
.www.trustwave.com/ Name: ApplicationGatewayAffinity
Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

815-rfm-693.mktoresp.com
86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com
az416426.vo.msecnd.net
b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com
cookie-cdn.cookiepro.com
dc.services.visualstudio.com
f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com
fast.fonts.net
fonts.gstatic.com
geolocation.onetrust.com
in.hotjar.com
m.addthis.com
match.adsrvr.org
munchkin.marketo.net
npercoco.typepad.com
player.vimeo.com
px.ads.linkedin.com
s7.addthis.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
trustwave.blob.core.windows.net
v1.addthisedge.com
vars.hotjar.com
vidassets.terminus.services
www.atmrum.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.trustwave.com
z.moatads.com
s7.addthis.com
104.109.95.62
104.18.140.190
147.75.33.229
147.75.33.233
147.75.84.31
151.101.112.217
192.28.144.124
2.21.36.164
204.79.197.234
2603:1020:c01:2::3
2603:1030:1000::58
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:2800:234:660:118e:28f:1d8a:2522
2606:4700:10::6814:b844
2606:4700::6812:778
2620:1ec:21::14
2a00:1450:4001:800::2003
2a00:1450:4001:80b::2003
2a00:1450:4001:816::200e
2a00:1450:4001:81c::2004
2a00:1450:4001:81d::2003
2a00:1450:4001:821::2008
2a00:1450:400c:c00::9c
2a01:111:f100:2002::8975:2c41
2a02:26f0:10c:382::25ea
2a05:f500:10:101::b93f:9105
34.246.206.139
51.140.6.23
52.151.96.240
52.239.152.234
52.49.73.64
92.122.255.233
99.86.7.81
049bf83ad4e353fb4bce7d9fff2ba6b0996aa1a8bbdba76ca83a2ee78c887687
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27
0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe
0dfa4684ad9c52a1a97d91764ef1d404c15dd95ed20f00a2f9f3f4d11df2abf9
13032ef9973485517338726dd9fcb77fa99a21f69fa91dcb48f432c8fe8df225
14da1d6311764bee490145f7909d480858b94fc01c6ba2b5d8c112feabe53a99
19a5abc3ee71d9689286163dd786564ab2d59a118563fc140e62fa96d0d386df
1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982
1d82df0bfd24b62e856a6d322dc0983a0d74fbd0995272d30fd34ce49d3f5540
21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81
2a1c9874549a1cb94b6e0dc5822b4f5ca14386d39214a8145670fc1c50045496
2e45a8996ec5c8b3fce4c3f71fc56ef806673998113d09c32f73c7a3d6efdb38
34ede3e0ed28152b38a721fd42c348162e01e6e53fd526b80e385c095b2b4082
3776502046f781250c25f64f53ca6a5dfb796c3ff900a28f9b854eb63dc593c8
3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b
4014a05aacaa586346e71903afbc4537863681e4df786fa132e4a547cd6cfeb0
40c107ee62b8927c82c86c5487de6da6b506b946f8ef5452421ef5b44bbea363
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3
44f60c08d39f76681af5e1eada34c18b7754a089f1403eea70c86c56c171a425
46647527924f0574eded74e7ef9a93d43044a47dcd1b11b9a203c0a9a8bb65e9
4ae63a3fa9bd6d1be795243d4d3d38e33dbb6593cdcb9447af3b292519609eb5
4b99171ccf97c3a699c661183b30befd0f2cc8d5bbc8d10143dd77da6497ed40
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de
4fb02286499439e694d9a4220d6ca3ab664b2ba4bdb699b9068aa8e6fd5528c6
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5aa59976259ce2568a094d8d2605551354f43fe4b883c26a4de607b99abe8ba7
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
6095b5d40ee85bf118e96ccac747755bd3b33e907d88f52765fbc461212acd0e
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
61bc73b49e96aa8d7ac9c315d14da6d4455e08eae472313058d3d00187590f88
64ed842d23dcee23e4cf9257dd18ce0066a76cd75108e7fc95f13a4a9b0e892c
6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879
6c354c40f91293a1558c447aaf710fb24f11c235cb23ae08f3e5bcfaeb3aabc8
6fbc9436bf1ea8e9568562182031024ae2960a3c3dfdd706ccec19c0fb04b445
719df7954428f52779f3fa18641c19fc854b39394193d87eea5a61795dec8dbe
72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a
771f96b10088b405754149e86af6029c4d288f702e9cbbfe155a07477344bc2d
7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
931d1e18c99133e074631d74ef9b90050a447af3c0cfa7df64c963428d829631
93b1524a3b404177560f00be38ccb97fbdc44a0e9ae7061d652d79b6a07f4bfe
9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e
9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a4e0e060e859237f0792b223041322e21c0e850db78ba107b0616afc4cbd39c5
a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
aac1bb952cbe044084143c5690b71b19ead7016025a3a16a826815f50a90c6b2
ace78f63f590160b0748a26e60d8b453b4d4ac8bc4da20967632bf7e5bcb58e3
aef04833469c4ac740e87c2d8cf43fdb4227aa7ac8d0669703bd49bee337146b
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563
b4c96f55c265e0a80be4243a16f7e88b9a67c85b71b4e2aa8cea4e1aa989b0d1
b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4
ba4eb73fa057cd2e1eb698d44fa27569f4809729a010bc5b932c3d3ad807328f
bd1f1f47a863ac3be54dab002af884683776e666b68d50ec7641ca732991d54f
bf2d7a732f4c2751a36ae6c3e3233639c8800e1b0a3031d9c77d8124c1fc43fd
c0af41da9f52376496beeba05110b06c5ffa60d64a9f28e305177f0cd4550d7a
c750113ac663d3ae3adea8e042237ac1c5ea21f9ad1749efc357ea93acbc5d78
c99841b9fa07daa705c029caca740cbd2d8c4b53b07c5b7999e7fe7da91e6670
cb8fd428f0d96267a4df07e3603d7e9fc4f424096eec1923269d49efa9f31dbb
cbe0e85e5e53990152ffdf4c23ab39beae2543c5fe6ee1ba55ab797805713df6
cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553
df89cc53e851559fba691a5bcd450ca97d68738c4606dc14dd73b9d03b9aaa6e
e28a2515c136d5e7e0cf6e526a385f4b3998d52d8238e09c254fbdc272ce5ac8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b8e2170d21e35516cd6b26600d47ea8507546e68d1a827185ab0eb16b733f1
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef847d41d1db2e6f66c1bc66c0779de7b36b0d31eb16dc369b229e19782ce660
efb0f461e0b9b5a2b0f7bed8e66a32af54a6409faeab15810a786bac64c1ef6f
f422b8961953524e333d562521c3b4e0a2ed33da87079bd92c08ec4389372358
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955