urlscan.io logo urlscan.io
SecurityTrails logo

blog.cyberint.com Open in urlscan Pro
2606:2c40::c73c:67e1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/3xaRUrL
Effective URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-...
Submission: On July 30 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 41 IPs in 4 countries across 34 domains to perform 130 HTTP transactions. The main IP is 2606:2c40::c73c:67e1, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.cyberint.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 16th 2021. Valid for: a year.
This is the only time blog.cyberint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.10 396982 (GOOGLE-PR...)
21 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
11 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a04:4e42:3::485 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.217.18.98 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 6 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
5 2a03:2880:f02... 32934 (FACEBOOK)
19 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 3.248.28.111 16509 (AMAZON-02)
6 9 54.74.23.153 16509 (AMAZON-02)
2 2 2620:119:50e3... 14413 (LINKEDIN)
1 1 2620:1ec:22::14 8068 (MICROSOFT...)
1 108.174.10.14 14413 (LINKEDIN)
2 2606:2800:234... 15133 (EDGECAST)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:2c40::c7... 209242 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
12 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f12... 32934 (FACEBOOK)
1 104.244.42.200 13414 (TWITTER)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 2 52.57.47.211 16509 (AMAZON-02)
1 2 185.33.221.89 29990 (ASN-APPNEX)
1 2 34.98.64.218 15169 (GOOGLE)
1 1 142.250.186.130 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
130 41
1    67.199.248.10 (United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly
bit.ly
21    2606:2c40::c73c:67e1 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blog.cyberint.com
1    2606:4700:20::681a:1a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.popt.in
1    2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)
platform.linkedin.com
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
11    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
no-cache.hubspot.com
track.hubspot.com
forms.hubspot.com
2    2606:4700::6811:ba49 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsforms.net
1    2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    2a04:4e42:3::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
6    2a02:26f0:6c00::210:baab (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
s.adroll.com
1    2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
5    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
19    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
www.gstatic.com
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    3.248.28.111 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
d.adroll.mgr.consensu.org
9    54.74.23.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-23-153.eu-west-1.compute.amazonaws.com
d.adroll.com
2    2620:119:50e3:101::6cae:b45 (United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
2    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
3    2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:e6cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:ebcc (United States)

ASN13335 (CLOUDFLARENET, US)
js.usemessages.com
1    2606:4700::6811:71b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
3    2606:4700::6810:5905 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
perf.hsforms.com
2    2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
e.cyberint.com
9    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:20::681a:11a (United States)

ASN13335 (CLOUDFLARENET, US)
display.popt.in
12    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
2    52.57.47.211 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-47-211.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    185.33.221.89 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
2    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
1    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
cm.g.doubleclick.net
3    2606:4700::6810:5705 (United States)

ASN13335 (CLOUDFLARENET, US)
perf.hsforms.com
1    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
Apex Domain
Subdomains		 Transfer
28 gstatic.com
fonts.gstatic.com
www.gstatic.com
2 MB
23 cyberint.com
blog.cyberint.com
e.cyberint.com
1 MB
15 adroll.com
s.adroll.com
d.adroll.com
26 KB
12 google.com
www.google.com
154 KB
12 hubspot.com
no-cache.hubspot.com
track.hubspot.com
forms.hubspot.com
22 KB
6 hsforms.com
forms.hsforms.com
perf.hsforms.com
10 KB
5 facebook.net
connect.facebook.net
238 KB
5 linkedin.com
platform.linkedin.com
px.ads.linkedin.com
www.linkedin.com
px4.ads.linkedin.com
58 KB
3 facebook.com
www.facebook.com
323 B
3 hs-banner.com
js.hs-banner.com
16 KB
3 twitter.com
platform.twitter.com
syndication.twitter.com
133 KB
2 openx.net
us-u.openx.net
478 B
2 adnxs.com
ib.adnxs.com
2 KB
2 bidswitch.net
x.bidswitch.net
876 B
2 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
2 KB
2 google-analytics.com
www.google-analytics.com
19 KB
2 hsforms.net
js.hsforms.net
153 KB
2 bootstrapcdn.com
stackpath.bootstrapcdn.com
42 KB
2 popt.in
cdn.popt.in
display.popt.in
34 KB
1 yahoo.com
ads.yahoo.com
448 B
1 google.de
www.google.de
108 B
1 hsadspixel.net
js.hsadspixel.net
3 KB
1 usemessages.com
js.usemessages.com
21 KB
1 hs-analytics.net
js.hs-analytics.net
20 KB
1 hsleadflows.net
js.hsleadflows.net
85 KB
1 consensu.org
d.adroll.mgr.consensu.org
137 B
1 cloudflare.com
cdnjs.cloudflare.com
27 KB
1 licdn.com
snap.licdn.com
2 KB
1 googleadservices.com
www.googleadservices.com
14 KB
1 googletagmanager.com
www.googletagmanager.com
53 KB
1 jsdelivr.net
cdn.jsdelivr.net
8 KB
1 jquery.com
code.jquery.com
24 KB
1 googleapis.com
fonts.googleapis.com
523 B
1 bit.ly
bit.ly
326 B
130 34
Domain Requested by
21 blog.cyberint.com blog.cyberint.com
js.usemessages.com
17 www.gstatic.com www.google.com
www.gstatic.com
12 www.google.com blog.cyberint.com
js.hsforms.net
www.gstatic.com
www.google.com
11 fonts.gstatic.com fonts.googleapis.com
www.google.com
9 d.adroll.com 6 redirects blog.cyberint.com
8 track.hubspot.com
6 s.adroll.com 1 redirects www.googletagmanager.com
blog.cyberint.com
s.adroll.com
d.adroll.com
5 connect.facebook.net blog.cyberint.com
connect.facebook.net
4 perf.hsforms.com blog.cyberint.com
3 www.facebook.com blog.cyberint.com
3 js.hs-banner.com blog.cyberint.com
js.hs-banner.com
3 no-cache.hubspot.com blog.cyberint.com
2 us-u.openx.net 1 redirects blog.cyberint.com
2 ib.adnxs.com 1 redirects blog.cyberint.com
2 x.bidswitch.net 1 redirects blog.cyberint.com
2 e.cyberint.com blog.cyberint.com
2 forms.hsforms.com js.hsforms.net
2 platform.twitter.com blog.cyberint.com
platform.twitter.com
2 px.ads.linkedin.com 2 redirects
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 js.hsforms.net blog.cyberint.com
2 stackpath.bootstrapcdn.com blog.cyberint.com
1 forms.hubspot.com js.hsleadflows.net
1 cm.g.doubleclick.net 1 redirects
1 ads.yahoo.com blog.cyberint.com
1 syndication.twitter.com platform.twitter.com
1 www.google.de blog.cyberint.com
1 display.popt.in cdnjs.cloudflare.com
1 js.hsadspixel.net blog.cyberint.com
1 js.usemessages.com blog.cyberint.com
1 js.hs-analytics.net blog.cyberint.com
1 js.hsleadflows.net blog.cyberint.com
1 px4.ads.linkedin.com blog.cyberint.com
1 www.linkedin.com 1 redirects
1 d.adroll.mgr.consensu.org 1 redirects
1 googleads.g.doubleclick.net www.googleadservices.com
1 cdnjs.cloudflare.com cdn.popt.in
1 snap.licdn.com blog.cyberint.com
1 www.googleadservices.com www.googletagmanager.com
1 www.googletagmanager.com blog.cyberint.com
1 cdn.jsdelivr.net blog.cyberint.com
1 code.jquery.com blog.cyberint.com
1 fonts.googleapis.com blog.cyberint.com
1 platform.linkedin.com blog.cyberint.com
1 cdn.popt.in blog.cyberint.com
1 bit.ly 1 redirects
130 46
Subject Issuer Validity Valid
blog.cyberint.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-17 -
2022-07-16		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2019-10-10 -
2021-10-14		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2021-07-05 -
2021-09-27		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2021-06-26 -
2022-06-25		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-30 -
2022-06-01		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
adroll.com
R3		 2021-06-14 -
2021-09-12		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-04-30 -
2022-05-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-07-20 -
2021-10-18		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
adroll.mgr.consensu.org
Amazon		 2020-10-08 -
2021-11-07		 a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-04-15 -
2021-10-15		 6 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-05 -
2021-11-09		 a year crt.sh
e.cyberint.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-07-05 -
2021-09-27		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
*.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-07-08 -
2021-08-25		 2 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh

This page contains 6 frames:

Primary Page: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Frame ID: 678EFEEFA8BA11CCD519CD99E3C34C4A
Requests: 93 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html?origin=https%3A%2F%2Fblog.cyberint.com
Frame ID: F10A94A4F77FAF46DB814323FED07EA0
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
Frame ID: 6B5F5F908376521873E2852CBC34A41C
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=cddlr27ar0w8
Frame ID: 22B7524FA4B4FB192A67A738A83C3DC3
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
Frame ID: 568EB041BB95B535C8238E67F18AE88D
Requests: 11 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
Frame ID: 0B024E8A482586E84929F2C81949E073
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bit.ly/3xaRUrL HTTP 301
    https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

130
Requests

100 %
HTTPS

78 %
IPv6

34
Domains

46
Subdomains

41
IPs

4
Countries

4627 kB
Transfer

7624 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/3xaRUrL HTTP 301
    https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35
  • https://s.adroll.com/j/exp/BE4SF7FEGVGFXP7BD5QACA/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 37
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/BE4SF7FEGVGFXP7BD5QACA?_s=dffe969e15cc93ab60fe4f7a157f103d&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/BE4SF7FEGVGFXP7BD5QACA/?_s=dffe969e15cc93ab60fe4f7a157f103d&_b=2
Request Chain 38
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D63710%26time%3D1627639591538%26url%3Dhttps%253A%252F%252Fblog.cyberint.com%252Fqakbot-banking-trojan%253Futm_content%253D174174610%2526utm_medium%253Dsocial%2526utm_source%253Dtwitter%2526hss_channel%253Dtw-2930991403%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&liSync=true&e_ipv6=AQLMp6Vd_Ie_kAAAAXr24TZIvUSp9xy7ohZKMMd9ZHgHtnSjeetfdlQRzOJKYj3DGJCBBs5T
Request Chain 61
  • https://d.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&pv=86189322109.64001&cookie=&adroll_s_ref=&keyw= HTTP 302
  • https://s.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK/DRDERMHHEVCSNFAV4TGYNP.js
Request Chain 67
  • https://d.adroll.com/cm/r/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&advertisable=BE4SF7FEGVGFXP7BD5QACA HTTP 302
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 68
  • https://d.adroll.com/cm/b/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&advertisable=BE4SF7FEGVGFXP7BD5QACA HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
Request Chain 69
  • https://d.adroll.com/cm/x/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&advertisable=BE4SF7FEGVGFXP7BD5QACA HTTP 302
  • https://ib.adnxs.com/setuid?entity=172&code=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
Request Chain 71
  • https://d.adroll.com/cm/o/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&advertisable=BE4SF7FEGVGFXP7BD5QACA HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=c5276c0b704001b93e582c696bd0aeca HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=c5276c0b704001b93e582c696bd0aeca
Request Chain 72
  • https://d.adroll.com/cm/g/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&advertisable=BE4SF7FEGVGFXP7BD5QACA&google_nid=adroll5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=xSdsC3BAAbk-WCxpa9Cuyg HTTP 302
  • https://d.adroll.com/cm/g/in

130 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request qakbot-banking-trojan
blog.cyberint.com/
Redirect Chain
  • https://bit.ly/3xaRUrL
  • https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
95 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
f8dfdf89d6ffe1b192f7b71835fa074d7afc03c0081c3a1251f7647c2c08afee
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Request headers

:method
GET
:authority
blog.cyberint.com
:scheme
https
:path
/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
content-type
text/html; charset=UTF-8
cache-control
s-maxage=10800, max-age=0
etag
W/"1bb537c0416187396e6165168146746d"
last-modified
Mon, 26 Jul 2021 13:01:05 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>; rel=preload; as=script
strict-transport-security
max-age=0
cache-tag
CT-40044592360,CT-43069738158,CT-47391769108,CT-51490530949,CG-3864586341,P-2034462,E-24322028895,E-24322028942,E-24322790892,E-24322925115,E-27290736511,PGS-ALL,SW-1
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-40044592360,CT-43069738158,CT-47391769108,CT-51490530949,CG-3864586341,P-2034462,E-24322028895,E-24322028942,E-24322790892,E-24322925115,E-27290736511,PGS-ALL,SW-1
referrer-policy
no-referrer-when-downgrade
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cf-cache-status
HIT
x-hs-combine-css
Disabled
x-hs-content-id
43069738158
x-hs-hub-id
2034462
x-hs-prerendered
Mon, 26 Jul 2021 13:01:05 GMT
x-powered-by
HubSpot
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebiRMrPlZNxWAqQmQocU%2Ft88ttTiIdBJ9Qbvb1L7AoZYKlKns0IbIeBifqDPOKlC42EaEfV8plOFBkDehChm%2FUzc%2BdaRicOcGqw%2FuLaM95%2BFisVPJQ6tNrtqxgIvngOCwVg6lQrSWWNBUyQn4iiC"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
set-cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; path=/; domain=.blog.cyberint.com; HttpOnly; Secure; SameSite=None
server
cloudflare
cf-ray
676dc65048d94e67-FRA
content-encoding
br
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>

