www.trustwave.com Open in urlscan Pro
52.151.96.240 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-offic...
Submission: On August 07 via api (August 7th 2020, 11:52:01 am UTC) from US

Summary HTTP 94 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 31 IPs in 9 countries across 27 domains to perform 94 HTTP transactions. The main IP is 52.151.96.240, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.trustwave.com.
TLS certificate: Issued by Trustwave Extended Validation SHA256 ... on November 26th 2018. Valid for: 2 years.

This is the only time www.trustwave.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13 33	52.151.96.240 52.151.96.240	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2606:2800:234... 2606:2800:234:660:118e:28f:1d8a:2522	15133 (EDGECAST) (EDGECAST)
1 4	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE)
8	104.18.140.190 104.18.140.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.112.217 151.101.112.217	54113 (FASTLY) (FASTLY)
4	204.79.197.234 204.79.197.234	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2.21.36.164 2.21.36.164	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.109.95.62 104.109.95.62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2606:4700::68... 2606:4700::6812:778	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
13	52.239.152.234 52.239.152.234	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	92.122.255.233 92.122.255.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	147.75.33.229 147.75.33.229	54825 (PACKET) (PACKET)
3	99.86.7.81 99.86.7.81	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	147.75.33.233 147.75.33.233	54825 (PACKET) (PACKET)
2 2	52.49.73.64 52.49.73.64	16509 (AMAZON-02) (AMAZON-02)
1	147.75.84.31 147.75.84.31	54825 (PACKET) (PACKET)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2603:1030:100... 2603:1030:1000::58	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	34.246.206.139 34.246.206.139	16509 (AMAZON-02) (AMAZON-02)
2	2a01:111:f100... 2a01:111:f100:2002::8975:2c41	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2603:1020:c01... 2603:1020:c01:2::3	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	51.140.6.23 51.140.6.23	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
94	31

33 52.151.96.240 (London, United Kingdom) 13 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.trustwave.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2800:234:660:118e:28f:1d8a:2522 (United States)

ASN15133 (EDGECAST, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.140.190 (United States)

ASN13335 (CLOUDFLARENET, US)

npercoco.typepad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 204.79.197.234 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.atmrum.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.21.36.164 (France)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-21-36-164.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.95.62 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-95-62.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:778 (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 52.239.152.234 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

trustwave.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.122.255.233 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-255-233.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:816::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.33.229 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress12

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.7.81 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-81.fra6.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

815-rfm-693.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.33.233 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress14

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.73.64 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.84.31 (Parsippany, United States)

ASN54825 (PACKET, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2603:1030:1000::58 (Québec, Canada)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.206.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-206-139.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:111:f100:2002::8975:2c41 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2603:1020:c01:2::3 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.140.6.23 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	trustwave.com 13 redirects www.trustwave.com	262 KB
13	windows.net trustwave.blob.core.windows.net	797 KB
8	typepad.com npercoco.typepad.com	1 MB
6	footprintdns.com b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com 86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com	972 B
6	gstatic.com www.gstatic.com fonts.gstatic.com	234 KB
5	fonts.net fast.fonts.net	61 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	72 KB
4	atmrum.net www.atmrum.net	38 KB
4	google.com 1 redirects www.google.com	1 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	terminus.services vidassets.terminus.services	4 KB
3	google-analytics.com 1 redirects www.google-analytics.com	50 KB
3	cookiepro.com cookie-cdn.cookiepro.com	22 KB
3	addthis.com s7.addthis.com m.addthis.com	114 KB
2	adsrvr.org 2 redirects match.adsrvr.org	1013 B
2	marketo.net munchkin.marketo.net	5 KB
1	visualstudio.com dc.services.visualstudio.com	238 B
1	google.de www.google.de	106 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	155 B
1	mktoresp.com 815-rfm-693.mktoresp.com	304 B
1	onetrust.com geolocation.onetrust.com	403 B
1	licdn.com snap.licdn.com	2 KB
1	addthisedge.com v1.addthisedge.com	325 B
1	moatads.com z.moatads.com	1 KB
1	msecnd.net az416426.vo.msecnd.net	22 KB
1	vimeo.com player.vimeo.com	7 KB
1	googletagmanager.com www.googletagmanager.com	47 KB
94	27

	Domain	Requested by
33	www.trustwave.com	13 redirects www.trustwave.com az416426.vo.msecnd.net
13	trustwave.blob.core.windows.net	www.trustwave.com
8	npercoco.typepad.com	www.trustwave.com
5	fonts.gstatic.com	www.trustwave.com
5	fast.fonts.net	www.trustwave.com
4	www.atmrum.net	www.trustwave.com www.atmrum.net az416426.vo.msecnd.net
4	www.google.com	1 redirects www.trustwave.com www.gstatic.com
3	vidassets.terminus.services	www.googletagmanager.com www.trustwave.com
3	www.google-analytics.com	1 redirects www.googletagmanager.com www.google-analytics.com
3	cookie-cdn.cookiepro.com	www.trustwave.com cookie-cdn.cookiepro.com
2	86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com	www.trustwave.com
2	f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com	www.trustwave.com
2	b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com	www.trustwave.com
2	match.adsrvr.org	2 redirects
2	px.ads.linkedin.com	1 redirects www.trustwave.com
2	munchkin.marketo.net	www.trustwave.com
2	s7.addthis.com	www.trustwave.com s7.addthis.com
1	dc.services.visualstudio.com	az416426.vo.msecnd.net
1	in.hotjar.com	az416426.vo.msecnd.net
1	www.google.de	www.trustwave.com
1	stats.g.doubleclick.net	1 redirects
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	www.linkedin.com	1 redirects
1	815-rfm-693.mktoresp.com	az416426.vo.msecnd.net
1	geolocation.onetrust.com	www.trustwave.com
1	static.hotjar.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	www.gstatic.com	www.google.com
1	az416426.vo.msecnd.net	www.trustwave.com
1	player.vimeo.com	www.trustwave.com
1	www.googletagmanager.com	www.trustwave.com
94	35

This site contains links to these domains. Also see Links.

Domain
onetrust.com
fusion.trustwave.com
segconsole.trustwave.com
login.trustwave.com
www.securitycolony.com
jobs.jobvite.com
www.singtel.com
www.optus.com.au
trustwave.ziftone.com
npercoco.typepad.com
msitpros.com
www.jss.com.cn
www.baiwang.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
www.trustwave.com Trustwave Extended Validation SHA256 CA, Level 1	`2018-11-26` - `2020-11-25`	2 years	crt.sh
s9.wac.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2019-01-16` - `2021-02-03`	2 years	crt.sh
www.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
ssl919196.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-05-20` - `2020-11-26`	6 months	crt.sh
vimeo.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-23` - `2021-04-24`	a year	crt.sh
*.atmrum.net Microsoft IT TLS CA 5	`2019-08-26` - `2021-08-26`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-07-22` - `2021-10-13`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
cookiepro.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.blob.core.windows.net Microsoft IT TLS CA 4	`2020-07-21` - `2022-07-21`	2 years	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-06-17` - `2020-09-15`	3 months	crt.sh
*.terminus.services Amazon	`2020-01-13` - `2021-02-13`	a year	crt.sh
*.onetrust.com DigiCert SHA2 Secure Server CA	`2020-05-21` - `2022-07-27`	2 years	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-06-18` - `2020-09-16`	3 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-06-16` - `2020-09-14`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.footprintdns.com Microsoft IT TLS CA 2	`2020-06-05` - `2022-06-05`	2 years	crt.sh
*.hotjar.com Amazon	`2019-09-27` - `2020-10-27`	a year	crt.sh
in.applicationinsights.azure.com Microsoft IT TLS CA 4	`2020-04-30` - `2022-04-30`	2 years	crt.sh

This page contains 5 frames:

Primary Page: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Frame ID: 50EA0C5287ACCEE67820265B8C31464E
Requests: 90 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 412CB92AF32AB6C1D27A160192461E46
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 4C2F2765B44AD3059BFB85435E8911AD
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=wygl39vjerd6
Frame ID: 3A62FFE1B9AF64FED944EBDF165D4064
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: C1448E8ACB25468300BA76E4EEF9F1F5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

94
Requests

99 %
HTTPS

52 %
IPv6

27
Domains

35
Subdomains

31
IPs

9
Countries

2792 kB
Transfer

4533 kB
Size

18
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://fusion.trustwave.com/
Title: Fusion Platform