Redirect headers

server
nginx
date
Fri, 30 Jul 2021 10:06:30 GMT
content-type
text/html; charset=utf-8
content-length
231
cache-control
private, max-age=90
content-security-policy
referrer always;
location
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
referrer-policy
unsafe-url
set-cookie
_bit=l6ua6u-168aafbf8bc8762a45-000; Domain=bit.ly; Expires=Wed, 26 Jan 2022 10:06:30 GMT
via
1.1 google
alt-svc
clear
index.js
blog.cyberint.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/ 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 9c7e5857d78c5dc89042979317de5843.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6644886
x-amz-server-side-encryption
AES256
cf-ray
676dc650b9fb4e67-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
DEN50-C2
content-encoding
br
last-modified
Fri, 14 May 2021 12:13:32 GMT
server
cloudflare
etag
W/"006946e614d6ef469f5c9e46b4836d15"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCyGjE0A8vRvEyip6LZa9YDn1LXRa%2BIU%2BHdhpRZC%2FivCRm%2Bx8ZKJRMglkFaca%2F7hNYA4q4iisGCscMFkTryu1oL2EadVsfM4WyIiBqh12sCrkx7kk%2BYQVJeQQk6HfWbkPcQS0ALHz7Wv3S1GeEzG"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
NS5brkaR0OO1ViABjiLPNZKumB_gwu3c
cache-control
public, max-age=31536000
set-cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; path=/; domain=.blog.cyberint.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
I1j6RqtXQalDbXMhdqYXqor4a2LFOh4E-WrqLmy0b_M1v_wzGxNReA==
expires
Sat, 30 Jul 2022 10:06:30 GMT
jquery-1.7.1.js
blog.cyberint.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 89a45b9ac94fb6c6e52c37fdd89a6cb1.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
11192724
cf-ray
676dc6517b824e67-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBS7xj2p5V7nqFckdWLSG3H9lx4ECy%2FICzYo2wBJl5K0Y3ord9V9oJhl3q%2BLe5bMBM7idfZE41xQJMjS%2FWTNNvkOm5DEeQ8DbrbbGxkFs50aVm4z1Wnjh4UF0cQPfFvDbPt3J%2FnUhAeJE2gyTYcB"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
MUC50-C1
content-type
application/javascript
x-amz-cf-id
uvar5S_Za3dK85YyzXeF9Juu2xF5FRZKLPmzTFmNHquwiPqBpBjL9A==
expires
Sat, 30 Jul 2022 10:06:30 GMT
pixel.js
cdn.popt.in/ 		139 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.popt.in/pixel.js?id=19a9d94a0b5b1
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b53cbe68a0e783eff30af9c1a1ac9e12d159625525fe7cde018f73372408e611

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 6def1f0ddc805dce17407cce01d5b32d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4682
cf-ray
676dc65289de4e98-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Mon, 26 Jul 2021 12:49:23 GMT
server
cloudflare
etag
W/"ecc60cf0afa01757c5628b2a892a1b3b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvinXBXfl1eShoX4Al0xvC4QYCuDtgOiy5a6TxZ86lyNVlxk0eTONyRfgc5edCYbfTvt1VLCcYmiMYr0po9Ob%2F%2By7Qbp2SKArKcHJw03FTm5%2B6IKY5NS256cbpkS88UOPzg0KnJf%2Fd3j"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
mkWRd2kZFw.E.7RRhcWw7KwpfIrUcRu3
cache-control
max-age=1800
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
yjIpykLh3op0pjDcUxHWkLi2tONpKPOmo-B8Qeqx5SP3ds9_k9d01w==
in.js
platform.linkedin.com/ 		181 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash
63c7b39a3b50c20a1c22fa0187116b2ee65666739b4f0de4fef8aab44095a97c

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
content-encoding
gzip
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
2062
x-cache
HIT
x-cdn-proto
HTTP2
content-length
55566
x-li-uuid
Ibj8ULWHlhagww3ukysAAA==
server
ECAcc (frc/8F0A)
last-modified
Fri, 30 Jul 2021 09:32:08 GMT
x-li-pop
prod-edc2
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
x-li-proto
http/1.1
x-li-fabric
prod-ltx1
expires
Fri, 30 Jul 2021 10:32:08 GMT
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 		156 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://blog.cyberint.com
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617, 617
age
8469014
cdn-cachedat
2021-04-23 11:19:01
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:09 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
55fb968ebb35cbdf9ed154f7da4b8e00
cf-ray
676dc65199c61f4d-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
css
fonts.googleapis.com/ 		2 KB
523 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,700&display=swap
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
09b79d8b7062df5a53d682a0258e638a30f1cc3be42ad6c200a109ea03d91c11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 30 Jul 2021 09:19:11 GMT
server
ESF
date
Fri, 30 Jul 2021 10:06:30 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 30 Jul 2021 10:06:30 GMT
blog.min.css
blog.cyberint.com/hs-fs/hub/2034462/hub_generated/template_assets/24322925115/1623236499948/Templates/Custom/Blog/2020/resources/css/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs-fs/hub/2034462/hub_generated/template_assets/24322925115/1623236499948/Templates/Custom/Blog/2020/resources/css/blog.min.css
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3474cbf641e8c6d4e0badea00e88363030d629587449aaff074670dfb631cd3e

Request headers

:path
/hs-fs/hub/2034462/hub_generated/template_assets/24322925115/1623236499948/Templates/Custom/Blog/2020/resources/css/blog.min.css
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1623236500041
date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 d1cde188ada6755fe03b8541b71fce4a.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
61X6D32TPF8A7ZJ3
x-amz-id-2
YDWkEID/m2ZAJpQnan9ZkT0etkcfUHe+2OaKKjAjp19jyM8pqD/m+j7bku4meRxTQQdLqgdI0ok=
last-modified
Wed, 09 Jun 2021 11:01:41 GMT
server
cloudflare
etag
W/"213649166e218f0458033f5b972ad7b2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTU4qdYJR8Z2GA0S5TqDsB%2B%2FDydBmORqIT0TLCU4Gao1xWtNvtIBFF02BHQWSp29WfvCbsO2tDyMZ0m3fhld40qiN97RHuQTLXQ9tHP91KoMF2JRYrz7eOHYe1piolhvP2e%2BnhNQl9Lblqm7cSw5"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
zvnovJsGQzJQZ44oGpufBa9GZ2lkppja
cf-ray
676dc6517b814e67-FRA
x-amz-cf-id
zUvrfyX0dAPLqC6XqKu9yh7VDeCV5XNj2uT7rRw1kBEfvwsXUaXI7g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
cyberint-logo-black.png
blog.cyberint.com/hs-fs/hubfs/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cyberint.com/hs-fs/hubfs/cyberint-logo-black.png?width=168&name=cyberint-logo-black.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
12a1493d63d8060f52c56d2e672f3d1c7db5c1ead7db572190dc7e459c6f2e4a

Request headers

:path
/hs-fs/hubfs/cyberint-logo-black.png?width=168&name=cyberint-logo-black.png
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
181203
cf-polished
origFmt=png, origSize=3324
edge-cache-tag
F-27169144612,P-2034462,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="cyberint-logo-black.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
1860
x-amz-server-side-encryption
AES256
last-modified
Fri, 16 Jul 2021 20:54:11 GMT
server
cloudflare
x-cache
Miss from cloudfront
etag
"ae21632f356458c38c00d78bdf383222"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mYUwaEl%2Fza8eyt3TSSoIiUcDNVuAcHLmd4VEaIV0af8BNhCGr81Fnx2VXVdwu8blQCcHgoLms3BV7cZS%2BWZRRd9C%2BfAs4atBY263ZbxboFGAFglX4zfpc97J5zBWxhb6LoZBWHUMh4A187B30gs7"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
676dc6521cfb4e67-FRA
x-amz-cf-id
c-xi8jyneLqeFILlnprL1vFxX421aO7sk112kdrTwjFDCImWzjBAhg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
1ceb89cf-57eb-40a3-8156-b3388e8dec97.png
no-cache.hubspot.com/cta/default/2034462/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/2034462/1ceb89cf-57eb-40a3-8156-b3388e8dec97.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e888f08efada4184795c3b13a29db86c33f4032ecc5eb3503fe856804c54495c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-request-id
7RK0H7BSKCGJMKXB
x-amz-server-side-encryption
AES256
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
5518
x-amz-id-2
ZuJZ3Uc3+pHJlx574I+XpC/+SHs9SZJzlGgYlml22GlMo8ONWZLFkqcJ3ira61TOvjq8Xu9Z2h4=
last-modified
Sun, 21 Mar 2021 09:24:34 GMT
server
cloudflare
etag
"e7ed268af3a44d10028e8fa6cd630a03"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTczxHHoX1qEfMIGwSgKjUaeo8%2BkCsursnwkTT4lF8%2BF8UF2NIphkXQf%2FfPXu8NhZ3QJLA%2BP2%2FUf3oKefLLinESVIp29TdEpZqQTakcdLjVlnZbgwQ4KANj8fx3b6sBrBI%2Bp47%2FosRheQS2EDOpLrSse"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
676dc6528d314dca-FRA
current.js
blog.cyberint.com/hs/cta/cta/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/cta/current.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca87f2cdfb3fc95cae4af1bc9664ef564eeade8e186d5592dad78c5f642dd6e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/cta/current.js
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 e685e9e08c2e4b105f4d86b35da50629.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
361
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.49/bundles/current.js&cfRay=676dbd7dd4ba4e32-IAD
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
676dc6521cf54e67-FRA
last-modified
Wed, 21 Jul 2021 02:35:14 UTC
server
cloudflare
etag
W/"d3c79533ee092c2e563b6e2966452f6d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kb5sLHT0pMVXmQUhb6xyLZpM5%2B7NR6LQO%2Bqq6iK33wyE6VQOP%2FmcvB2pxMQCbFJeZ1dGsn74%2FjcI93s3HCW1eNtNfPfbAShHp6Y%2FCHEgpEJ452vvXNNOw%2F7NclN%2BKJzNmJ2rgPoMX5qsKPZaU2Ni"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
6JERFIQMItJBXWecH0KXCSXLhc7BXiXq
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
Yra7KxRuMWOIRBgN--YlK43CkkMdO_vTvJ3vhGozmkkN3B_IEu0xZw==
x-hs-target-asset
cta-embed-js/static-1.49/bundles/current.js
0af777c2-7cd2-4f9c-ba27-284cb90db352.png
no-cache.hubspot.com/cta/default/2034462/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/2034462/0af777c2-7cd2-4f9c-ba27-284cb90db352.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1737d3785f5ac4f04c2f4b0a73e296fa3ca78df1282f5afcb74d12505e638c08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-request-id
7RK9K6Y6K69X7RA4
x-amz-server-side-encryption
AES256
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
3177
x-amz-id-2
hmjNwgfo+2pS2N5Dqi4CoQUtP6YY0U59VgysWsLk8MdIIe/fYO6U8pYW4wejKgYrIFtprr8f4Hs=
last-modified
Wed, 10 Mar 2021 10:10:37 GMT
server
cloudflare
etag
"1f351f24af9cf56e4e9ec05c46d7da95"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bu8ARCZLzJUAEoFysvfp0jzgfFcWXoJc0ULkcTYc%2B7lH8HdCT0yaoZEr6vbKOjIRJO8RaV0aLi6blZ7N%2F6LklZ6ZriB2gP3KpNbpRXxyx5WA6SqiygB3W%2BeAKXaRQAzqsOV5LSGjW7ZoFGj2CK1OYMrn"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
676dc6528d354dca-FRA
0e3e1135-48c4-4857-bff6-5256aa012bf9.png
no-cache.hubspot.com/cta/default/2034462/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/2034462/0e3e1135-48c4-4857-bff6-5256aa012bf9.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d6309a2ae9d34ab2ab6f0ee99c7384803ab566790c47970874275701b2e25fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-request-id
7RK6AEQW4R7RSW5M
x-amz-server-side-encryption
AES256
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
6012
x-amz-id-2
IzR3Pn5lgsBESfMviY//+3RsSDe/kGREIYaZBlsP16pyPdK+KuUAgnGgea9HUOoM9Tr0bLi959Q=
last-modified
Mon, 08 Mar 2021 09:03:41 GMT
server
cloudflare
etag
"0da10d609ad6b34ddb32da3f898c2c04"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pcNBfbCFIzoqnm%2BoCT%2BImwWMSYhcviXWwCsl6%2Fjq7ZA0MCKnEUFkk7EBJtnd%2Fwhb5xIhPK%2B%2Bnzj06VqtuobkozK3NFURLEzNLoWiQBocnsFQdOUSP3edz6NbgpuHqItleZuIkjPfGonMRLuLWJXD43AN"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
676dc6528d364dca-FRA
2034462.js
blog.cyberint.com/hs/scriptloader/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/scriptloader/2034462.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7390d0613c72c425c7b36d4e7de28a3bc61eed1d42216cb8fa66736b9d5722c4

Request headers

:path
/hs/scriptloader/2034462.js
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
b6841f3f-a5a6-402a-8aa7-75216e87c04b
server
cloudflare
x-trace
2B14D19EF861CDDFA228C55F6E4D0CC82DEDA8523D000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V64Zs3QStoiYYONAA3BnEvWyB6l58xsjDqigmkW1Pc1VBzcq7SoGu70sIdwybrHcEUVLanmuFVttY7XnkGqq1Lw3j46tQ8oSmoeLxdxbvMFt5%2BsDYQPKgMNEObYxQtXzSwj4w5YuvDRBa%2BnmUuKB"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
676dc6521cfc4e67-FRA
expires
Fri, 30 Jul 2021 10:07:30 GMT
path@2x.png
blog.cyberint.com/hs-fs/hubfs/blog-2020/ 		116 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cyberint.com/hs-fs/hubfs/blog-2020/path@2x.png?width=11&height=12&name=path@2x.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1800c3cd3d9cb287a17eac011c15c5b25c8c14381a7c5a6bf339677c00aed48

Request headers

:path
/hs-fs/hubfs/blog-2020/path@2x.png?width=11&height=12&name=path@2x.png
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 0fbab52df0695e2a561cd26eb7f9484d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
261014
cf-polished
origFmt=png, origSize=636
edge-cache-tag
F-24456038269,FD-24354545315,P-2034462,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="path@2x.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
116
x-amz-server-side-encryption
AES256
last-modified
Fri, 16 Jul 2021 20:54:10 GMT
server
cloudflare
x-cache
Miss from cloudfront
etag
"a464839df787140c6c730db7dc6a9567"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IX0%2FH6TPf%2Fnu7subSW9hyxtwxwlTiRJRjl6kgFlXpH9fTuZ5QA3koPNb8GP%2BvZ6U%2B4Ph3o6FSbN8CsKLSfaL72VcjkMJH4%2F0499TPHBkYmpBCQ6YYc8DCLNM96D8byzhgOJhdswTfoU%2BJ%2BivGZB4"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
676dc6521cff4e67-FRA
x-amz-cf-id
j13AD31nVoj-x6SOSsQAh7IneP_yJaNcXSPu7eWhIbsKq8WxFLp-hw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
v2.js
js.hsforms.net/forms/ 		569 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ba49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 f37f104903bda438e8b0547be6e0c193.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
546
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Mon, 26 Jul 2021 08:58:31 UTC
server
cloudflare
etag
W/"54f88eaced1496c532226765043c50e7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CfVBKULv2aO60N8CIU9O0ERr5on1mdN2%2F94ugSdJ3oFtdckls7pWilomT4bdSrES0shOv7BURb3z5zs2AyVCFO%2Bp7%2FGQfcLzzbHx2ewijWVDMqZVxYAy2jMdhW4zeicjWnu2ZmzHirMj2LTz"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
CD.EJgxkQT0UFVsMcBVdkshUHUGkYwIo
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-C3
cf-ray
676dc6528f4f4d89-FRA
x-amz-cf-id
Zr-TeyDwB-DRsOohEDy8-tnu3Il0KRKD4Di4p7ArQaq7ftidLq0fcQ==
x-hs-target-asset
FormsNext/static-5.349/bundles/project_with_deps.js
v2-legacy.js
js.hsforms.net/forms/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/v2-legacy.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ba49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f32502dea46f2d30ba171ef19366fd6a1448d1126accedfbdec06673300dd94d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
via
1.1 4638ed8bcd9a9c4a4ffe655049a6e058.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Mon, 26 Jul 2021 08:58:31 UTC
server
cloudflare
etag
W/"4122e9e8a9bce4c99d98f1b09cb12034"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08YDTvOC%2Fun8YVSKv2kR5IV7Up9975znM94sRp1VM9JFyI1iOXaXsslNEEzsAnY%2BrAtYyseWvAoJ0uZsKEb3NPzu5oV1cOs1O51qacksIr7mjIjBO4wwjbQqE9qvNLSAc1BhWUJxA6buq5%2BA"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
s1mdffGdg5dMsg_8FLwxMEp6Do.AeKRO
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
cf-ray
676dc6528f514d89-FRA
x-amz-cf-id
wZWIitFitD9i_0z97D28tAQDEtF-5q8dWGMkExTSEZxZRrkBf-oAbQ==
x-hs-target-asset
FormsNext/static-5.349/bundles/legacy.js
jquery-3.4.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.slim.min.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f

Request headers

Origin
https://blog.cyberint.com
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
content-encoding
gzip
last-modified
Wed, 01 May 2019 21:14:27 GMT
server
nginx
etag
W/"5cca0c33-1157d"
vary
Accept-Encoding
x-hw
1627639590.dop230.fr8.t,1627639590.cds276.fr8.hc,1627639590.cds260.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
24328
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://blog.cyberint.com
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
4438590
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
7510
etag
W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
x-served-by
cache-fra19175-FRA
date
Fri, 30 Jul 2021 10:06:30 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ 		59 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://blog.cyberint.com
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
8649832
cdn-cachedat
2021-04-21 08:26:15
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:09 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
c97182d1258f49798566ee436ab26788
cf-ray
676dc6524e55c2c2-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
main.min.js
blog.cyberint.com/hs-fs/hub/2034462/hub_generated/template_assets/24322028895/1606301973764/Templates/Custom/Blog/2020/resources/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs-fs/hub/2034462/hub_generated/template_assets/24322028895/1606301973764/Templates/Custom/Blog/2020/resources/js/main.min.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
23c9b5d338c5a1bf8a523bf3189e53dd673eea1198f206d6df911d791c55f421

Request headers

:path
/hs-fs/hub/2034462/hub_generated/template_assets/24322028895/1606301973764/Templates/Custom/Blog/2020/resources/js/main.min.js
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1606301973764
date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
TP7R16Z249ZBGVZF
x-amz-id-2
tljWptmmq+392bT8ljzKLnmN0H4CEH6P89lXZEFV2vGDXe37TQCreRgDL9KFsSg4f2UQ6c7gzJw=
last-modified
Wed, 25 Nov 2020 10:59:34 GMT
server
cloudflare
etag
W/"f7d9c2aea8da8c8b69e16f522ade0e2a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uG7KLVPofU2gOWG7Th3y4A1wkbPKF1dwWq3nR1RE5egFXH74k5R68mJ%2FdRfikTYrJIQi0xTse5WJfTxSFUqGAnHQ74KyUDUcqtU9RgM10FDjpE2zjy7xJaOUpZ312p08Eqaz9oD%2BOtLKTyERroaJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
ULax_SWTDM7FAxWzFi3dXX8rAjNCxtT8
cf-ray
676dc6521cf84e67-FRA
x-amz-cf-id
Q15NnYTIOXzuoCj1c_LDzMKA_i-eBHRULfugTM5w0aNXEB6oJ49-Iw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
gtm.js
www.googletagmanager.com/ 		147 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KHHKHT7
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b6040fa2212e9b83fa22ce058f5e01e9443a37b995240f3727eb56560120beac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53904
x-xss-protection
0
last-modified
Fri, 30 Jul 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 30 Jul 2021 10:06:30 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHKHT7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
cafe /
Resource Hash
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13910
x-xss-protection
0
server
cafe
etag
8154934153164151798
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 30 Jul 2021 10:06:30 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHKHT7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 13 Jul 2021 18:24:06 GMT
server
Golfe2
age
2886
date
Fri, 30 Jul 2021 09:18:24 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19672
expires
Fri, 30 Jul 2021 11:18:24 GMT
roundtrip.js
s.adroll.com/j/ 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHHKHT7
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f39b33985c6844a47f6a09814dbca3774741c25ac9f1ba9def77e971c585d74f

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
D52ehfg9OO7FtQN52x3RLUWUByNmr2V4
Content-Encoding
gzip
ETag
"024667f8116bfa071b0d294fcb1fbd58"
x-amz-request-id
0RD9AKQTQ36X61FQ
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
13713
x-amz-id-2
DK7WPCrs30fplCtbJDknNAIhqQm3HtHLCSpq0ADHRFa14QfuCZA+OL6A/hgHDD1CCaGGf+Lt670=
Last-Modified
Fri, 23 Jul 2021 19:19:35 GMT
Server
AmazonS3
Date
Fri, 30 Jul 2021 10:06:30 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 30 Jul 2021 10:06:31 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 01:25:13 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=23462
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2079
fbevents.js
connect.facebook.net/en_US/ 		98 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
25944
x-xss-protection
0
pragma
public
x-fb-debug
u1lsOShM9W0rX28IR9enKefHBJYACD6Sfs2BNwZ3QYMfBE+FFd59nCVvSfErAf7BbmgcFrAqd6hGtFC6E2ctrA==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Fri, 30 Jul 2021 10:06:30 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.cyberint.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 00:16:41 GMT
x-content-type-options
nosniff
age
294590
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:10:46 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 00:16:41 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.cyberint.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 08:34:22 GMT
x-content-type-options
nosniff
age
264729
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:12:12 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 08:34:22 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ 		84 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: cdn.popt.in
URL: https://cdn.popt.in/pixel.js?id=19a9d94a0b5b1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2046710
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
26909
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-14e4a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATgAron%2BNQD1FWjO28eZhWxTDmDvPrqd9Itx4CqLWTNP%2FqQThaw4dGr%2BtLvr3pTXG%2BndOtfb4M9H2PJjoF45BM0GgXwHFePwFUMdZZTpDWGClalzOa%2Fd5AUrmd7papf8Omq3NrjK%2BiBxHpIhS1Zwq2e5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
676dc654ab7b05f5-FRA
expires
Wed, 20 Jul 2022 10:06:31 GMT
Qakbot%20Ransomware_5.png
blog.cyberint.com/hs-fs/hubfs/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cyberint.com/hs-fs/hubfs/Qakbot%20Ransomware_5.png?width=957&name=Qakbot%20Ransomware_5.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d35402c518fbe3c9d7cb2197064007661e33729d6784d170c2ed99095e43706

Request headers

:path
/hs-fs/hubfs/Qakbot%20Ransomware_5.png?width=957&name=Qakbot%20Ransomware_5.png
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

age
97325
x-amz-server-side-encryption
AES256
edge-cache-tag
F-43069810870,P-2034462,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Qakbot%20Ransomware_5.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
cf-bgj
imgq:85,h2pri
etag
"f6b518e9fbb3966a0a26255b797d7d1d"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1615719263724
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 530b01c2c88db2b27d295e2504b501cb.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=46036
x-cache
Miss from cloudfront
x-amz-meta-index-tag
all
content-length
29242
last-modified
Sun, 14 Mar 2021 10:54:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXTHW%2Fx5r5IHV7lsJ17MMe8epo%2FSAvkKmiapfloSnJQBhd%2BbBq6GXHCMyzm%2B7QwBvf0%2BE8US4STOBzKJVl7ntp0JHWAS5k%2Bnryb1acQpxBXoOm5vI%2BX5i%2FW97Qvr46yZyI4IzBd1%2BtVrZc4ZZNsd"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
676dc6560db44e67-FRA
x-amz-cf-id
Kgs2Mmk_q63KfHEYjKnvEmUQBfkQ6HXuC1Zi2Ay5gljkTABW_gr_8A==
Qakbot%20Ransomware_1.png
blog.cyberint.com/hs-fs/hubfs/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cyberint.com/hs-fs/hubfs/Qakbot%20Ransomware_1.png?width=783&name=Qakbot%20Ransomware_1.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fe4e966b8877173e1ec822c1ddf1b43885734d85dac80b8b2616952c516ed18

Request headers

:path
/hs-fs/hubfs/Qakbot%20Ransomware_1.png?width=783&name=Qakbot%20Ransomware_1.png
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

age
97325
x-amz-server-side-encryption
AES256
edge-cache-tag
F-43069784095,P-2034462,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Qakbot%20Ransomware_1.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
cf-bgj
imgq:85,h2pri
etag
"b8d4959f9088d8d924a00ec4959c1409"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1615719263778
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=80355
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
43410
last-modified
Sun, 14 Mar 2021 10:54:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2BlXq%2BtQMtFqw47jAlUaJcKIBLAOGbSiiO3CVCEs2CMYtge7c2Sgl7BsuS8vGG%2F4276mkoKBe8zrA9ioS96%2Fwd3NX5A5g%2BWEi1A8VgDRmAF%2BofR0mKnfH4qYQKEBBkuAAZOJJPt9RkzW4djzCBt0"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
676dc6560db84e67-FRA
x-amz-cf-id
ZqmnCydo6CwB8jHkfVl_FKfsEEV1lRh8S-pPGpoH5NqYWWeRptrMmA==
Qakbot%20Ransomware_2.png
blog.cyberint.com/hs-fs/hubfs/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cyberint.com/hs-fs/hubfs/Qakbot%20Ransomware_2.png?width=432&name=Qakbot%20Ransomware_2.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
914719de2c2da276b7df8f8598b5b07697964b34c2d3af569b2f1573aea6b335