Search URL Search Domain Scan URL

URL: https://segconsole.trustwave.com/
Title: Login to SEG Cloud Portal

Search URL Search Domain Scan URL

URL: https://login.trustwave.com/portal-core/home
Title: Legacy TrustKeeper Login

Search URL Search Domain Scan URL

URL: http://www.securitycolony.com/
Title: Security Colony Big or small – your problem has been faced before. Like a CISO in your pocket

Search URL Search Domain Scan URL

URL: https://jobs.jobvite.com/trustwave
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.singtel.com/business
Title:

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/business/
Title:

Search URL Search Domain Scan URL

URL: https://jobs.jobvite.com/trustwave/jobs
Title: All Opportunities Trustwave is ready to challenge and inspire you

Search URL Search Domain Scan URL

URL: https://jobs.jobvite.com/trustwave/p/paths
Title: Career Paths Find your path. Or carve your own

Search URL Search Domain Scan URL

URL: https://jobs.jobvite.com/trustwave/p/globe
Title: Around the Globe We're looking for extraordinary people to join us

Search URL Search Domain Scan URL

URL: https://jobs.jobvite.com/trustwave/p/why
Title: Why Trustwave? We think you’ll love working at Trustwave. This is why

Search URL Search Domain Scan URL

URL: https://trustwave.ziftone.com/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://trustwave.ziftone.com/#/page/reg
Title: Register Now

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a3dc200b-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263ec274067200c-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a42d200b-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a45a200b-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263ec2740cb200c-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0264e2e7d403200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a482200b-pi

Search URL Search Domain Scan URL

URL: https://msitpros.com/?p=3960
Title: https://msitpros.com/?p=3960

Search URL Search Domain Scan URL

URL: https://www.jss.com.cn/Contents/portal/allow/aboutus/about.ftl
Title: https://www.jss.com.cn/Contents/portal/allow/aboutus/about.ftl

Search URL Search Domain Scan URL

URL: http://www.baiwang.com/mainsite-new/about
Title: http://www.baiwang.com/mainsite-new/about

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/trustwave

Search URL Search Domain Scan URL

URL: https://twitter.com/Trustwave

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Trustwave/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC2CCqdrAxD9-Fv83NOdjhqA

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://www.trustwave.com/media/16992/reprint_the-forrester-wave_global-managed-security-services-providers_q3-2020-cover.png?anchor=center&mode=crop&width=400&rnd=132404200250000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png

Request Chain 33

https://www.trustwave.com/media/16795/once-future-cover-image.png?anchor=center&mode=crop&width=400&rnd=132344863110000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png

Request Chain 34

https://www.trustwave.com/media/16254/the-underground-economy-cover.png?anchor=center&mode=crop&width=400&rnd=132094902880000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png

Request Chain 35

https://www.trustwave.com/media/16414/cyber-multicloud-ebook-cover-image.png?anchor=center&mode=crop&width=400&rnd=132176020710000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png

Request Chain 36

https://www.trustwave.com/media/15106/ierr37pw.png?anchor=center&mode=crop&width=400&rnd=131992175790000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png

Request Chain 37

https://www.trustwave.com/media/7356/7145.jpg?anchor=center&mode=crop&width=400&rnd=131644845120000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg

Request Chain 38

https://www.trustwave.com/media/16657/gartner-mdr-cover.png?anchor=center&mode=crop&width=400&rnd=132308413190000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png

Request Chain 39

https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg

Request Chain 40

https://www.trustwave.com/media/17018/workoutplan-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=132410205550000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg

Request Chain 41

https://www.trustwave.com/media/17024/security-technology-management_cover.png?anchor=center&mode=crop&width=400&rnd=132411246370000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png

Request Chain 42

https://www.trustwave.com/media/16694/adp-trial-softwave_cover.png?anchor=center&mode=crop&width=400&rnd=132315344100000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png

Request Chain 43

https://www.trustwave.com/media/16961/ctf-event-header.jpg?anchor=center&mode=crop&width=400&rnd=132393847810000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg

Request Chain 44

https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg

Request Chain 76

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen-us%252Fresources%252Fblogs%252Fspiderlabs-blog%252Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%252F%26time%3D1596801104817%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817&liSync=true

Request Chain 78

https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79 HTTP 302
https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf

Request Chain 81

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=983692843&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&ul=en-us&de=UTF-8&dt=GoldenSpy%20Chapter%204%3A%20GoldenHelper%20Malware%20Embedded%20in%20Official%20Golden%20Tax%20Software%20%7C%20Trustwave&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQ~&jid=712984013&gjid=1008018721&cid=1075209211.1596801105&tid=UA-123880220-1&_gid=1863240545.1596801105&_r=1&gtm=2wg7v154M2ZJN&z=1307570223 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_gid=1863240545.1596801105&gjid=1008018721&_v=j83&z=1307570223 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632

94 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/ 139 KB
38 KB 669ms
483ms Document
text/html 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4ae63a3fa9bd6d1be795243d4d3d38e33dbb6593cdcb9447af3b292519609eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.trustwave.com
:scheme: https
:path: /en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
set-cookie: ARRAffinity=3935d26f58841e3917f2e00f0df6da5c8b0d6cb2f1f0c9e9c490026921b7ee2e;Path=/;HttpOnly;Domain=trustwave-umbraco-uk.azurewebsites.net ApplicationGatewayAffinity=bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890;Path=/;Domain=www.trustwave.com ApplicationGatewayAffinityCORS=bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890;Path=/;Domain=www.trustwave.com;SameSite=None;Secure
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-aspnet-version
date: Fri, 07 Aug 2020 11:51:43 GMT
content-length: 38669

GET
H2 200 9c85e15b-99ed-40a4-929d-2262f9ed2706.css
fast.fonts.net/cssapi/ 6 KB
1009 B 27ms
6ms Stylesheet
text/css 2606:2800:234:660:118e:28f:1d8a:2522
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40B6) /
Resource Hash: 6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:43 GMT
content-encoding: gzip
last-modified: Tue, 28 Apr 2020 14:50:47 GMT
server: ECS (fcn/40B6)
age: 939577
status: 200
etag: "2121817011"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 817
expires: Fri, 14 Aug 2020 11:51:43 GMT

GET
H2 200 styles.min.css
www.trustwave.com/dist/css/ 238 KB
31 KB 159ms
158ms Stylesheet
text/css 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/dist/css/styles.min.css?v=33sa

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ef847d41d1db2e6f66c1bc66c0779de7b36b0d31eb16dc369b229e19782ce660

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:33:24 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "082a755d569d61:0"
vary: Accept-Encoding
content-type: text/css
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 31604
x-xss-protection: 1; mode=block

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 674 B
644 B 17ms
16ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c0af41da9f52376496beeba05110b06c5ffa60d64a9f28e305177f0cd4550d7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 448
x-xss-protection: 1; mode=block
expires: Fri, 07 Aug 2020 11:51:43 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 708 B
547 B 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e9b8e2170d21e35516cd6b26600d47ea8507546e68d1a827185ab0eb16b733f1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 478
x-xss-protection: 1; mode=block
expires: Fri, 07 Aug 2020 11:51:43 GMT

GET
H2 200 Singtel%20Logo.svg
www.trustwave.com/img/logo/ 5 KB
2 KB 276ms
272ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/logo/Singtel%20Logo.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ace78f63f590160b0748a26e60d8b453b4d4ac8bc4da20967632bf7e5bcb58e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "03e1b8ad569d61:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 2141
x-xss-protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 140 KB
47 KB 39ms
34ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf2d7a732f4c2751a36ae6c3e3233639c8800e1b0a3031d9c77d8124c1fc43fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47736
x-xss-protection: 0
last-modified: Fri, 07 Aug 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 07 Aug 2020 11:51:44 GMT

GET
H2 200 Optus%20Logo.svg
www.trustwave.com/img/logo/ 3 KB
1 KB 277ms
273ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/logo/Optus%20Logo.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2a1c9874549a1cb94b6e0dc5822b4f5ca14386d39214a8145670fc1c50045496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "03e1b8ad569d61:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 1228
x-xss-protection: 1; mode=block

GET
H2 200 twitter.svg
www.trustwave.com/img/icon/social/svg/dark/ 778 B
872 B 270ms
266ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/dark/twitter.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag: "011ea88d569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 778
x-xss-protection: 1; mode=block

GET
H2 200 linkedin.svg
www.trustwave.com/img/icon/social/svg/dark/ 636 B
680 B 271ms
267ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/dark/linkedin.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag: "011ea88d569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 636
x-xss-protection: 1; mode=block