Request headers

:path
/hs-fs/hubfs/Qakbot%20Ransomware_2.png?width=432&name=Qakbot%20Ransomware_2.png
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

age
97326
x-amz-server-side-encryption
AES256
edge-cache-tag
F-43069791609,P-2034462,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Qakbot%20Ransomware_2.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
cf-bgj
imgq:85,h2pri
etag
"52f7e0996a1f85b19c34fd8544e05ef1"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1615719263613
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=13632
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
7310
last-modified
Sun, 14 Mar 2021 10:54:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6m%2Flo4SlI03Gghw5gBPD1yXzi1jWjJd0nJmMg0uFtN8GmJGQmwn7rfNfJ7hW5PaTriQbjjyA7GS5gVxXMgzvB%2B8f5k2cl90zYnyi%2B62qfrNaGH7fdF3wHOoF3rJEfdGWimU3aRv0YUTHkiTpoT3K"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
676dc6560db94e67-FRA
x-amz-cf-id
dOG7ov8QdYshYkfYez7s_TWoicWOp5QIPQZKBss7EoTx26LjJvUaFQ==
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1876121846&t=pageview&_s=1&dl=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&ul=en-us&de=UTF-8&dt=Qakbot%20Banking%20Trojan&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=221471047&gjid=169544146&cid=1438670174.1627639591&tid=UA-30919829-1&_gid=1095497033.1627639591&_r=1&gtm=2wg7s0KHHKHT7&z=979807200
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.cyberint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/893131752/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/893131752/?random=1627639591524&cv=9&fst=1627639591524&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&tiba=Qakbot%20Banking%20Trojan&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0de44d3701ece1afac265f6378fa44cb4ed453e7e48ed8b2e5b65b3234dda3d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1076
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1656046231337816
connect.facebook.net/signals/config/ 		253 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1656046231337816?v=2.9.44&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7d027bc7c94d0de958ada8868ba5536c3a503b41669eff755bceef581de61085
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
1BuCzZgGMj/ifUfyYelNQX8KzlrXILR4W1ZhXZ4OraKGsdssrPVzhjxqVeiguGsItWCTGJPEAg05hK84gLKOxA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coop_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 30 Jul 2021 10:06:31 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/BE4SF7FEGVGFXP7BD5QACA/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
negMAsSEs.M1Zq1srV8VMS7DU8lxhds7
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
PVEJB32D62PZ7QQB
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
+lA2lXF/kq/ujOvt+INtw08Fx4bZTFRaEiOA0eOd2jl3+U7b/XkzWjlVjEUaPxszx8mmbr8ofFk=
Last-Modified
Mon, 19 Jul 2021 22:23:14 GMT
Server
AmazonS3
Date
Fri, 30 Jul 2021 10:06:31 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Fri, 30 Jul 2021 10:06:31 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK/ 		0
773 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
RSjK0Zbq47l.pAM3lY3pvf.mn9MsnU8l
Content-Encoding
gzip
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id
6K8BMP3DYQB3FY0R
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
x-amz-id-2
z6EAB37vYQIwDPAYwoBsE9QPS2IfwbGZ9uINY0MVVHDzhZw9quzz0Cg2mw6DZk2s0B8FI4hWXc8=
Last-Modified
Fri, 30 Jul 2021 01:35:48 GMT
Server
AmazonS3
Date
Fri, 30 Jul 2021 10:06:31 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/BE4SF7FEGVGFXP7BD5QACA/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/BE4SF7FEGVGFXP7BD5QACA?_s=dffe969e15cc93ab60fe4f7a157f103d&_b=2
  • https://d.adroll.com/consent/check/BE4SF7FEGVGFXP7BD5QACA/?_s=dffe969e15cc93ab60fe4f7a157f103d&_b=2
395 B
862 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/BE4SF7FEGVGFXP7BD5QACA/?_s=dffe969e15cc93ab60fe4f7a157f103d&_b=2
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.23.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-23-153.eu-west-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
0b0ca1cb70f9d60ffe9dfa9edad6fbc0fa34b98a03107a215975855ad32e9de2

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:32 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-type
application/javascript
content-length
395
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location
https://d.adroll.com/consent/check/BE4SF7FEGVGFXP7BD5QACA/?_s=dffe969e15cc93ab60fe4f7a157f103d&_b=2
date
Fri, 30 Jul 2021 10:06:31 GMT
server
nginx/1.20.0
content-length
105
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D63710%26time%3D1627639591538%26url%3Dhttps%253A%252F%252Fblog.cyberint.com%252Fqa...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source...
0
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&liSync=true&e_ipv6=AQLMp6Vd_Ie_kAAAAXr24TZIvUSp9xy7ohZKMMd9ZHgHtnSjeetfdlQRzOJKYj3DGJCBBs5T
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-ltx1
x-li-proto
http/2
x-li-pop
prod-edc2
content-type
application/javascript
content-length
0
x-li-uuid
UH30F5aJlhaQrtziVisAAA==

Redirect headers

date
Fri, 30 Jul 2021 10:06:32 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=63710&time=1627639591538&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&liSync=true&e_ipv6=AQLMp6Vd_Ie_kAAAAXr24TZIvUSp9xy7ohZKMMd9ZHgHtnSjeetfdlQRzOJKYj3DGJCBBs5T
x-li-proto
http/2
x-li-pop
prod-eda6
content-length
0
x-li-uuid
GtDA9ZWJlhbQLFj45CoAAA==
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
451800fa6e086edc1bfecdbd30ecdb3f12e9d9ec7c28cf87bb62887f3d3c2694
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
EMTkU/zVDzxhsaD+cRsgig==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
5PthTar1uB1VqhIuxzIpnTdHco8T/e9cUxJye06hG/fjukuiACQbQaPHBH+I2zp4UOWrAuO2uXsgYmwogj5bnA==
x-fb-content-md5
e5fc4d4cf3e9f10a5ea7065bc748a352
x-frame-options
DENY
date
Fri, 30 Jul 2021 10:06:31 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"c1f7bd75899ce0fdeeef72d608857414"
timing-allow-origin
*
priority
u=3,i
expires
Fri, 30 Jul 2021 10:07:23 GMT
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6712) /
Resource Hash
70a12c6c00f6fed722c0b46ad1ebb8a2c11c27121f3b8d65c254a9221965ed72

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 30 Jul 2021 10:06:31 GMT
Content-Encoding
gzip
Last-Modified
Thu, 29 Jul 2021 21:46:55 GMT
Server
ECS (frb/6712)
Age
1421
Etag
"69dea0a9b81d008237dc222450b4485f+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
29075
2034462.js
js.hs-banner.com/ 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/2034462.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/scriptloader/2034462.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ddd7ae48b5763b79d391f3ce2ebd28a5e7c27a7cbaf1ee4084dac0c3de999d0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:32 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
7S3NVS2NBVD6WTB2
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
eIb7qrA8mgDlBw50IWUXK7VdwMIwKOLdVXd53eNx9Bxi2LCl0fmPpOy+eblrjey6NgbzjKistOM=
timing-allow-origin
*
last-modified
Wed, 14 Jul 2021 14:28:18 GMT
server
cloudflare
etag
W/"881a77c12d670f82240b5e5d641e43ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
edhdyIeL8kkCRnakD63P6Ol_ahb35Nzc
access-control-allow-origin
https://blog.cyberint.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
676dc657dc7f434b-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Fri, 30 Jul 2021 10:11:31 GMT
leadflows.js
js.hsleadflows.net/ 		471 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/scriptloader/2034462.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:e6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdb27a10cec577751f00fa25c98d4082b9a52895e49cf6b80deaf53019f2f927

Request headers

Origin
https://blog.cyberint.com
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 97971aa6c140e2dfc8adaee6c929eedc.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
age
75941
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1039/bundle/main/lead-flows-release.js&cfRay=6766884cdc7c2c4e-IAD
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
676dc657e9444a9e-FRA
last-modified
Mon, 26 Jul 2021 08:52:37 UTC
server
cloudflare
etag
W/"65aba871d204f4d2a23911fffe5b9333"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
xfPAs8WuoRmduLV_FDghm3Gjwdwpto33
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
SAD3WezW8dBqIQXy4zXnM1w4llQb1U5Hf6OqYkMFtGtJ_DLMcrovcg==
x-hs-target-asset
lead-flows-js/static-1.1039/bundle/main/lead-flows-release.js
2034462.js
js.hs-analytics.net/analytics/1627639500000/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1627639500000/2034462.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/scriptloader/2034462.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ce5ff281b6eb8906b23a6b545a3de1a1d004ff9fdef73c903c3f80f06e9d710

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
KY0EDK3H4B1NSR9C
x-amz-server-side-encryption
AES256
cf-ray
676dc657dd524414-FRA
x-amz-id-2
Oi6Vorg1oXDC/C6I9bMkgx8ZPEmB6UBEMQDPoQ0Z0Z0QW332uLBPpKw4UumXPo6PlERjxQNRfl0=
last-modified
Mon, 19 Jul 2021 14:19:20 GMT
server
cloudflare
etag
W/"dd89a29b150b6f83a77659fe102c1e39"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Fri, 30 Jul 2021 10:11:31 GMT
conversations-embed.js
js.usemessages.com/ 		81 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/scriptloader/2034462.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:ebcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
147c50e0d0170d6ae612a9e78874d191965a2265f349544ed47c706d48f7168e

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 76a7fdbced88b6eccf433c4e386bae41.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
131
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.9095/bundles/project.js&cfRay=676dc32129104a86-FRA
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 29 Jul 2021 05:32:25 UTC
server
cloudflare
etag
W/"a304d3ab6b9be313ab434364af937a46"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
esKZASEPP3piDOBy_NyKwHxySr.l.YE5
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-C3
cf-ray
676dc657de994aaa-FRA
x-amz-cf-id
oRbgm3Rgj1CrcVzOW9vUQw0j6mcBMeY_LVG-0bq2xj5sqRxY-kTLgA==
x-hs-target-asset
conversations-embed/static-1.9095/bundles/project.js
fb.js
js.hsadspixel.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/scriptloader/2034462.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:71b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 e685e9e08c2e4b105f4d86b35da50629.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
561
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.239/bundles/pixels-release.js&cfRay=676db8a1fa3797fc-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 22 Jul 2021 07:43:27 UTC
server
cloudflare
etag
W/"e44498e40f8702c62c71cd0534a32a9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
g5yPrf7s3oYLkRu1P6pmcpnvL8S03uLm
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-C3
cf-ray
676dc657dcda4eb6-FRA
x-amz-cf-id
l9RdOKll2L-Cf8oPuomrA-l2I2c5gjmyijQmeudcIyLJhT-rzpx66A==
x-hs-target-asset
adsscriptloaderstatic/static-1.239/bundles/pixels-release.js
434e7d5c-4af3-42c4-a08e-55ac0d67fda9
forms.hsforms.com/embed/v3/form/2034462/ 		36 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/2034462/434e7d5c-4af3-42c4-a08e-55ac0d67fda9?callback=hs_reqwest_0&hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f5dd09ae7e4fe97a33f1649d59fb6e4b17e833f35a0815880d86bffba8ae6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
788da1cf-317c-4903-8a22-d8d0103d5918
content-disposition
attachment; filename=no-rfd.txt
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server
cloudflare
x-trace
2B96A5FCE220D61EEFBBA634EE68958101A81783D1000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
cf-ray
676dc65809e4325c-FRA
footer@2x.png
e.cyberint.com/hubfs/blog-2020/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.cyberint.com/hubfs/blog-2020/footer@2x.png
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs-fs/hub/2034462/hub_generated/template_assets/24322925115/1623236499948/Templates/Custom/Blog/2020/resources/css/blog.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecd339e8ef6881ad042852e682c8cf0862c9da7057fc5fe64202b4c4641e6703

Request headers

Referer
https://blog.cyberint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-27111405712,FD-24354545315,P-2034462,FLS-ALL
age
222689
x-amz-server-side-encryption
AES256
edge-cache-tag
F-27111405712,FD-24354545315,P-2034462,FLS-ALL
content-disposition
inline; filename="footer@2x.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
5HWQ2TWT0X8JM0SM
cf-bgj
imgq:85,h2pri
etag
"8e1b63398ed974b663a0dd3a82e43010"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
date
Fri, 30 Jul 2021 10:06:31 GMT
via
1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
cf-polished
origFmt=png, origSize=1811992
x-cache
Miss from cloudfront
content-length
1280898
x-amz-id-2
MCvQHxvqg0sb1JIdRHLSnvrFnp1csOqX3hb1hGpzcLh9TR+zXGLyfH0bbP5q3VNkKWeLbNzl89w=
last-modified
Mon, 16 Mar 2020 14:46:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TOe3DvmCrjSZIMMReNkY28RrSkvwGmFr%2ByeZDV1K34Y8JYeZyCAZCA%2Fe7uc%2Feufqbr%2BwY%2BTVT83gCHgopE4ZuPrzwfK0TJXriFUajfVeQ7ieYotkd0oUfqTDNBQSVLMvRq9J2YVOQoLZT1Ko"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
UwCUvivYb7tvug3.92.PXZq3oSe3L1lD
accept-ranges
bytes
cf-ray
676dc6587e0d4321-FRA
x-amz-cf-id
AaNB7aI4oWhdAaLG4qlp_up9Wj47yVvKMF8j7gu8MaxdPLDlgwuaRQ==
S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700&display=swap
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.cyberint.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 00:16:44 GMT
x-content-type-options
nosniff
age
294587
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23248
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:12:05 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 00:16:44 GMT
434e7d5c-4af3-42c4-a08e-55ac0d67fda9
forms.hsforms.com/embed/v3/form/2034462/ 		36 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/2034462/434e7d5c-4af3-42c4-a08e-55ac0d67fda9?callback=hs_reqwest_1&hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
383567d0e2350413c9f84f4bb3bf99a52bb6a5a2c127b1ddaf6b77177c54fafe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
37b7cc1f-16f1-4faa-b5a9-7ead9ccf17ca
content-disposition
attachment; filename=no-rfd.txt
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server
cloudflare
x-trace
2BCEC5668F36D07A4D53EE00E9D1EB29735B7EBA85000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
cf-ray
676dc658ab08325c-FRA
19a9d94a0b5b1
display.popt.in/APIRequest/ 		68 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://display.popt.in/APIRequest/19a9d94a0b5b1?domain=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&referrer=&cookies=+poptin_old_user%3Dtrue+poptin_user_id%3D0.x5o3e22uhjs+poptin_referrer%3D+poptin_new_user%3Dtrue+poptin_viewed_session%3Dfalse&triggers=&cc=false&if_mobile=false&page_title=Qakbot+Banking+Trojan&origin_landing_page=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&if_page_refreshed=false&poptin_viewed_url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:11a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6ecfd1daac5c0eac2b8e47c43b893aee49524cdd77ff16a0c2b3fc792eac0df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
x-xss-protection
1; mode=block
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dDeWtOPzuiNRF3iFm9FC%2Bl%2FMoyCTNqrdRF5HocwxrCpeN2kLFk%2BqF94p7BF7LDurnKnV5CTPmymegtaL2OOo5xGUmhR5uL7S8on84Ugn1d4a9YZ%2F3eflhpN20pBg5s8%2BAxuFN1OUjFnLn89Kxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
676dc6593af24ece-FRA
access-control-allow-headers
Origin, Content-Type
/
www.google.com/pagead/1p-user-list/893131752/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/893131752/?random=1627639591524&cv=9&fst=1627639200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7s0&sendb=1&frm=0&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&tiba=Qakbot%20Banking%20Trojan&async=1&fmt=3&is_vtc=1&random=2211782311&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/893131752/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/893131752/?random=1627639591524&cv=9&fst=1627639200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7s0&sendb=1&frm=0&url=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&tiba=Qakbot%20Banking%20Trojan&async=1&fmt=3&is_vtc=1&random=2211782311&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
all.js
connect.facebook.net/en_US/ 		233 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=8e644e603604e32b8ed7167e07820149
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6ade070bab7a0e06d6453beb83f05383208142d5e21bd0807dbd003ff94775b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://blog.cyberint.com
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
+4xM32OTqGaJowzp04Jw/w==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
69128
x-fb-rlafr
0
x-fb-debug
jGw15hARgZTGDXhPBvGoG09KafO4N/FWOIurlYlDpz5fPLMx+NJFYkxlK626QzbAwTELWq63abxkI5CXrA1f8g==
x-fb-content-md5
b5cd45fc490e4017c62ea650847c3682
x-frame-options
DENY
date
Fri, 30 Jul 2021 10:06:31 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"8a3b65f2850fa2c1f55d096f36bbab7f"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 30 Jul 2022 08:24:04 GMT
widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html
platform.twitter.com/widgets/ Frame F10A 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html?origin=https%3A%2F%2Fblog.cyberint.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/673A) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
16497
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 30 Jul 2021 10:06:31 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Thu, 29 Jul 2021 21:42:40 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/673A)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
/
www.facebook.com/tr/ 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1656046231337816&ev=PageView&dl=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&rl=&if=false&ts=1627639591907&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=30&fbp=fb.1.1627639591892.1804527298&it=1627639591532&coo=false&rqm=GET
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:31 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 30 Jul 2021 10:06:31 GMT
widget
blog.cyberint.com/_hcms/livechat/ 		366 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/_hcms/livechat/widget?portalId=2034462&conversations-embed=static-1.9095&mobile=false&messagesUtk=3da19bbf13b94d2eb8beac4e28703de5&traceId=3da19bbf13b94d2eb8beac4e28703de5
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d07299d2dd8092a4b69592175bd1f901e54f341cf54c4859bc9298d265fbebd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298
x-hubspot-messages-uri
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:path
/_hcms/livechat/widget?portalId=2034462&conversations-embed=static-1.9095&mobile=false&messagesUtk=3da19bbf13b94d2eb8beac4e28703de5&traceId=3da19bbf13b94d2eb8beac4e28703de5
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
X-HubSpot-Messages-Uri
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403

Response headers

date
Fri, 30 Jul 2021 10:06:32 GMT
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
df98f95e-f40e-4659-89cb-57272bfd36b3
server
cloudflare
x-trace
2BF9974B9AEF9920506C1C7138A9FAC25262D86F03000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y9F55RQCeEBmy4XAdIERsUFJKXkmjEY22m0vuU9wcx%2BDt0oshpyOeIMkLLl238hFxxueRz0fbv7cXyGN7SKaM%2FmG8X7XXUP2ZwbG6lfSJbDMonGzyxYwhAV1MC4hLZhNf7F89QRD%2FeG5Va3xj0Uf"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
cf-ray
676dc65a0fcf4e67-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
enterprise.js
www.google.com/recaptcha/ 		1008 B
633 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0ec6d7a7b7ef6ce26daffa71ef201890a5fbdd4fa744a2c6199470ae5a05e58e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
612
x-xss-protection
1; mode=block
expires
Fri, 30 Jul 2021 10:06:32 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1656046231337816&ev=Microdata&dl=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&rl=&if=false&ts=1627639592437&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Qakbot%20Banking%20Trojan%22%2C%22meta%3Adescription%22%3A%22A%20notorious%20Banking%20Trojan%20designed%20to%20steal%20account%20credentials%20and%20online%20banking%20session%20information%20leading%20to%20account%20takeover%20fraud.%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22A%20notorious%20Banking%20Trojan%20designed%20to%20steal%20account%20credentials%20and%20online%20banking%20session%20information%20leading%20to%20account%20takeover%20fraud.%22%2C%22og%3Atitle%22%3A%22Qakbot%20Banking%20Trojan%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.cyberint.com%2Fhubfs%2FQakbot%2520Banking%2520Trojan.png%23keepProtocol%22%2C%22og%3Aimage%3Awidth%22%3A%221200%22%2C%22og%3Aimage%3Aheight%22%3A%22628%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.44&r=stable&ec=1&o=30&fbp=fb.1.1627639591892.1804527298&it=1627639591532&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:32 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Fri, 30 Jul 2021 10:06:32 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ 		342 KB
342 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.cyberint.com
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 05:08:22 GMT
x-content-type-options
nosniff
age
17890
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
350400
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 05:08:22 GMT
settings
syndication.twitter.com/ Frame F10A 		232 B
430 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=5003d863a563d5f2ad79157c12003aca5769bb7e
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html?origin=https%3A%2F%2Fblog.cyberint.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:32 GMT
content-encoding
gzip
last-modified
Fri, 30 Jul 2021 10:06:32 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
16da94b4cdda2c5e3c82a666c1682e810b458b08cc46e1cb2cc1508a3b2e2dc3
content-length
166
DRDERMHHEVCSNFAV4TGYNP.js
s.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK/
Redirect Chain
  • https://d.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Fu...
  • https://s.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK/DRDERMHHEVCSNFAV4TGYNP.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK/DRDERMHHEVCSNFAV4TGYNP.js
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f1cd3e81957f669dc2026bb587c8e7f5a85f16639e3e06dec44cad829fedccf1

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
RokO9Mdk8Bx2V8DSfGsxYOe2bm_DNSRz
Content-Encoding
gzip
ETag
"f388bc5625a9970364b390a7c3a6e231"
x-amz-request-id
4X6FH8YMH29ZGF5M
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
1452
x-amz-id-2
g3vt1PAajoQa/xEGmvNKV+I00qFqh2x6JE4R7d2CIl8ikrAR3q0qQdOFzQHvjko8p/8KnRF0jCY=
Last-Modified
Tue, 20 Jul 2021 09:57:57 GMT
Server
AmazonS3
Date
Fri, 30 Jul 2021 10:06:32 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

pragma
no-cache
x-conversion-value
0.00
server
nginx/1.20.0
x-rule
*
date
Fri, 30 Jul 2021 10:06:32 GMT
x-segment-eid
DRDERMHHEVCSNFAV4TGYNP
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://s.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK/DRDERMHHEVCSNFAV4TGYNP.js
cache-control
no-store, no-cache, must-revalidate
x-segment-display-name
Visitors to Unsegmented Pages
x-pixel-eid
55JF6AMA6ZGGHK5VY7PGCK
x-segment-name
*
x-advertisable-eid
BE4SF7FEGVGFXP7BD5QACA
content-length
0
x-conversion-currency
anchor
www.google.com/recaptcha/enterprise/ Frame 6B5F 		39 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ae775af76f59b50984dab1b50b947078eff747f088345d926d64a2cc0639f024
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-I2POZtDGM+E4WA0qyM/jrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=220=diE4vfWnxgz_ernEe_j14-AL5hGv7Af5zsFHh7eQ9SdzV4q-VHki--lh0SzeRJuxBPkb5UVQY7EKfpXvDOfZA4xmkz_IHCwwQLOciPvAjcyZ50m4-R4819jp5RKiirYSA1H_3FwpM1gQfoUXkI-F4O81iYS91Bz668scrLnkaOw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 30 Jul 2021 10:06:32 GMT
content-security-policy
script-src 'report-sample' 'nonce-I2POZtDGM+E4WA0qyM/jrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
20386
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
anchor
www.google.com/recaptcha/enterprise/ Frame 22B7 		39 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=cddlr27ar0w8
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9161e663c8cec3b6c7f0f21749e62b2fd561dd7ff0b20e23ecd3b255fabc2fa8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-0+G8BFk5Mzkmx27NKqnYNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=cddlr27ar0w8
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=220=diE4vfWnxgz_ernEe_j14-AL5hGv7Af5zsFHh7eQ9SdzV4q-VHki--lh0SzeRJuxBPkb5UVQY7EKfpXvDOfZA4xmkz_IHCwwQLOciPvAjcyZ50m4-R4819jp5RKiirYSA1H_3FwpM1gQfoUXkI-F4O81iYS91Bz668scrLnkaOw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 30 Jul 2021 10:06:32 GMT
content-security-policy
script-src 'report-sample' 'nonce-0+G8BFk5Mzkmx27NKqnYNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
20465
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=2034462
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
cf-cache-status
MISS
server
cloudflare
x-hubspot-correlation-id
59b336a6-eb14-443b-9f07-d594b43f7111
x-trace
2BF065EC1B9243FD5A3FDC68C1C51A1517E85B91B9000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
676dc65e4bec325c-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
35
sendrolling.js
s.adroll.com/j/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/sendrolling.js
Requested by
Host: d.adroll.com
URL: https://d.adroll.com/pixel/BE4SF7FEGVGFXP7BD5QACA/55JF6AMA6ZGGHK5VY7PGCK?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&pv=86189322109.64001&cookie=&adroll_s_ref=&keyw=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
VMFJWWZ3diSzKrXVM246AYKH8fI1Ib9s
Content-Encoding
gzip
ETag
"5c44da3d0ddeac28ae4c1facdfbfa217"
x-amz-request-id
7HKKS1TE2KBJP5AP
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2719
x-amz-id-2
3712NIfjZ6o83Zm3xsl+OefLGip+ynp47WMUtR8oi0Fd7cXVcZsHa7KN0WDUssDW1jl0RLYCYWs=
Last-Modified
Thu, 29 Jul 2021 17:13:06 GMT
Server
AmazonS3
Date
Fri, 30 Jul 2021 10:06:32 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
1656153468006877
connect.facebook.net/signals/config/ 		253 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1656153468006877?v=2.9.44&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
846bdb89cccd9997a2d23d6944aa825d1a6634b39e723963f663dfc43069229b
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
q2GB3m4FR9g1X7trQaKiNQJe0kAPHqnrPy9wE7G0sb6mxywvHVaz8WKSMO2ZFsUIuvDxk87EU0qsnLGA4OnDyw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coop_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 30 Jul 2021 10:06:32 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
v1
ads.yahoo.com/cms/
Redirect Chain
  • https://d.adroll.com/cm/r/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocia...
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
0
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

location
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma
no-cache
date
Fri, 30 Jul 2021 10:06:32 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
165
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://d.adroll.com/cm/b/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocia...
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
43 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.47.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-47-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
date
Fri, 30 Jul 2021 10:06:33 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
bounce
ib.adnxs.com/
Redirect Chain
  • https://d.adroll.com/cm/x/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocia...
  • https://ib.adnxs.com/setuid?entity=172&code=YzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 30 Jul 2021 10:06:33 GMT
X-Proxy-Origin
89.249.64.211; 89.249.64.211; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
b8a8a9ae-6959-43a3-a92c-3c3c6ce01b57
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 30 Jul 2021 10:06:33 GMT
X-Proxy-Origin
89.249.64.211; 89.249.64.211; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
16d9bf78-1377-4f74-8307-0d435c9dce32
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzUyNzZjMGI3MDQwMDFiOTNlNTgyYzY5NmJkMGFlY2E
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
out
d.adroll.com/cm/l/ 		42 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/l/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&xid_ch=f&advertisable=BE4SF7FEGVGFXP7BD5QACA
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.23.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-23-153.eu-west-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:32 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.20.0
content-length
42
vary
Cookie
content-type
image/gif
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://d.adroll.com/cm/o/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocia...
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=c5276c0b704001b93e582c696bd0aeca
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=c5276c0b704001b93e582c696bd0aeca
43 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=c5276c0b704001b93e582c696bd0aeca
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.211.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:33 GMT
via
1.1 google
server
OXGW/16.211.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=c5276c0b704001b93e582c696bd0aeca
date
Fri, 30 Jul 2021 10:06:33 GMT
via
1.1 google
server
OXGW/16.211.0
alt-svc
clear
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
in
d.adroll.com/cm/g/
Redirect Chain
  • https://d.adroll.com/cm/g/out?adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508&arrfrr=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocia...
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=xSdsC3BAAbk-WCxpa9Cuyg
  • https://d.adroll.com/cm/g/in
42 B
536 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/g/in
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.23.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-23-153.eu-west-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:33 GMT
server
nginx/1.20.0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42
x-result
g.-1.-1.-1