GET
H2 200 facebook.svg
www.trustwave.com/img/icon/social/svg/dark/ 446 B
490 B 271ms
267ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/dark/facebook.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag: "011ea88d569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 446
x-xss-protection: 1; mode=block

GET
H2 200 6a0133f264aa62970b0264e2e85034200d-800wi
npercoco.typepad.com/.a/ 287 KB
288 KB 625ms
551ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0264e2e85034200d-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3776502046f781250c25f64f53ca6a5dfb796c3ff900a28f9b854eb63dc593c8

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995af419c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0264e2e85034200d-800wi.png
content-length: 294034
cf-request-id: 046a5c518d00009c39ef3ab200000001
x-webserver: oak-tp-web093
last-modified: Mon, 13 Jul 2020 17:09:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 390821291 390330683
cache-control: s-maxage=14400
x-phapp: oak-tp-web093
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0263e955a3dc200b-800wi
npercoco.typepad.com/.a/ 78 KB
78 KB 773ms
699ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a3dc200b-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4e0e060e859237f0792b223041322e21c0e850db78ba107b0616afc4cbd39c5

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995af449c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0263e955a3dc200b-800wi.png
content-length: 79767
cf-request-id: 046a5c518d00009c39ef3ac200000001
x-webserver: oak-tp-web066
last-modified: Fri, 10 Jul 2020 16:58:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 1764393772 1763995231
cache-control: s-maxage=14400
x-phapp: oak-tp-web066
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0263ec274067200c-800wi
npercoco.typepad.com/.a/ 54 KB
54 KB 638ms
564ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263ec274067200c-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e28a2515c136d5e7e0cf6e526a385f4b3998d52d8238e09c254fbdc272ce5ac8

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995af479c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0263ec274067200c-800wi.png
content-length: 55364
cf-request-id: 046a5c518d00009c39ef3ad200000001
x-webserver: oak-tp-web089
last-modified: Fri, 10 Jul 2020 16:59:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 1764393766 1763995224
cache-control: s-maxage=14400
x-phapp: oak-tp-web089
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0263e955a42d200b-800wi
npercoco.typepad.com/.a/ 70 KB
71 KB 677ms
603ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a42d200b-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbe0e85e5e53990152ffdf4c23ab39beae2543c5fe6ee1ba55ab797805713df6

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995af499c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0263e955a42d200b-800wi.png
content-length: 72135
cf-request-id: 046a5c518d00009c39ef3ae200000001
x-webserver: oak-tp-web054
last-modified: Fri, 10 Jul 2020 17:01:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 1764393770 1763995223
cache-control: s-maxage=14400
x-phapp: oak-tp-web054
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0263e955a45a200b-800wi
npercoco.typepad.com/.a/ 33 KB
33 KB 640ms
566ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a45a200b-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efb0f461e0b9b5a2b0f7bed8e66a32af54a6409faeab15810a786bac64c1ef6f

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995af4b9c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0263e955a45a200b-800wi.png
content-length: 33827
cf-request-id: 046a5c518d00009c39ef3af200000001
x-webserver: oak-tp-web091
last-modified: Fri, 10 Jul 2020 17:02:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 390821301 390330685
cache-control: s-maxage=14400
x-phapp: oak-tp-web091
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0263ec2740cb200c-800wi
npercoco.typepad.com/.a/ 33 KB
34 KB 598ms
525ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263ec2740cb200c-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efb0f461e0b9b5a2b0f7bed8e66a32af54a6409faeab15810a786bac64c1ef6f

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995af4c9c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0263ec2740cb200c-800wi.png
content-length: 33827
cf-request-id: 046a5c518d00009c39ef3b0200000001
x-webserver: oak-tp-web058
last-modified: Fri, 10 Jul 2020 17:03:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 390821269 390330682
cache-control: s-maxage=14400
x-phapp: oak-tp-web058
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0264e2e7d403200d-800wi
npercoco.typepad.com/.a/ 66 KB
67 KB 548ms
547ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0264e2e7d403200d-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4eb73fa057cd2e1eb698d44fa27569f4809729a010bc5b932c3d3ad807328f

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995bf569c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0264e2e7d403200d-800wi.png
content-length: 67900
cf-request-id: 046a5c519500009c39ef3b1200000001
x-webserver: oak-tp-web051
last-modified: Fri, 10 Jul 2020 17:04:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 1764393761 1763995234
cache-control: s-maxage=14400
x-phapp: oak-tp-web051
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0263e955a482200b-800wi
npercoco.typepad.com/.a/ 425 KB
426 KB 551ms
550ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0263e955a482200b-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aac1bb952cbe044084143c5690b71b19ead7016025a3a16a826815f50a90c6b2

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 2579
cf-ray: 5bf0c995bf589c39-AMS
status: 200
content-disposition: inline; filename=6a0133f264aa62970b0263e955a482200b-800wi.png
content-length: 435284
cf-request-id: 046a5c519500009c39ef3b2200000001
x-webserver: oak-tp-web054
last-modified: Fri, 10 Jul 2020 17:06:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 1764393762 1763995219
cache-control: s-maxage=14400
x-phapp: oak-tp-web054
accept-ranges: bytes
content-type: image/png

GET
H2 200 logo-trustwave-white.svg
www.trustwave.com/img/logo/ 3 KB
1 KB 270ms
268ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/logo/logo-trustwave-white.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "03e1b8ad569d61:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 1354
x-xss-protection: 1; mode=block

GET
H2 200 linkedin.svg
www.trustwave.com/img/icon/social/svg/light/ 636 B
676 B 271ms
268ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/light/linkedin.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

46647527924f0574eded74e7ef9a93d43044a47dcd1b11b9a203c0a9a8bb65e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag: "011ea88d569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 636
x-xss-protection: 1; mode=block

GET
H2 200 twitter.svg
www.trustwave.com/img/icon/social/svg/light/ 778 B
818 B 271ms
268ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/light/twitter.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4fb02286499439e694d9a4220d6ca3ab664b2ba4bdb699b9068aa8e6fd5528c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag: "011ea88d569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 778
x-xss-protection: 1; mode=block

GET
H2 200 facebook.svg
www.trustwave.com/img/icon/social/svg/light/ 446 B
486 B 271ms
269ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/light/facebook.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

64ed842d23dcee23e4cf9257dd18ce0066a76cd75108e7fc95f13a4a9b0e892c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag: "011ea88d569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 446
x-xss-protection: 1; mode=block

GET
H2 200 youtube.svg
www.trustwave.com/img/icon/social/svg/light/ 525 B
569 B 361ms
358ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/light/youtube.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c750113ac663d3ae3adea8e042237ac1c5ea21f9ad1749efc357ea93acbc5d78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:50 GMT
x-aspnet-version
etag: "011ea88d569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 525
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK player.js Show response
player.vimeo.com/api/ 18 KB
7 KB 67ms
21ms Script
application/javascript 151.101.112.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/api/player.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

93b1524a3b404177560f00be38ccb97fbdc44a0e9ae7061d652d79b6a07f4bfe

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Varnish-Cache: 0
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 1077
X-Cache: HIT
P3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
Connection: keep-alive
X-VServer: infra-playproxy-a-3
Content-Length: 5776
X-Xss-Protection: 1; mode=block
X-Served-By: cache-hhn4073-HHN
X-Player-Backend: p
Expires: Fri, 07 Aug 2020 12:03:47 GMT
Server: nginx
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Timer: S1596801104.055771,VS0,VE0
Date: Fri, 07 Aug 2020 11:51:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: application/javascript;charset=utf-8
Via: 1.1 varnish, 1.1 varnish
Vary: Accept-Encoding
X-Vimeo-DC: ge
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache-Hits: 1553

GET
H2 200 scripts.min.js Show response
www.trustwave.com/dist/js/ 438 KB
136 KB 363ms
363ms Script
application/x-javascript 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

df89cc53e851559fba691a5bcd450ca97d68738c4606dc14dd73b9d03b9aaa6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:33:24 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "082a755d569d61:0"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
date: Fri, 07 Aug 2020 11:51:43 GMT
accept-ranges: bytes
content-length: 138801
x-xss-protection: 1; mode=block

GET
H2 200 rum.js Show response
www.atmrum.net/ 17 KB
17 KB 95ms
22ms Script
application/javascript 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.atmrum.net/rum.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

13032ef9973485517338726dd9fcb77fa99a21f69fa91dcb48f432c8fe8df225

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:43 GMT
x-content-type-options: nosniff
last-modified: Fri, 31 Jul 2020 17:18:44 GMT
x-msedge-ref: Ref A: 44273BCDE08A4362B9749D6D704E67A8 Ref B: AMS04EDGE0812 Ref C: 2020-08-07T11:51:44Z
etag: 0x8D4FC0223F2F653
status: 200
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-MSEdge-Ref
cache-control: no-store
accept-ranges: bytes
timing-allow-origin: *
content-length: 17523

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 70ms
22ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: "5ed917ff-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Fri, 07 Aug 2020 11:51:44 GMT
x-host: s7.addthis.com
content-length: 116324

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/154/ 8 KB
4 KB 88ms
44ms Script
application/x-javascript 104.109.95.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/154/munchkin.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-95-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 11:51:44 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 May 2018 02:45:27 GMT
Server: AkamaiNetStorage
ETag: "808fc844032f646c32adce24553838be:1526611527"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3700
Expires: Sun, 15 Nov 2020 11:51:44 GMT

GET
H2 200 5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js Show response
cookie-cdn.cookiepro.com/langswitch/ 2 KB
1 KB 36ms
16ms Script
application/x-javascript 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: 2Q95fkKCF+yYcVGygzYfBA==
age: 4323
status: 200
cf-request-id: 046a5c514f000005d8751be200000001
x-ms-lease-status: unlocked
last-modified: Mon, 29 Apr 2019 14:20:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 5c642d12-a01e-0046-7f75-340cca000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5bf0c9954ff005d8-FRA

GET
H2 200 1.css
fast.fonts.net/t/ 0
125 B 7ms
6ms Stylesheet
text/css 2606:2800:234:660:118e:28f:1d8a:2522
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/t/1.css?apiType=css&projectid=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41AE) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
last-modified: Wed, 21 Feb 2018 12:55:22 GMT
server: ECS (fcn/41AE)
age: 9763602
etag: "616070693"
status: 200
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 0
expires: Fri, 14 Aug 2020 11:51:44 GMT

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 28ms
6ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FA5) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: gzip
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 889
x-cache: HIT
status: 200
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Tue, 04 Feb 2020 19:23:51 GMT
server: ECAcc (frc/8FA5)
etag: 0x8D7A9A7C460F06C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 82787c44-201e-0028-13af-6c935b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Fri, 07 Aug 2020 12:21:44 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/ 332 KB
131 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 03 Aug 2020 17:22:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 04:06:51 GMT
server: sffe
age: 325744
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133278
x-xss-protection: 0
expires: Tue, 03 Aug 2021 17:22:40 GMT

GET
H/1.1

200
OK

63414b969e6787641dc91084b6f18b91fbc35a81.png
trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/
Redirect Chain

https://www.trustwave.com/media/16992/reprint_the-forrester-wave_global-managed-security-services-providers_q3-2020-cover.png?anchor=center&mode=crop&width=400&rnd=132404200250000000
https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png

81 KB
82 KB

573ms
123ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 44f60c08d39f76681af5e1eada34c18b7754a089f1403eea70c86c56c171a425

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Tue, 28 Jul 2020 14:27:48 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: OXk1n/bqvmijIZPuBQ7LaQ==
ETag: 0x8D8330266F08072
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: 2ae57988-e01e-00d8-6ab1-6c4a3f000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 82963

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/
Redirect Chain

https://www.trustwave.com/media/16795/once-future-cover-image.png?anchor=center&mode=crop&width=400&rnd=132344863110000000
https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png

26 KB
27 KB

606ms
156ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: c99841b9fa07daa705c029caca740cbd2d8c4b53b07c5b7999e7fe7da91e6670

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Wed, 20 May 2020 22:13:32 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: af88Lml3DW25n2ABu8zXOw==
ETag: 0x8D7FD0B08C41D31
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: b65cc630-801e-0144-5eb1-6c77d7000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 26903

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/
Redirect Chain

https://www.trustwave.com/media/16254/the-underground-economy-cover.png?anchor=center&mode=crop&width=400&rnd=132094902880000000
https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png

276 KB
277 KB

578ms
128ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 19a5abc3ee71d9689286163dd786564ab2d59a118563fc140e62fa96d0d386df

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified: Tue, 04 Aug 2020 14:54:14 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 2nJMTgekKPiIq9CgmTKqrg==
ETag: 0x8D83886411BDC9F
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: 5aa6f149-c01e-0148-68b1-6c9926000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 282667

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

5a6834a869db6f970c8f090a022f77a1c482c6a8.png
trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/
Redirect Chain

https://www.trustwave.com/media/16414/cyber-multicloud-ebook-cover-image.png?anchor=center&mode=crop&width=400&rnd=132176020710000000
https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png

53 KB
54 KB

618ms
167ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 049bf83ad4e353fb4bce7d9fff2ba6b0996aa1a8bbdba76ca83a2ee78c887687

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Thu, 07 Nov 2019 12:23:34 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 7yCcZEg8vp+Cqn2BqP21Mw==
ETag: 0x8D7637D4EF0E3A5
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: 780bd183-501e-0024-68b1-6c74a0000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 54413

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/
Redirect Chain

https://www.trustwave.com/media/15106/ierr37pw.png?anchor=center&mode=crop&width=400&rnd=131992175790000000
https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png

142 KB
143 KB

561ms
110ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 2e45a8996ec5c8b3fce4c3f71fc56ef806673998113d09c32f73c7a3d6efdb38

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Tue, 07 Apr 2020 18:45:01 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 5UtgQThYJzYHnzR2krDd3w==
ETag: 0x8D7DB23C7529E1A
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: b5719189-a01e-0057-56b1-6c0463000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 145855

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/
Redirect Chain

https://www.trustwave.com/media/7356/7145.jpg?anchor=center&mode=crop&width=400&rnd=131644845120000000
https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg

32 KB
32 KB

563ms
112ms

Image
image/jpeg

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 14da1d6311764bee490145f7909d480858b94fc01c6ba2b5d8c112feabe53a99

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Wed, 29 Jan 2020 22:23:46 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: wcV8714ZrmJmS6VqXbqxbQ==
ETag: 0x8D7A509E865C6AD
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/jpeg
x-ms-request-id: 595081aa-801e-00c3-0eb1-6c64ad000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 32269

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/
Redirect Chain

https://www.trustwave.com/media/16657/gartner-mdr-cover.png?anchor=center&mode=crop&width=400&rnd=132308413190000000
https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png

39 KB
40 KB

755ms
111ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 6fbc9436bf1ea8e9568562182031024ae2960a3c3dfdd706ccec19c0fb04b445

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Wed, 08 Apr 2020 17:55:20 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: wPZ3WeOl75NahAH1egrikg==
ETag: 0x8D7DBE6013FC4E5
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: 595082c1-801e-00c3-0fb1-6c64ad000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 40008

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/
Redirect Chain

https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg

9 KB
10 KB

805ms
118ms

Image
image/jpeg

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified: Wed, 29 Jan 2020 22:23:46 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: MsdJ7/i6e4BXG2Gh7eeTmQ==
ETag: 0x8D7A509E865C6AD
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/jpeg
x-ms-request-id: b65cc72b-801e-0144-47b1-6c77d7000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 9529

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

0450c1be878051498f0c2330230d93f52934a703.jpg
trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/
Redirect Chain

https://www.trustwave.com/media/17018/workoutplan-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=132410205550000000
https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg

10 KB
10 KB

264ms
105ms

Image
image/jpeg

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 6c354c40f91293a1558c447aaf710fb24f11c235cb23ae08f3e5bcfaeb3aabc8

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Tue, 04 Aug 2020 13:24:20 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: catYr2pvkH1GQfcoNOLYCg==
ETag: 0x8D83879B2192570
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/jpeg
x-ms-request-id: 2ae57ae4-e01e-00d8-35b1-6c4a3f000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 10078

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/0/4/5/0/c/1/0450c1be878051498f0c2330230d93f52934a703.jpg
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/
Redirect Chain

https://www.trustwave.com/media/17024/security-technology-management_cover.png?anchor=center&mode=crop&width=400&rnd=132411246370000000
https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png

86 KB
86 KB

290ms
159ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 61bc73b49e96aa8d7ac9c315d14da6d4455e08eae472313058d3d00187590f88

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Wed, 05 Aug 2020 18:35:55 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: pT0d0VfkrKO20X8cqgr7rw==
ETag: 0x8D8396E6388749D
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: 780bd29f-501e-0024-75b1-6c74a0000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 87804

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/4/0/c/a/7/0/40ca70c1a9e58d585b6a31fe350b4f55c70804b0.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

d811ec63c804742ec35245598815fd42261061c5.png
trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/
Redirect Chain

https://www.trustwave.com/media/16694/adp-trial-softwave_cover.png?anchor=center&mode=crop&width=400&rnd=132315344100000000
https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png