Redirect headers

pragma
no-cache
date
Fri, 30 Jul 2021 10:06:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.adroll.com/cm/g/in
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
225
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 6B5F 		52 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 09:52:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
858
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25732
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 09:52:14 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 6B5F 		342 KB
342 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 05:08:22 GMT
x-content-type-options
nosniff
age
17890
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
350400
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 05:08:22 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 22B7 		52 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=cddlr27ar0w8
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 09:52:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
858
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25732
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 09:52:14 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 22B7 		342 KB
342 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=cddlr27ar0w8
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 05:08:22 GMT
x-content-type-options
nosniff
age
17890
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
350400
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 05:08:22 GMT
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 6B5F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 00:00:30 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
295563
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2228
x-xss-protection
0
expires
Tue, 03 Aug 2021 00:00:30 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6B5F 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 21:27:21 GMT
x-content-type-options
nosniff
age
304752
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Jul 2022 21:27:21 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6B5F 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 14:26:18 GMT
x-content-type-options
nosniff
age
243615
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 14:26:18 GMT
webworker.js
www.google.com/recaptcha/enterprise/ Frame 6B5F 		102 B
130 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
849ad50d8f39d01c26fb4a2441e1d8a36d4bb3798c5025a457d1a21fec0c1185
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=uq3nt9ra2hzx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110
x-xss-protection
1; mode=block
expires
Fri, 30 Jul 2021 10:06:33 GMT
loader-v2.js
blog.cyberint.com/hs/cta/ctas/v2/public/cs/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&hsutk=c7a000001a1419141f04017af6e13963&pageId=43069738158&pg=1ceb89cf-57eb-40a3-8156-b3388e8dec97&pid=2034462&sv=cta-embed-js-static-1.49&utm_medium=social&lag=2176&rdy=1&cos=1&df=t
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ede1bc5cad8ded8752c9aecabbe682eda1130dc5480713c3abf7316c8838143d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&hsutk=c7a000001a1419141f04017af6e13963&pageId=43069738158&pg=1ceb89cf-57eb-40a3-8156-b3388e8dec97&pid=2034462&sv=cta-embed-js-static-1.49&utm_medium=social&lag=2176&rdy=1&cos=1&df=t
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298; poptin_session=true; poptin_c_visitor=true; __adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508; __ar_v4=%7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
73e8625b-528d-44de-9290-27e74a45dffb
cf-ray
676dc6634c9e4e67-FRA
content-disposition
attachment; name="loaderJS" filename="loader-v2.js"
server
cloudflare
x-trace
2B8E9B3CE5DB885CA07D2B598BB181E725AED9D670000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9LvO72q%2F8CPETOk0Ix%2Fk7qxD2daZ9K2zcRf6FAkTNzhVftUwseV7CBP5yWgjE8%2Fm6YFLjeU%2FR9lZD%2Fxw%2FvA9%2BWz5h2zLuVaaBHvQvQdHcGB95IgkcXGzNipfqLAi1M2ZSAkvNRCDbM3jltk0Ge8"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
x-robots-tag
noindex, follow
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-timeout&value=1
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
cf-cache-status
MISS
server
cloudflare
x-hubspot-correlation-id
9d07ff4a-ad5e-43f7-88ce-609f69d473a3
x-trace
2B6B37C2D6718D279A3460621436ABB02AB8902147000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
676dc663584a4a61-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
35
webworker.js
www.google.com/recaptcha/enterprise/ Frame 22B7 		102 B
130 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
849ad50d8f39d01c26fb4a2441e1d8a36d4bb3798c5025a457d1a21fec0c1185
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLmN5YmVyaW50LmNvbTo0NDM.&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=invisible&badge=inline&cb=cddlr27ar0w8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110
x-xss-protection
1; mode=block
expires
Fri, 30 Jul 2021 10:06:33 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1656153468006877&ev=PageView&dl=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&rl=&if=false&ts=1627639593616&cd[segment_eid]=DRDERMHHEVCSNFAV4TGYNP&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=29&fbp=fb.1.1627639591892.1804527298&it=1627639591532&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Fri, 30 Jul 2021 10:06:33 GMT
loader-v2.js
blog.cyberint.com/hs/cta/ctas/v2/public/cs/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&hsutk=c7a0000010ca12161e6f017af6e13aa2&pageId=43069738158&pg=0af777c2-7cd2-4f9c-ba27-284cb90db352&pid=2034462&sv=cta-embed-js-static-1.49&utm_medium=social&lag=2264&rdy=1&cos=1&df=t
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c37277f9fe77c48b5aaafe4b9f8652824d49a3673a512134428f9ef2735b5b9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&hsutk=c7a0000010ca12161e6f017af6e13aa2&pageId=43069738158&pg=0af777c2-7cd2-4f9c-ba27-284cb90db352&pid=2034462&sv=cta-embed-js-static-1.49&utm_medium=social&lag=2264&rdy=1&cos=1&df=t
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298; poptin_session=true; poptin_c_visitor=true; __adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508; __ar_v4=%7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
466fb181-348b-4d07-8020-7fe26b9e4f55
cf-ray
676dc6646ef04e67-FRA
content-disposition
attachment; name="loaderJS" filename="loader-v2.js"
server
cloudflare
x-trace
2B25CB1BE2085C17236EA862B59FC3EA423AB903CD000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4yISIFD7mvtJFriMRunVaDsfwY1qaO86shbHqklvlGmABkQh6q2W6IBwin6vJUge02UGMF0bOz%2BOSaf5t80ptyxx%2FY2ffgHU1El0DTnRMfi8WMECXjMubPtzEwCVCRyUirJyKsll8mJ3JXaVZikj"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
x-robots-tag
noindex, follow
loader-v2.js
blog.cyberint.com/hs/cta/ctas/v2/public/cs/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&hsutk=c7a0000010931b851a1f017af6e13ab3&pageId=43069738158&pg=0e3e1135-48c4-4857-bff6-5256aa012bf9&pid=2034462&sv=cta-embed-js-static-1.49&utm_medium=social&lag=2212&rdy=1&cos=1&df=t
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
380de978c1eaf019e44987e1428ac5e37814e078369096034075583d72cc74b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&hsutk=c7a0000010931b851a1f017af6e13ab3&pageId=43069738158&pg=0e3e1135-48c4-4857-bff6-5256aa012bf9&pid=2034462&sv=cta-embed-js-static-1.49&utm_medium=social&lag=2212&rdy=1&cos=1&df=t
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298; poptin_session=true; poptin_c_visitor=true; __adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508; __ar_v4=%7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:33 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
f9f2bb82-b963-4421-81d6-d7bc67ab330f
cf-ray
676dc6646ef24e67-FRA
content-disposition
attachment; name="loaderJS" filename="loader-v2.js"
server
cloudflare
x-trace
2BB5E4ED55EC0FB9A082EB0F0B89FE400EC220121E000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TdRwrmalvAn%2FC87pJYBDIfx3UhgO%2Fri4ViARwgaaTp3ikDQgoaPmGAQyXZxTXe8S0F%2BijBRqXbyTirfwhUuCNiwGMTSEnzHEU53ZlUiM5Mw2QporAHLeTwTplaMxqA5IJloMZOLBKOU%2FSrfTIUps"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
x-robots-tag
noindex, follow
bframe
www.google.com/recaptcha/enterprise/ Frame 568E 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b7a735ba01845585f276aa1f1e25c14f5e120c3a1a1a8850cb0791954464672a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-rcbO/dizuc2pcdOdHyyfVA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=220=diE4vfWnxgz_ernEe_j14-AL5hGv7Af5zsFHh7eQ9SdzV4q-VHki--lh0SzeRJuxBPkb5UVQY7EKfpXvDOfZA4xmkz_IHCwwQLOciPvAjcyZ50m4-R4819jp5RKiirYSA1H_3FwpM1gQfoUXkI-F4O81iYS91Bz668scrLnkaOw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 30 Jul 2021 10:06:34 GMT
content-security-policy
script-src 'report-sample' 'nonce-rcbO/dizuc2pcdOdHyyfVA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1114
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bframe
www.google.com/recaptcha/enterprise/ Frame 0B02 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9e01555c0bcd011c57ec9c69b382662693f19dfdf66b8163936d077c2466f539
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-gUxQXIaCBl1xvxRf+3+rjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=220=diE4vfWnxgz_ernEe_j14-AL5hGv7Af5zsFHh7eQ9SdzV4q-VHki--lh0SzeRJuxBPkb5UVQY7EKfpXvDOfZA4xmkz_IHCwwQLOciPvAjcyZ50m4-R4819jp5RKiirYSA1H_3FwpM1gQfoUXkI-F4O81iYS91Bz668scrLnkaOw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 30 Jul 2021 10:06:34 GMT
content-security-policy
script-src 'report-sample' 'nonce-gUxQXIaCBl1xvxRf+3+rjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1115
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 568E 		52 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 09:52:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
861
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25732
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 09:52:14 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 568E 		342 KB
342 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 05:08:22 GMT
x-content-type-options
nosniff
age
17893
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
350400
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 05:08:22 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 0B02 		52 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 09:52:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
861
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25732
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 09:52:14 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 0B02 		342 KB
342 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 05:08:22 GMT
x-content-type-options
nosniff
age
17893
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
350400
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 00:05:58 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 05:08:22 GMT
cta-loaded.js
blog.cyberint.com/hs/cta/ctas/v2/public/cs/ 		0
370 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=1ceb89cf-57eb-40a3-8156-b3388e8dec97&lt=1627639591149&dt=1627639593325&at=1627639595216&ae=1&an=1
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=1ceb89cf-57eb-40a3-8156-b3388e8dec97&lt=1627639591149&dt=1627639593325&at=1627639595216&ae=1&an=1
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298; poptin_session=true; poptin_c_visitor=true; __adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508; __ar_v4=%7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
d33949aa-0220-4f92-8295-4463e482292d
x-trace
2B68B653B1A2AD3D4C87E6E00E11231440E4EC4A25000000000000000000
date
Fri, 30 Jul 2021 10:06:35 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0FPELngAg7z0%2BinmS7ALBA5S2B5a4CGs%2FuaQetEH97xleeR07qYpGFvwQUPEiLeM9qxSGTYhPKKveznswChUudUJKQw%2FgCjW1zch3B2kGLDzexXi0%2BfH%2Fm9qYE1KBGrYiKW8%2Buj4c8rT24frzP4x"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, no-cache, no-store
cf-ray
676dc66e4ea74e67-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.cyberint.com/hs/cta/ctas/v2/public/cs/ 		0
444 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=1ceb89cf-57eb-40a3-8156-b3388e8dec97&lt=1627639591149&dt=1627639593325&at=1627639595231&ae=1&an=1
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=1ceb89cf-57eb-40a3-8156-b3388e8dec97&lt=1627639591149&dt=1627639593325&at=1627639595231&ae=1&an=1
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298; poptin_session=true; poptin_c_visitor=true; __adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508; __ar_v4=%7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
b9b5d104-ca5e-46ea-986f-106fb16a3311
x-trace
2B35C30372F3A6F8E6AFA4FA7F1EDEA0E93B8FB6D4000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCS%2B%2Bjxn53jQuBaWMVThPboa3Ff3Sw4KgDHfbJLgiST3WO%2Bk72V61E%2BIwnXyv8jWVdDqKhkTYeA%2BeaGT%2FQUsMqYmtMy9CoG28iHPIPfhpbrGXaHRwZUBMjgYw1ZTTXlxGQedZTDUvbQttMetOtEO"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
676dc66e4ea84e67-FRA
x-robots-tag
noindex, follow
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
cf-cache-status
MISS
server
cloudflare
x-hubspot-correlation-id
22331549-1b43-42af-ba62-4f1339150324
x-trace
2B909A43238109E63057E7CF06A8F9D920EFAD8E48000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
676dc66e4a364a61-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
35
cta-loaded.js
blog.cyberint.com/hs/cta/ctas/v2/public/cs/ 		0
395 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=0af777c2-7cd2-4f9c-ba27-284cb90db352&lt=1627639591370&dt=1627639593634&at=1627639595256&ae=1&an=1
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=0af777c2-7cd2-4f9c-ba27-284cb90db352&lt=1627639591370&dt=1627639593634&at=1627639595256&ae=1&an=1
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298; poptin_session=true; poptin_c_visitor=true; __adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508; __ar_v4=%7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
a36ea162-1cd4-464d-83af-326a176b5b3a
x-trace
2B072FD7E976DF522B74B890E194C8684D588ABB09000000000000000000
date
Fri, 30 Jul 2021 10:06:35 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMqwAsb7xCBtD0xJ0ZRFuZ3QS3tHAP%2FmYjM%2FmdfdQNRFN%2Fv9BBEQiHJGUzV9KOKwFXfb4ok8yCUDPKPHnlt4OAIjPcB8grl8TxYdp%2FMBV7a1JrEgMJayq9ZILf%2BxuLlOcff3niryHmjLOuumZbKP"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, no-cache, no-store
cf-ray
676dc66e5ee14e67-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.cyberint.com/hs/cta/ctas/v2/public/cs/ 		0
382 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=0e3e1135-48c4-4857-bff6-5256aa012bf9&lt=1627639591439&dt=1627639593651&at=1627639595262&ae=1&an=1
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2034462&pg=0e3e1135-48c4-4857-bff6-5256aa012bf9&lt=1627639591439&dt=1627639593651&at=1627639595262&ae=1&an=1
pragma
no-cache
cookie
__cfruid=9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590; _gcl_au=1.1.1246348654.1627639591; poptin_old_user=true; poptin_user_id=0.x5o3e22uhjs; _ga=GA1.3.1438670174.1627639591; _gid=GA1.3.1095497033.1627639591; _gat_UA-30919829-1=1; poptin_referrer=; _fbp=fb.1.1627639591892.1804527298; poptin_session=true; poptin_c_visitor=true; __adroll_fpc=11c4e35147fcb34d93ce168a40c9364a-1627639592508; __ar_v4=%7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
d4b39782-b893-4813-aa0c-0ce91ae43a03
x-trace
2B9A221302DDB01657A206A3568EE9ACE28C651514000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2FrLAWWYsoC1N%2BToNpwNc7W2M2H2cae3BBZUflJlmYxvijXwQkz6R5K1QuWoKW%2FaDPt%2Fq3YReUHJXwVnAYvJ9G1cKGkMYQHReJUhycUaoa2ybwYMkmbltUN70JiIVaZV%2Bd8AK3MAtoKzzTGMObTV"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
676dc66e7f2c4e67-FRA
x-robots-tag
noindex, follow
reload
www.google.com/recaptcha/enterprise/ Frame 0B02 		35 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f6d05f038c7548662e3fa0862bf0d850eb91b626f1ceab9cb133a28202b82587
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-protobuffer