17 KB
18 KB

335ms
106ms

Image
image/png

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 931d1e18c99133e074631d74ef9b90050a447af3c0cfa7df64c963428d829631

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified: Thu, 16 Apr 2020 18:30:42 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: LTrmvDJtyOYYOIRhwdpPCg==
ETag: 0x8D7E234450BFDE2
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/png
x-ms-request-id: b65cc7ac-801e-0144-3db1-6c77d7000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 17533

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/d/8/1/1/e/c/d811ec63c804742ec35245598815fd42261061c5.png
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

b349523142a51bd76c6413d5c4638187b830b782.jpg
trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/
Redirect Chain

https://www.trustwave.com/media/16961/ctf-event-header.jpg?anchor=center&mode=crop&width=400&rnd=132393847810000000
https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg

11 KB
12 KB

336ms
102ms

Image
image/jpeg

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: aef04833469c4ac740e87c2d8cf43fdb4227aa7ac8d0669703bd49bee337146b

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:45 GMT
Last-Modified: Thu, 16 Jul 2020 14:53:47 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: PAw7XJizyo0HoFUD5KXTdg==
ETag: 0x8D829980B9FFBBB
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/jpeg
x-ms-request-id: b571930c-a01e-0057-40b1-6c0463000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 11321

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/b/3/4/9/5/2/b349523142a51bd76c6413d5c4638187b830b782.jpg
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/
Redirect Chain

https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000
https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg

8 KB
9 KB

289ms
103ms

Image
image/jpeg

52.239.152.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cb8fd428f0d96267a4df07e3603d7e9fc4f424096eec1923269d49efa9f31dbb

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 07 Aug 2020 11:51:44 GMT
Last-Modified: Wed, 29 Jan 2020 22:23:46 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: YYg1/108u00f4mbVmhIfVw==
ETag: 0x8D7A509E868AD64
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/jpeg
x-ms-request-id: 5950835f-801e-00c3-1ab1-6c64ad000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 8271

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
status: 302
date: Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H2 200 loading-white.svg
www.trustwave.com/img/utility/ 687 B
731 B 855ms
855ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/utility/loading-white.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
etag: "03e1b8ad569d61:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges: bytes
content-length: 687
x-xss-protection: 1; mode=block

GET
H2 200 MaterialIcons-Regular.woff2
www.trustwave.com/fonts/material-icons/ 43 KB
43 KB 851ms
850ms Font
application/x-font-woff2 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/fonts/material-icons/MaterialIcons-Regular.woff2

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin: https://www.trustwave.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:33:24 GMT
x-aspnet-version
etag: "082a755d569d61:0"
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff2
status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges: bytes
content-length: 44300
x-xss-protection: 1; mode=block

GET
H2 200 KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v20/ 35 KB
20 KB 6ms
6ms Font
font/ttf 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxP.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin: https://www.trustwave.com

Response headers

date: Fri, 17 Jul 2020 04:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1841743
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20742
x-xss-protection: 0
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jul 2021 04:16:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc9.ttf
fonts.gstatic.com/s/roboto/v20/ 36 KB
21 KB 6ms
6ms Font
font/ttf 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc9.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

719df7954428f52779f3fa18641c19fc854b39394193d87eea5a61795dec8dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin: https://www.trustwave.com

Response headers

date: Fri, 17 Jul 2020 13:18:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1809213
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20908
x-xss-protection: 0
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jul 2021 13:18:11 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc9.ttf
fonts.gstatic.com/s/roboto/v20/ 35 KB
20 KB 7ms
6ms Font
font/ttf 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc9.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin: https://www.trustwave.com

Response headers

date: Wed, 15 Jul 2020 19:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1960456
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20796
x-xss-protection: 0
last-modified: Wed, 24 Jul 2019 01:18:59 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jul 2021 19:17:28 GMT

GET
H2 200 d9dabe05-624c-4f28-8eee-b3b6f1841abf.woff2
fast.fonts.net/dv2/14/ 20 KB
20 KB 34ms
15ms Font
application/octet-stream 2606:2800:234:660:118e:28f:1d8a:2522
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/d9dabe05-624c-4f28-8eee-b3b6f1841abf.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4193) /
Resource Hash: f422b8961953524e333d562521c3b4e0a2ed33da87079bd92c08ec4389372358

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Origin: https://www.trustwave.com

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
last-modified: Fri, 05 Dec 2014 01:40:36 GMT
server: ECS (fcn/4193)
age: 17434153
etag: "2369653874"
status: 200
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 20472
expires: Thu, 05 Nov 2020 11:51:44 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc9.ttf
fonts.gstatic.com/s/roboto/v20/ 35 KB
20 KB 8ms
5ms Font
font/ttf 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc9.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4c96f55c265e0a80be4243a16f7e88b9a67c85b71b4e2aa8cea4e1aa989b0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin: https://www.trustwave.com

Response headers

date: Fri, 07 Aug 2020 08:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12258
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20827
x-xss-protection: 0
last-modified: Wed, 24 Jul 2019 01:18:53 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Aug 2021 08:27:26 GMT

GET
H2 200 71e645d2-276d-4568-b9e4-e215b8e5b24f.woff2
fast.fonts.net/dv2/14/ 20 KB
20 KB 27ms
12ms Font
application/octet-stream 2606:2800:234:660:118e:28f:1d8a:2522
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/71e645d2-276d-4568-b9e4-e215b8e5b24f.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40E7) /
Resource Hash: bd1f1f47a863ac3be54dab002af884683776e666b68d50ec7641ca732991d54f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Origin: https://www.trustwave.com

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
last-modified: Fri, 05 Dec 2014 01:42:38 GMT
server: ECS (fcn/40E7)
age: 1358874
etag: "2674825278"
status: 200
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 20080
expires: Thu, 05 Nov 2020 11:51:44 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzc.ttf
fonts.gstatic.com/s/roboto/v20/ 37 KB
22 KB 7ms
6ms Font
font/ttf 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzc.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dfa4684ad9c52a1a97d91764ef1d404c15dd95ed20f00a2f9f3f4d11df2abf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Origin: https://www.trustwave.com

Response headers

date: Sat, 18 Jul 2020 13:36:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1721743
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22299
x-xss-protection: 0
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Jul 2021 13:36:01 GMT

GET
H2 200 52be0694-00c1-4daa-8782-419021c48e95.woff2
fast.fonts.net/dv2/14/ 20 KB
20 KB 18ms
7ms Font
application/octet-stream 2606:2800:234:660:118e:28f:1d8a:2522
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/52be0694-00c1-4daa-8782-419021c48e95.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/418C) /
Resource Hash: 34ede3e0ed28152b38a721fd42c348162e01e6e53fd526b80e385c095b2b4082

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Origin: https://www.trustwave.com

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
last-modified: Fri, 05 Dec 2014 01:27:43 GMT
server: ECS (fcn/418C)
age: 4719537
etag: "3413759195"
status: 200
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 20524
expires: Thu, 05 Nov 2020 11:51:44 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 110ms
109ms Script
application/x-javascript 104.109.95.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-95-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 11:51:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 fpv2.min.js Show response
www.atmrum.net/client/v1/atm/ 20 KB
20 KB 23ms
22ms Script
application/javascript 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.atmrum.net/client/v1/atm/fpv2.min.js

Requested by

Host: www.atmrum.net
URL: https://www.atmrum.net/rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

40c107ee62b8927c82c86c5487de6da6b506b946f8ef5452421ef5b44bbea363

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:43 GMT
x-content-type-options: nosniff
last-modified: Fri, 31 Jul 2020 17:18:44 GMT
x-msedge-ref: Ref A: F88B828CFD8944089EEEF1494F9A3253 Ref B: AMS04EDGE0812 Ref C: 2020-08-07T11:51:44Z
etag: 0x8D501F7AFB7338D
status: 200
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-MSEdge-Ref
cache-control: no-store
accept-ranges: bytes
timing-allow-origin: *
content-length: 20177

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 412C 0
0

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 58ms
19ms Script
application/x-javascript 92.122.255.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.122.255.233 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-255-233.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 61EC92F13BB22DD4
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=27111
accept-ranges: bytes
content-length: 948
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=

GET
H2 200 d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js Show response
cookie-cdn.cookiepro.com/consent/ 69 KB
16 KB 23ms
23ms Script
application/x-javascript 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: tokLCuVTsBOR85IgoPx1iA==
age: 4322
status: 200
cf-request-id: 046a5c530a000005d8751df200000001
x-ms-lease-status: unlocked
last-modified: Mon, 29 Apr 2019 14:20:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 127d04d8-301e-0036-27d7-23b53d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5bf0c9981ffe05d8-FRA

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5286e9523a723348/ 166 B
325 B 210ms
209ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5286e9523a723348/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-36-164.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: gzip
etag: 659743217
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=59, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 154

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 197ms
196ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=5f2d4050a746c3f9&bkl=0&bl=1&pdt=690&sid=5f2d4050a746c3f9&pub=ra-5286e9523a723348&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=www.trustwave.com&fp=en-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1596801104663&jsl=1&uvs=5f2d405003590928000&skipb=1&callback=addthis.cbs.jsonp__179531380536090080
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-36-164.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4b99171ccf97c3a699c661183b30befd0f2cc8d5bbc8d10143dd77da6497ed40

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Fri, 07 Aug 2020 11:51:44 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 4C2F 0
0 33ms
32ms Document
text/html 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Response headers

status: 200
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 09 Sep 2019 15:34:57 GMT
etag: W/"5d767121-1115f"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 25412
date: Fri, 07 Aug 2020 11:51:44 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 3A62 0
0 29ms
28ms Document
text/html 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=wygl39vjerd6

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-T6I9JmGOjy/pFxS+GxAHgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=wygl39vjerd6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 07 Aug 2020 11:51:44 GMT
content-security-policy: script-src 'report-sample' 'nonce-T6I9JmGOjy/pFxS+GxAHgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9614
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5765
date: Fri, 07 Aug 2020 10:15:39 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Fri, 07 Aug 2020 12:15:39 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 64ms
11ms Script
application/x-javascript 2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 11:51:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=23235
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 hotjar-1372211.js Show response
static.hotjar.com/c/ 7 KB
2 KB 71ms
19ms Script
application/javascript 147.75.33.229
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1372211.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.33.229 Amsterdam, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress12

Software

Resource Hash

771f96b10088b405754149e86af6029c4d288f702e9cbbfe155a07477344bc2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjarjs
age: 23
status: 200
section-io-cache: Hit
vary: Accept-Encoding
content-length: 2119
cache-control: max-age=60
etag: W/534a4232bd4d52d44035fdbe35d4b880
access-control-max-age: 600
section-io-origin-status: 304
access-control-allow-origin: *
x-cache-hit: 1
section-io-origin-time-seconds: 0.018
accept-ranges: bytes
section-io-id: ac92c584828560ab67e772f2b4c7dd83
section-origin-responded: true

GET
H2 200 t.js Show response
vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/ 4 KB
2 KB 91ms
25ms Script
application/javascript 99.86.7.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.7.81 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-7-81.fra6.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

4014a05aacaa586346e71903afbc4537863681e4df786fa132e4a547cd6cfeb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Fri, 26 Jun 2020 16:23:01 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: RKvUS1gpWTVp6QEKER_9bTX9ZtN-gik_zL1wV8mKPS9iajJKRbFzkg==

GET
H2 200 en-us.json Show response
www.trustwave.com/locale/en-us/LC_MESSAGES/ 1 KB
636 B 290ms
290ms XHR
application/json 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/locale/en-us/LC_MESSAGES/en-us.json

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With: XMLHttpRequest
Request-Id: |hkzK2.qFtCW
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "03e1b8ad569d61:0"
vary: Accept-Encoding
content-type: application/json
status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges: bytes
content-length: 590
x-xss-protection: 1; mode=block

GET
H2 200 ja-jp.json Show response
www.trustwave.com/locale/ja-jp/LC_MESSAGES/ 1 KB
923 B 290ms
289ms XHR
application/json 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/locale/ja-jp/LC_MESSAGES/ja-jp.json

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With: XMLHttpRequest
Request-Id: |hkzK2.A0Uhb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "03e1b8ad569d61:0"
vary: Accept-Encoding
content-type: application/json
status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges: bytes
content-length: 877
x-xss-protection: 1; mode=block

GET
H2 200 de-de.json Show response
www.trustwave.com/locale/de-de/LC_MESSAGES/ 1 KB
638 B 287ms
287ms XHR
application/json 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/locale/de-de/LC_MESSAGES/de-de.json

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With: XMLHttpRequest
Request-Id: |hkzK2.EDEsv
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 20:34:52 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "03e1b8ad569d61:0"
vary: Accept-Encoding
content-type: application/json
status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges: bytes
content-length: 564
x-xss-protection: 1; mode=block

GET
H2 200 fpconfig.min.json Show response
www.atmrum.net/conf/v1/atm/ 191 B
481 B 104ms
23ms XHR
text/plain 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.atmrum.net/conf/v1/atm/fpconfig.min.json

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
x-content-type-options: nosniff
last-modified: Fri, 31 Jul 2020 17:18:43 GMT
x-msedge-ref: Ref A: 2477847022264433ACC3C425F3F70A5F Ref B: BRU30EDGE0509 Ref C: 2020-08-07T11:51:44Z
etag: 0x8D501F7AFB7338D
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-MSEdge-Ref
cache-control: no-store
accept-ranges: bytes
timing-allow-origin: *
content-length: 191

GET
H2 200 optanon.css
cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/ 23 KB
5 KB 19ms
18ms Stylesheet
text/css 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/optanon.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: jzLE25vmrDR3ZmMxTSa8+w==
age: 1166
status: 200
cf-request-id: 046a5c5395000005d8751e7200000001
x-ms-lease-status: unlocked
last-modified: Thu, 19 Sep 2019 18:59:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: df1cc734-401e-0085-58d7-231590000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5bf0c998eaa805d8-FRA

GET
H2 200 EU Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 32 B
403 B 72ms
52ms Script
text/javascript 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery331010600004571916011_1596801104578&_=1596801104579

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5bf0c9991a73c277-FRA
content-length: 32
cf-request-id: 046a5c53ab0000c277373c6200000001

GET
H/1.1 200
OK visitWebPage Show response
815-rfm-693.mktoresp.com/webevents/ 2 B
304 B 662ms
100ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://815-rfm-693.mktoresp.com/webevents/visitWebPage?_mchNc=1596801104796&_mchCn=&_mchId=815-RFM-693&_mchTk=_mch-trustwave.com-1596801104794-39773&_mchHo=www.trustwave.com&_mchPo=&_mchRu=%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 07 Aug 2020 11:51:45 GMT
Content-Encoding: gzip
Server: akka-http/10.1.11
Transfer-Encoding: chunked
X-Request-Id: e21a7ae7-e622-43ef-bce3-736abef48917
Content-Type: text/plain; charset=UTF-8

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 80 KB
31 KB 49ms
49ms Script
application/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5B38B7F&t=gtm2&cid=1075209211.1596801105

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6095b5d40ee85bf118e96ccac747755bd3b33e907d88f52765fbc461212acd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31932
x-xss-protection: 0
expires: Fri, 07 Aug 2020 11:51:44 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-off...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen-us%252Fresources%252Fb...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-off...

0
297 B

126ms
125ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817&liSync=true
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:45 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server: Play
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: BpEyICX6KBYgA8OOBisAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: Wm4JGiX6KBYQXbOjmisAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: 6F045244E95F46069A08DB4A6C7522C7 Ref B: FRAEDGE1208 Ref C: 2020-08-07T11:51:45Z
x-frame-options: sameorigin
date: Fri, 07 Aug 2020 11:51:44 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&time=1596801104817&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 modules.9e0dfa53977fdaaa37e1.js Show response
script.hotjar.com/ 355 KB
69 KB 63ms
19ms Script
application/javascript 147.75.33.233
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.9e0dfa53977fdaaa37e1.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.33.233 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress14
Software: /
Resource Hash: 5aa59976259ce2568a094d8d2605551354f43fe4b883c26a4de607b99abe8ba7

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
content-encoding: br
age: 24418
status: 200
section-io-cache: Hit
content-length: 70592
last-modified: Thu, 06 Aug 2020 15:41:38 GMT
etag: "1dc18948738035294e4ca2d8276406b4"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.102
section-io-id: bbb6f489efefd4c508f39a9aa606aea4
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H2

200

s.gif
vidassets.terminus.services/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79
https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79
https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf