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
private, max-age=0
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21471
x-xss-protection
1; mode=block
expires
Fri, 30 Jul 2021 10:06:35 GMT
reload
www.google.com/recaptcha/enterprise/ Frame 568E 		35 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
90b14108474aa6554dab03f9420d615e0f8247461e29128440c86c4deae3bded
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-protobuffer

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
private, max-age=0
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21487
x-xss-protection
1; mode=block
expires
Fri, 30 Jul 2021 10:06:35 GMT
canonical_car.png
www.gstatic.com/recaptcha/api2/ Frame 0B02 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/canonical_car.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 14:10:08 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
244587
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11174
x-xss-protection
0
expires
Tue, 03 Aug 2021 14:10:08 GMT
refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 0B02 		600 B
622 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 19:48:13 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
310702
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
600
x-xss-protection
0
expires
Mon, 02 Aug 2021 19:48:13 GMT
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 0B02 		530 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/audio_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 10:03:56 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
259359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
530
x-xss-protection
0
expires
Tue, 03 Aug 2021 10:03:56 GMT
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 0B02 		665 B
687 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/info_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 22:47:38 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
299937
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
665
x-xss-protection
0
expires
Mon, 02 Aug 2021 22:47:38 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0B02 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 21:27:21 GMT
x-content-type-options
nosniff
age
304754
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Jul 2022 21:27:21 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0B02 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 14:26:18 GMT
x-content-type-options
nosniff
age
243617
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15340
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:16 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 14:26:18 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0B02 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 14:26:18 GMT
x-content-type-options
nosniff
age
243617
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 14:26:18 GMT
payload
www.google.com/recaptcha/enterprise/ Frame 0B02 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/recaptcha/enterprise/payload?p=06AGdBq25y0iyQfqgJKSPLcWbAuQ4DeDyLlSfWxQdpP6FNUx0oa4YwGuAaq2mPo-OPVwWT-O87FrPj-d3osjPjDHmgcVt6x8XXhU2S0l4bhr1-RdIYrKAbcHT5EkTjKdtZHxgC1L2NNxsQunQvuB8XVoJW-DOcRec3516lLB-1USQv6dfCwJeWyrlTy6cy4IAWGh-u1_P7yofmXjfKI7tG0a9yhTS-7aMRFQ&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
03354c6db93fcfbc9195c50d264df7830823ea6d0881c91cf77df9553f04b45e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xgyb1jf5q0wj
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=30
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40825
x-xss-protection
1; mode=block
expires
Fri, 30 Jul 2021 10:06:35 GMT
refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 568E 		600 B
622 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 19:48:13 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
310702
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
600
x-xss-protection
0
expires
Mon, 02 Aug 2021 19:48:13 GMT
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 568E 		530 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/audio_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 10:03:56 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
259359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
530
x-xss-protection
0
expires
Tue, 03 Aug 2021 10:03:56 GMT
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 568E 		665 B
687 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/info_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 22:47:38 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
age
299937
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
665
x-xss-protection
0
expires
Mon, 02 Aug 2021 22:47:38 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 568E 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 21:27:21 GMT
x-content-type-options
nosniff
age
304754
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Jul 2022 21:27:21 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 568E 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 14:26:18 GMT
x-content-type-options
nosniff
age
243617
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15340
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:16 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 14:26:18 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 568E 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 14:26:18 GMT
x-content-type-options
nosniff
age
243617
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 14:26:18 GMT
payload
www.google.com/recaptcha/enterprise/ Frame 568E 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/recaptcha/enterprise/payload?p=06AGdBq25IJ4NyRSHgssEmvV9JgX9nzcl_o8khgq6uqm_Vl1094oQD634jL2VhmngI3j7uMNqPjMZvUHFiveGbU9ARnhmtS6s4425PDmQ5K41auXnjajRriRkaVc82g5KXhD8PsFTmH0dv2k8AxXbmhU8dy6tYKo6CCnd09WY2RDrft892-7qTxG5L8zZAt_dI9nq_ISuMXAIHfIA1rrXJeHZyxHQ69-DUmQ&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a02bfb4e2ba366092fc689b9fcd5f45379fa584d5819ec7571fc586973342be2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=f7be5waudmf2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=30
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29331
x-xss-protection
1; mode=block
expires
Fri, 30 Jul 2021 10:06:35 GMT
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:36 GMT
cf-cache-status
MISS
server
cloudflare
x-hubspot-correlation-id
1854ff8b-b2c2-44d6-8614-8d49587794ed
x-trace
2BEF24ECE84268CFE1F22F6CCC4834DB2DA38825BB000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
676dc6727af04a61-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
35
__ptq.gif
track.hubspot.com/ 		45 B
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639595846&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
757653c7-5534-40ef-bd91-1d21f445cbbd
cf-ray
676dc6729d464dca-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xfJzNMaBtLRWynzG0r0iBy8kp79x3KybUn0ka1yj3qzRj8sFaMsjc23ATptV6zILkV8kiobig4mRi%2FGiAJAMdn%2Bb%2FRVXXfZzKpw4dkBHprZ10YhneIPXWnQqTyPoRwDfYNJGVOZSYW1D7eZDxn2Z"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
573 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=434e7d5c-4af3-42c4-a08e-55ac0d67fda9&fci=5d111539-d18c-405f-aedd-fa7f8531ebbc&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639595873&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
4478f822-ef48-4b1f-804a-5439b7b6fff4
cf-ray
676dc6729d404dca-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GO2cMCuA8D51PMp8RovA5or18bl%2B6r55KY5XGhXfapcRkQrrwQOcaY6yJa2OC6lSmkPdXzkbxKasGKDnsEiy2jm0b7ZpYpyatP44dfRUj6VxERNhVKEqN9TTfjCqtfOjoFS6%2BWalpMPURq5Ob1kT"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
525 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=434e7d5c-4af3-42c4-a08e-55ac0d67fda9&fci=852b4bfb-c903-4916-a3aa-a0e95790f4a0&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639595897&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
52610cbd-bbeb-4fe3-b2d7-a5a7b234756b
cf-ray
676dc6729d3f4dca-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4WjXiUQSwC%2BJ1wzomZ3IZ7HX9FQd%2BB%2F%2BQioW%2Fcl4OXZ9%2FccXm8KtsyVnhK0E7qaz1ylE8aDOwQf5aS0YB00d7LiJ5CMRiK8SQyvZZEnkT7Mua3mM4XsGTROpNAQ5LBeWFnZPelimhfvOG%2BX2nd4h"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
364 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%221ceb89cf-57eb-40a3-8156-b3388e8dec97%22%2C%22617256c0-2417-4ff6-984d-23de9fd9a18d%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639595898&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
7ac26b63-9474-42a5-a208-3c6a5f2a4203
cf-ray
676dc6729d3b4dca-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FBCXe61Qa6QmkC2Yd%2BdZX5bdGAhRje2qEAmaJxW8tFh6cISpGVw0H91n6w2RG6XCL8F%2Bt8aiop3S0l7Shn%2FigG%2BRjJ09T6TP%2BBVx%2F%2Fn4iUJ2Rbb6bF2Cwd7GnoDPSCh%2F8993%2BbnYxZ3fWWbK7RGz"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%221ceb89cf-57eb-40a3-8156-b3388e8dec97%22%2C%22617256c0-2417-4ff6-984d-23de9fd9a18d%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639595900&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
39653ea9-594f-4629-af56-fff5d354240d
cf-ray
676dc6729d454dca-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFP1TOrTrA6ENaVlKOUYNYPEMnI6NoJdfSVemYYf875hNUVl%2BSLSnsA1qnZWuCdn0hRSlh8kQ%2BE4uW1nEQ88a40TEOdpZwDfGSO9Lp9BIbCr18Eh4Ipn9eNOxeg9%2FoQISpRQ4%2FLRMkgbmiXtL%2Bfq"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%220af777c2-7cd2-4f9c-ba27-284cb90db352%22%2C%22fa8ea23d-3a60-41c4-85fb-392929f488e5%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639595902&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:35 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
8711c24d-7ec7-40dd-9bec-af8907c487b7
cf-ray
676dc6729d444dca-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eh8Xtz5Pd1I4%2FaW5ASH%2FEF8Pj7gcJq2sQMvmVCb8xEne3e3ZfRv%2BE7c2xImusnnZKuClpEaXYGY63FIf3A1uD%2BJGi9sAjpbDzLDzGA6UDdqMZWJcMGUAPYPtZHzjdDoaOYgjpBiYOB979U7Tj%2FJC"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
759 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%220e3e1135-48c4-4857-bff6-5256aa012bf9%22%2C%227a3bea3d-1cb0-4086-8528-a5581eb836ab%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639595905&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&cc=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:36 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
79281676-dcb4-44b8-83ba-07d180937731
cf-ray
676dc672eabe2c0d-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThoIzOAo4FuSrbcuLuuSmddfLv41q1wjEMgf63g%2BIOoxe4UfubVR8TS8nEIIXOMGW8j0pNfuYiyJE1m1bDOzZvIdT074DBQ1IIAYA%2FYwu5adnMdetKFMupc16gHZ%2BQvtUTc0SDoi%2Bn%2FEhlRhsYJg"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
view
js.hs-banner.com/cookie-banner/activity/ 		0
85 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner/activity/view
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/2034462.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

timing-allow-origin
*
date
Fri, 30 Jul 2021 10:06:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-hubspot-correlation-id
eb533189-c79c-4deb-bce4-b357414a1a3a
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://blog.cyberint.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials
true
cf-ray
676dc6756d434ddc-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
view
js.hs-banner.com/cookie-banner/activity/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner/activity/view
Protocol
H2
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://blog.cyberint.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 30 Jul 2021 10:06:36 GMT
content-type
application/octet-stream
content-length
0
access-control-allow-origin
https://blog.cyberint.com
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials
true
access-control-max-age
604800
timing-allow-origin
*
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
676dc67318ce4ddc-FRA
perf
blog.cyberint.com/_hcms/ 		2 B
608 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.cyberint.com/_hcms/perf
Requested by
Host: blog.cyberint.com
URL: https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode
cors
origin
https://blog.cyberint.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
content-length
871
:path
/_hcms/perf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
blog.cyberint.com
referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type
application/json