42 B
682 B

20ms
20ms

Image
image/gif

99.86.7.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.7.81 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-7-81.fra6.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:33:33 GMT
via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1094
x-cache: Hit from cloudfront
status: 200
content-length: 42
last-modified: Fri, 26 Jun 2020 16:23:01 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
x-amz-cf-pop: FRA6-C1
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: uJ-MHzfv3RhfpGiYu2Py2NdLicjpHLQGSdhSkDoIQl5meKZeleAC3A==

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 11:51:45 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&t=6baecff2-4712-474c-93af-a34b6f0fdfcf
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 343

GET
H2 200 t.gif
vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/ 42 B
682 B 24ms
23ms Image
image/gif 99.86.7.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif?d=cb1ed8fa-226d-4c3f-8497-0b7c13f22d79&s=82537ce4-2c0e-4626-92c6-f1c4bdf283d6&p=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&cb=1596801104868

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.7.81 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-7-81.fra6.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 11:51:44 GMT
via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
status: 200
content-length: 42
last-modified: Fri, 26 Jun 2020 16:23:01 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: 7gFnqN_wl-ACaEB03ceq9gsIqYFICJb2a7O16hFOjS8mxD2YcnRxdg==

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame C144 0
0 94ms
17ms Document
text/html 147.75.84.31
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.84.31 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Response headers

status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
content-type: text/html
content-length: 851
last-modified: Mon, 27 Jul 2020 17:12:24 GMT
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.031
section-origin-responded: true
age: 902338
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 25ae96e39459239807fdc7d6b2f09b50

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=983692843&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_gid=1863240545.1596801105&gjid=1008018721&_v=j83&z=1307570223
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632

42 B
106 B

18ms
17ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 11:51:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 11:51:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123880220-1&cid=1075209211.1596801105&jid=712984013&_v=j83&z=1307570223&slf_rd=1&random=160445632
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 trans.gif
b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/ 43 B
243 B 408ms
115ms Image
image/gif 2603:1030:1000::58
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/trans.gif?e1f3dddc30fa7c32b1bb0f06dab50fa5

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1030:1000::58 Québec, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 21:53:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges: bytes
content-length: 43
etag: "a6573bc5f023d61:0"

GET
H2 200 IsUserAusi Show response
www.trustwave.com/umbraco/surface/AJAX/ 5 B
172 B 351ms
350ms XHR
text/html 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/umbraco/surface/AJAX/IsUserAusi

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With: XMLHttpRequest
Request-Id: |hkzK2.vGlz8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version
date: Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
status: 200
cache-control: private
vary: Accept-Encoding
content-length: 123
x-xss-protection: 1; mode=block

GET
H2 200 IsUserAPAC Show response
www.trustwave.com/umbraco/surface/AJAX/ 5 B
163 B 512ms
512ms XHR
text/html 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/umbraco/surface/AJAX/IsUserAPAC

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
X-Requested-With: XMLHttpRequest
Request-Id: |hkzK2.1yn1F
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version
date: Fri, 07 Aug 2020 11:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
status: 200
cache-control: private
vary: Accept-Encoding
content-length: 123
x-xss-protection: 1; mode=block

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1372211/ 178 B
320 B 103ms
38ms XHR
application/json 34.246.206.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1372211/visit-data?sv=7
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.206.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-206-139.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 07 Aug 2020 11:51:45 GMT
content-encoding: br
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-credentials: true

GET
H2 200 trans.gif
b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/ 43 B
81 B 115ms
115ms Image
image/gif 2603:1030:1000::58
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com/apc/trans.gif?53e114d74afbd520c15fcc86c05f2c31

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1030:1000::58 Québec, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 21:53:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
status: 200
date: Fri, 07 Aug 2020 11:51:44 GMT
accept-ranges: bytes
content-length: 43
etag: "a6573bc5f023d61:0"

GET
H2 200 trans.gif
f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/ 43 B
243 B 319ms
93ms Image
image/gif 2a01:111:f100:2002::8975:2c41
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/trans.gif?56d62365ee9e66030c2126249759b48d

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:111:f100:2002::8975:2c41 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 21:53:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
status: 200
date: Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges: bytes
content-length: 43
etag: "a6573bc5f023d61:0"

GET
H2 200 trans.gif
f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/ 43 B
81 B 93ms
93ms Image
image/gif 2a01:111:f100:2002::8975:2c41
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com/apc/trans.gif?f5d10258d0054f457ffae09adfec8a22

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:111:f100:2002::8975:2c41 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 21:53:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
status: 200
date: Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges: bytes
content-length: 43
etag: "a6573bc5f023d61:0"

GET
H2 200 trans.gif
86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/ 43 B
243 B 68ms
8ms Image
image/gif 2603:1020:c01:2::3
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/trans.gif?1bbd342cc999685d9e8052e446a7c56b

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1020:c01:2::3 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 21:53:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
status: 200
date: Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges: bytes
content-length: 43
etag: "a6573bc5f023d61:0"

GET
H2 200 trans.gif
86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/ 43 B
81 B 7ms
6ms Image
image/gif 2603:1020:c01:2::3
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com/apc/trans.gif?7456978755ebf67a031d2f607ce018b5

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1020:c01:2::3 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 21:53:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
status: 200
date: Fri, 07 Aug 2020 11:51:45 GMT
accept-ranges: bytes
content-length: 43
etag: "a6573bc5f023d61:0"

GET
H2 200 r.gif Show response
www.atmrum.net/report/v1/atm/ 42 B
195 B 23ms
22ms XHR
image/gif 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.atmrum.net/report/v1/atm/r.gif?MonitorID=atm&rid=e2cca30e2bc95ed151b0f1d774556a94&w3c=true&prot=https:&v=2017061301&tag=602cc9bb0a513db2b327299487211347&DATA=[{%22RequestID%22:%22b28b9221d0641c6f26e5018d5e01c077%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:409},{%22RequestID%22:%22b28b9221d0641c6f26e5018d5e01c077%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:116},{%22RequestID%22:%22f361daca3aff07445f92c3747bd2b71c%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:320},{%22RequestID%22:%22f361daca3aff07445f92c3747bd2b71c%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:94},{%22RequestID%22:%2286f45dcb5d614a14ec56784532507a39%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:69},{%22RequestID%22:%2286f45dcb5d614a14ec56784532507a39%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:7}]
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 07 Aug 2020 11:51:45 GMT
cache-control: no-store
x-msedge-ref: Ref A: 5C1A42700BE14563BF0D4689A2D3219D Ref B: BRU30EDGE0509 Ref C: 2020-08-07T11:51:45Z
access-control-allow-origin: https://www.trustwave.com
content-type: image/gif

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 98 B
238 B 1058ms
1058ms XHR
application/json 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d82df0bfd24b62e856a6d322dc0983a0d74fbd0995272d30fd34ce49d3f5540

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 7292E312-48F1-49C5-BAFB-E07C3DD89279
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
status: 200
date: Fri, 07 Aug 2020 11:51:46 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
content-length: 98

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.addthis.com/	1970-01-19 21:03:35	Name: loc Value: MDAwMDBFVUJFMDAyMjk4MTg1MzAwMDAwMDBDSA==
.addthis.com/	1970-01-19 21:03:35	Name: uvc Value: 1%7C32
.trustwave.com/	1970-01-19 20:18:57	Name: OptanonConsent Value: landingPath=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fgoldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software%2F&datestamp=Fri+Aug+07+2020+13%3A51%3A45+GMT%2B0200+(Central+European+Summer+Time)&version=4.8.0&EU=true&groups=1%3A1%2C2%3A0%2C3%3A0%2C0_32924%3A1%2C4%3A0%2C0_32898%3A0%2C0_32899%3A0%2C0_32900%3A0%2C0_32901%3A0%2C0_32902%3A0%2C0_32903%3A0%2C0_32904%3A0%2C0_32905%3A0%2C0_32893%3A0%2C0_32894%3A0%2C0_32895%3A0%2C0_32896%3A0%2C0_32897%3A0
www.trustwave.com/	1969-12-31 23:59:59	Name: _hjIncludedInSample Value: 1
www.trustwave.com/	1969-12-31 23:59:59	Name: _hjIncludedInCCSample Value: 1
.trustwave.com/	1970-01-19 11:33:21	Name: _gat_UA-123880220-1 Value: 1
www.trustwave.com/	1970-01-19 11:33:22	Name: s-9da4 Value: 82537ce4-2c0e-4626-92c6-f1c4bdf283d6
.trustwave.com/	1970-01-19 11:34:47	Name: _gid Value: GA1.2.1863240545.1596801105
www.trustwave.com/	1970-01-19 11:33:22	Name: ai_session Value: V0XsT\|1596801104899.245\|1596801104899.245
www.trustwave.com/	1970-01-19 20:18:57	Name: d-a8e6 Value: cb1ed8fa-226d-4c3f-8497-0b7c13f22d79
.trustwave.com/	1970-01-20 05:04:33	Name: _ga Value: GA1.2.1075209211.1596801105
www.trustwave.com/	1970-01-19 20:18:57	Name: ai_user Value: KWiQo\|2020-08-07T11:51:44.530Z
www.trustwave.com/	1970-01-19 11:33:22	Name: __atuvs Value: 5f2d405003590928000
.trustwave.com/	1969-12-31 23:59:59	Name: _hjid Value: 812b5ab7-e805-4140-9ba3-e72058959cf6
.trustwave.com/	1970-01-20 05:04:33	Name: _mkto_trk Value: id:815-RFM-693&token:_mch-trustwave.com-1596801104794-39773
www.trustwave.com/	1970-01-19 21:03:35	Name: __atuvc Value: 1%7C32
.www.trustwave.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinityCORS Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890
.www.trustwave.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinity Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

815-rfm-693.mktoresp.com
86f45dcb5d614a14ec56784532507a39.azr.footprintdns.com
az416426.vo.msecnd.net
b28b9221d0641c6f26e5018d5e01c077.azr.footprintdns.com
cookie-cdn.cookiepro.com
dc.services.visualstudio.com
f361daca3aff07445f92c3747bd2b71c.azr.footprintdns.com
fast.fonts.net
fonts.gstatic.com
geolocation.onetrust.com
in.hotjar.com
m.addthis.com
match.adsrvr.org
munchkin.marketo.net
npercoco.typepad.com
player.vimeo.com
px.ads.linkedin.com
s7.addthis.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
trustwave.blob.core.windows.net
v1.addthisedge.com
vars.hotjar.com
vidassets.terminus.services
www.atmrum.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.trustwave.com
z.moatads.com
s7.addthis.com
104.109.95.62
104.18.140.190
147.75.33.229
147.75.33.233
147.75.84.31
151.101.112.217
192.28.144.124
2.21.36.164
204.79.197.234
2603:1020:c01:2::3
2603:1030:1000::58
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:2800:234:660:118e:28f:1d8a:2522
2606:4700:10::6814:b844
2606:4700::6812:778
2620:1ec:21::14
2a00:1450:4001:800::2003
2a00:1450:4001:80b::2003
2a00:1450:4001:816::200e
2a00:1450:4001:81c::2004
2a00:1450:4001:81d::2003
2a00:1450:4001:821::2008
2a00:1450:400c:c00::9c
2a01:111:f100:2002::8975:2c41
2a02:26f0:10c:382::25ea
2a05:f500:10:101::b93f:9105
34.246.206.139
51.140.6.23
52.151.96.240
52.239.152.234
52.49.73.64
92.122.255.233
99.86.7.81
049bf83ad4e353fb4bce7d9fff2ba6b0996aa1a8bbdba76ca83a2ee78c887687
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27
0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe
0dfa4684ad9c52a1a97d91764ef1d404c15dd95ed20f00a2f9f3f4d11df2abf9
13032ef9973485517338726dd9fcb77fa99a21f69fa91dcb48f432c8fe8df225
14da1d6311764bee490145f7909d480858b94fc01c6ba2b5d8c112feabe53a99
19a5abc3ee71d9689286163dd786564ab2d59a118563fc140e62fa96d0d386df
1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982
1d82df0bfd24b62e856a6d322dc0983a0d74fbd0995272d30fd34ce49d3f5540
21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81
2a1c9874549a1cb94b6e0dc5822b4f5ca14386d39214a8145670fc1c50045496
2e45a8996ec5c8b3fce4c3f71fc56ef806673998113d09c32f73c7a3d6efdb38
34ede3e0ed28152b38a721fd42c348162e01e6e53fd526b80e385c095b2b4082
3776502046f781250c25f64f53ca6a5dfb796c3ff900a28f9b854eb63dc593c8
3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b
4014a05aacaa586346e71903afbc4537863681e4df786fa132e4a547cd6cfeb0
40c107ee62b8927c82c86c5487de6da6b506b946f8ef5452421ef5b44bbea363
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3
44f60c08d39f76681af5e1eada34c18b7754a089f1403eea70c86c56c171a425
46647527924f0574eded74e7ef9a93d43044a47dcd1b11b9a203c0a9a8bb65e9
4ae63a3fa9bd6d1be795243d4d3d38e33dbb6593cdcb9447af3b292519609eb5
4b99171ccf97c3a699c661183b30befd0f2cc8d5bbc8d10143dd77da6497ed40
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de
4fb02286499439e694d9a4220d6ca3ab664b2ba4bdb699b9068aa8e6fd5528c6
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5aa59976259ce2568a094d8d2605551354f43fe4b883c26a4de607b99abe8ba7
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
6095b5d40ee85bf118e96ccac747755bd3b33e907d88f52765fbc461212acd0e
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
61bc73b49e96aa8d7ac9c315d14da6d4455e08eae472313058d3d00187590f88
64ed842d23dcee23e4cf9257dd18ce0066a76cd75108e7fc95f13a4a9b0e892c
6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879
6c354c40f91293a1558c447aaf710fb24f11c235cb23ae08f3e5bcfaeb3aabc8
6fbc9436bf1ea8e9568562182031024ae2960a3c3dfdd706ccec19c0fb04b445
719df7954428f52779f3fa18641c19fc854b39394193d87eea5a61795dec8dbe
72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a
771f96b10088b405754149e86af6029c4d288f702e9cbbfe155a07477344bc2d
7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
931d1e18c99133e074631d74ef9b90050a447af3c0cfa7df64c963428d829631
93b1524a3b404177560f00be38ccb97fbdc44a0e9ae7061d652d79b6a07f4bfe
9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e
9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a4e0e060e859237f0792b223041322e21c0e850db78ba107b0616afc4cbd39c5
a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
aac1bb952cbe044084143c5690b71b19ead7016025a3a16a826815f50a90c6b2
ace78f63f590160b0748a26e60d8b453b4d4ac8bc4da20967632bf7e5bcb58e3
aef04833469c4ac740e87c2d8cf43fdb4227aa7ac8d0669703bd49bee337146b
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563
b4c96f55c265e0a80be4243a16f7e88b9a67c85b71b4e2aa8cea4e1aa989b0d1
b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4
ba4eb73fa057cd2e1eb698d44fa27569f4809729a010bc5b932c3d3ad807328f
bd1f1f47a863ac3be54dab002af884683776e666b68d50ec7641ca732991d54f
bf2d7a732f4c2751a36ae6c3e3233639c8800e1b0a3031d9c77d8124c1fc43fd
c0af41da9f52376496beeba05110b06c5ffa60d64a9f28e305177f0cd4550d7a
c750113ac663d3ae3adea8e042237ac1c5ea21f9ad1749efc357ea93acbc5d78
c99841b9fa07daa705c029caca740cbd2d8c4b53b07c5b7999e7fe7da91e6670
cb8fd428f0d96267a4df07e3603d7e9fc4f424096eec1923269d49efa9f31dbb
cbe0e85e5e53990152ffdf4c23ab39beae2543c5fe6ee1ba55ab797805713df6
cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553
df89cc53e851559fba691a5bcd450ca97d68738c4606dc14dd73b9d03b9aaa6e
e28a2515c136d5e7e0cf6e526a385f4b3998d52d8238e09c254fbdc272ce5ac8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b8e2170d21e35516cd6b26600d47ea8507546e68d1a827185ab0eb16b733f1
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef847d41d1db2e6f66c1bc66c0779de7b36b0d31eb16dc369b229e19782ce660
efb0f461e0b9b5a2b0f7bed8e66a32af54a6409faeab15810a786bac64c1ef6f
f422b8961953524e333d562521c3b4e0a2ed33da87079bd92c08ec4389372358
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

www.trustwave.com Open in urlscan Pro 52.151.96.240 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

94 Requests

99 %HTTPS

52 %IPv6

27 Domains

35 Subdomains

31 IPs

9 Countries

2792 kBTransfer

4533 kBSize

18 Cookies

28 Outgoing links

Redirected requests

94 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.trustwave.com Open in urlscan Pro
52.151.96.240 Public Scan

Screenshot
Live screenshot

Full Image

94
Requests

99 %
HTTPS

52 %
IPv6

27
Domains

35
Subdomains

31
IPs

9
Countries

2792 kB
Transfer

4533 kB
Size

18
Cookies

94 HTTP transactions
0 data transactions