Response headers

cf-ray
676dc6849f454e67-FRA
date
Fri, 30 Jul 2021 10:06:38 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
6265ee2b-929d-497b-9d8c-193f47a0cb56
x-trace
2B83104DB8D27E45A53ED3530323380A9C972A9E5B000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kb%2FwuvBFtC53G5Rzpdc4oBz%2BN80EqvFlhM41%2FKBaoGwBlNDCivRKVvW%2BGItUaDXRchcShoFoXMGb6JFSVrXZqyFHch3pwve%2FawztYdcTeX6imF35gei%2BiOpYPN7kT69ndhlal8MqzFxw%2FbfE0p1J"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-credentials
false
set-cookie
__cfruid=da8c2adbd4001f564984882621b88978ee44fbc5-1627639598; path=/; domain=.blog.cyberint.com; HttpOnly; Secure; SameSite=None
x-robots-tag
none
content-length
2
json
forms.hubspot.com/lead-flows-config/v1/config/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2034462&contentId=43069738158&currentUrl=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f09b406a47df133894d2812252478e7c30fb6d57cca0c466c84f4bc140459810
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:42 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
0d29150d-240b-4655-a246-fd160b93c169
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-robots-tag
none
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXwNXAwUg36vLwEP%2FNnGLgFfTGcI0InQzZwdhotjixFFKOk0LHYqNFEGl9hylh6reyUs0ynB8O7ooJZsAcR2dAoMPXU07EhHp1y95H5UJSIcX289vpqCpTpt85%2F3cj%2B41oiweRvLz5K1RiGZXYTX"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.cyberint.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
cf-ray
676dc698c9e3dfef-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
__ptq.gif
track.hubspot.com/ 		45 B
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=c9960640-e0e0-4b81-a8fb-f02fe593b0d8&lfi=1982146&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=2034462&pi=43069738158&ct=blog-post&ccu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan&cpi=43069738158&cgi=3864586341&lpi=43069738158&lvi=43069738158&lvc=en-us&pu=https%3A%2F%2Fblog.cyberint.com%2Fqakbot-banking-trojan%3Futm_content%3D174174610%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-2930991403&t=Qakbot+Banking+Trojan&cts=1627639602198&vi=96d96b104e0b97b5969aa7b0d63cc7c4&nc=true&ce=false&pt=1&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 10:06:42 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
a5461121-81f5-406d-a120-1f3e756dd2c7
cf-ray
676dc699bbc34dca-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQvMsedARIPmzGZuVUfDYgkdN%2F5L40y8V1S6N8p7K6sn8dKCWvmHAnbgYmD9d0J3NOPuUrOWnoMsePIRnFEP4MdU%2FuuvEKaN4npE7zhavCaOvZ3qERu05rXaArsiZOj28cQROAJUTaXtTNdIfXEr"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
New%20Project.png
e.cyberint.com/hubfs/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.cyberint.com/hubfs/New%20Project.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f160acc7fa7638a9f299456627367b8adf3a8bc7f0c0d2eafb7c3973e97e3054

Request headers

Referer
https://blog.cyberint.com/qakbot-banking-trojan?utm_content=174174610&utm_medium=social&utm_source=twitter&hss_channel=tw-2930991403
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-48593107204,P-2034462,FLS-ALL
age
659785
x-amz-server-side-encryption
AES256
edge-cache-tag
F-48593107204,P-2034462,FLS-ALL
x-amz-replication-status
PENDING
content-disposition
inline; filename="New%20Project.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
H0G46PXGADAAMMYX
cf-bgj
imgq:85,h2pri
etag
"2442d43bafc9451a86684afe6e8bca01"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1623249962336
date
Fri, 30 Jul 2021 10:06:43 GMT
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA2-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=15395
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
none
content-length
11106
x-amz-id-2
6wFPr31QEHEWK0SQGXxUbpWQmTjGkGL37a0DvLnCVFydMYRZ8dyEnhhuGUaGxdhKxsMNJmyK3kg=
last-modified
Wed, 09 Jun 2021 14:46:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S6A0PE%2BKXDFAFCLwO%2Bx2kuulleRooeJ2WjCSGNUbvGsm7MAV4LUOaNQ6EcD1vAUwrx0cpVUpLgQDuXm3dizUO9PGHKUFPZaaAfxttAqiQh%2Fk017u9Ubf8JspxWL82Gh0iR5ofUcn21USEsS0"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
zOqMkU_wHLUayCZVN4QW_9Sjx.YZ8Lf4
accept-ranges
bytes
cf-ray
676dc69ffdf24321-FRA
x-amz-cf-id
UBbcZmgp0qh3XoOX-2SKeZe8UcKGXazlr1ueDglmvE2BOcxvC6LLPA==

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| hsjQuery object| _hsp object| dataLayer object| __core-js_shared__ object| Sslac object| IN object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| _linkedin_data_partner_id function| fbq function| _fbq boolean| pixelAdded boolean| poptin_loadcontrol_fix boolean| poptin_disable_fa boolean| poptin_single_page_app object| poptinSubmitted function| poptinVisible function| onpoptinClose function| onpoptinSubmit function| pageLoadCheck boolean| poptinAfterPageLoad function| closePoptinOnXclick function| poptin_display function| PoptinQueue object| _hsq object| hbspt object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks undefined| adroll_tpc_callback function| lintrk boolean| _already_called_lintrk object| cookies string| relevent_cookie string| poptin_viewed_session number| once string| ap_triggers object| hsVars function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| __hsRoot object| hspreserve undefined| React function| OutpostErrorReporter function| hmerge undefined| ReactDOM undefined| require undefined| requirejs undefined| module object| bootstrap object| HSFR function| hs_reqwest_0 undefined| returnExports function| hs_reqwest_1 function| Popper function| buttonUp string| lp object| FB object| __twttrll object| twttr object| __twttr boolean| PIXELS_RAN boolean| hubspot_live_messages_running object| HubSpotConversations object| _paq function| sanitizeKey boolean| _hstc_loaded function| defineProperties object| leadflows boolean| popupPoliceActive function| hns2 undefined| jade undefined| I18n undefined| hubspot_mailcheck undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| adroll_exp_list function| hsRecaptchaLoadCallback number| RECAPTCHA_INTERVAL boolean| _hspb_loaded object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client boolean| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country number| adroll_xavier_called number| __adroll_xid_ch object| adroll_currency object| adroll_conversion_value object| adroll_conversion_value_in_dollars object| recaptcha object| closure_lm_846262 string| adroll_seg_eid string| default_css string| cta_css boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| _hspb_ran boolean| LEAD_FLOW_DOCUMENT_READY_RAN

15 Cookies

Domain/Path Name / Value
.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ABpWbP0yX1n4pdR0e-9HyckaMO4Bi3EWGbbpjHzkAv0k6-l9Ds2udWqqNHfl0hOavbE1pTd4dhxFOz9yfwHpuT8
.blog.cyberint.com/ Name: _gat_UA-30919829-1
Value: 1
blog.cyberint.com/ Name: poptin_c_visitor
Value: true
blog.cyberint.com/ Name: poptin_referrer
Value:
.blog.cyberint.com/ Name: _gid
Value: GA1.3.1095497033.1627639591
.blog.cyberint.com/ Name: _ga
Value: GA1.3.1438670174.1627639591
blog.cyberint.com/ Name: poptin_old_user
Value: true
.cyberint.com/ Name: _fbp
Value: fb.1.1627639591892.1804527298
blog.cyberint.com/ Name: poptin_user_id
Value: 0.x5o3e22uhjs
.blog.cyberint.com/ Name: __ar_v4
Value: %7CBE4SF7FEGVGFXP7BD5QACA%3A20210729%3A1%7C55JF6AMA6ZGGHK5VY7PGCK%3A20210729%3A1%7CDRDERMHHEVCSNFAV4TGYNP%3A20210729%3A1
.blog.cyberint.com/ Name: __adroll_fpc
Value: 11c4e35147fcb34d93ce168a40c9364a-1627639592508
.cyberint.com/ Name: _gcl_au
Value: 1.1.1246348654.1627639591
.google.com/ Name: NID
Value: 220=diE4vfWnxgz_ernEe_j14-AL5hGv7Af5zsFHh7eQ9SdzV4q-VHki--lh0SzeRJuxBPkb5UVQY7EKfpXvDOfZA4xmkz_IHCwwQLOciPvAjcyZ50m4-R4819jp5RKiirYSA1H_3FwpM1gQfoUXkI-F4O81iYS91Bz668scrLnkaOw
blog.cyberint.com/ Name: poptin_session
Value: true
.blog.cyberint.com/ Name: __cfruid
Value: 9bf345e51fa91c9169acdd2a9ebff1b5ef50f5e3-1627639590

2 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.popt.in/pixel.js?id=19a9d94a0b5b1(Line 1)
Message:
runPoptinNow
console-api log URL: https://cdn.popt.in/pixel.js?id=19a9d94a0b5b1(Line 1)
Message:
initiatePullPoptinsRequest()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
bit.ly
blog.cyberint.com
cdn.jsdelivr.net
cdn.popt.in
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
display.popt.in
e.cyberint.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
ib.adnxs.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsforms.net
js.hsleadflows.net
js.usemessages.com
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.adroll.com
snap.licdn.com
stackpath.bootstrapcdn.com
syndication.twitter.com
track.hubspot.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
104.244.42.200
108.174.10.14
142.250.186.130
172.217.18.98
185.33.221.89
2001:4de0:ac18::1:a:2b
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:671f
2606:2c40::c73c:67e1
2606:4700:20::681a:11a
2606:4700:20::681a:1a
2606:4700::6810:135e
2606:4700::6810:5705
2606:4700::6810:5905
2606:4700::6811:44b0
2606:4700::6811:71b0
2606:4700::6811:ba49
2606:4700::6811:e6cc
2606:4700::6811:ebcc
2606:4700::6812:15bf
2606:4700::6812:acf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:119:50e3:101::6cae:b45
2620:1ec:22::14
2a00:1288:80:800::7000
2a00:1450:4001:800::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2003
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:831::200a
2a02:26f0:6c00:2b0::25ea
2a02:26f0:6c00::210:baab
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a04:4e42:3::485
3.248.28.111
34.98.64.218
52.57.47.211
54.74.23.153
67.199.248.10
03354c6db93fcfbc9195c50d264df7830823ea6d0881c91cf77df9553f04b45e
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
09b79d8b7062df5a53d682a0258e638a30f1cc3be42ad6c200a109ea03d91c11
0b0ca1cb70f9d60ffe9dfa9edad6fbc0fa34b98a03107a215975855ad32e9de2
0de44d3701ece1afac265f6378fa44cb4ed453e7e48ed8b2e5b65b3234dda3d7
0ec6d7a7b7ef6ce26daffa71ef201890a5fbdd4fa744a2c6199470ae5a05e58e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12a1493d63d8060f52c56d2e672f3d1c7db5c1ead7db572190dc7e459c6f2e4a
147c50e0d0170d6ae612a9e78874d191965a2265f349544ed47c706d48f7168e
1737d3785f5ac4f04c2f4b0a73e296fa3ca78df1282f5afcb74d12505e638c08
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
23c9b5d338c5a1bf8a523bf3189e53dd673eea1198f206d6df911d791c55f421
2fe4e966b8877173e1ec822c1ddf1b43885734d85dac80b8b2616952c516ed18
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af
3474cbf641e8c6d4e0badea00e88363030d629587449aaff074670dfb631cd3e
380de978c1eaf019e44987e1428ac5e37814e078369096034075583d72cc74b7
383567d0e2350413c9f84f4bb3bf99a52bb6a5a2c127b1ddaf6b77177c54fafe
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
451800fa6e086edc1bfecdbd30ecdb3f12e9d9ec7c28cf87bb62887f3d3c2694
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
63c7b39a3b50c20a1c22fa0187116b2ee65666739b4f0de4fef8aab44095a97c
654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ade070bab7a0e06d6453beb83f05383208142d5e21bd0807dbd003ff94775b2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d35402c518fbe3c9d7cb2197064007661e33729d6784d170c2ed99095e43706
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
70a12c6c00f6fed722c0b46ad1ebb8a2c11c27121f3b8d65c254a9221965ed72
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
7390d0613c72c425c7b36d4e7de28a3bc61eed1d42216cb8fa66736b9d5722c4
7d027bc7c94d0de958ada8868ba5536c3a503b41669eff755bceef581de61085
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
846bdb89cccd9997a2d23d6944aa825d1a6634b39e723963f663dfc43069229b
849ad50d8f39d01c26fb4a2441e1d8a36d4bb3798c5025a457d1a21fec0c1185
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8ce5ff281b6eb8906b23a6b545a3de1a1d004ff9fdef73c903c3f80f06e9d710
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8d6309a2ae9d34ab2ab6f0ee99c7384803ab566790c47970874275701b2e25fe
8ddd7ae48b5763b79d391f3ce2ebd28a5e7c27a7cbaf1ee4084dac0c3de999d0
90b14108474aa6554dab03f9420d615e0f8247461e29128440c86c4deae3bded
914719de2c2da276b7df8f8598b5b07697964b34c2d3af569b2f1573aea6b335
9161e663c8cec3b6c7f0f21749e62b2fd561dd7ff0b20e23ecd3b255fabc2fa8
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee
9e01555c0bcd011c57ec9c69b382662693f19dfdf66b8163936d077c2466f539
a02bfb4e2ba366092fc689b9fcd5f45379fa584d5819ec7571fc586973342be2
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f
ae775af76f59b50984dab1b50b947078eff747f088345d926d64a2cc0639f024
b53cbe68a0e783eff30af9c1a1ac9e12d159625525fe7cde018f73372408e611
b6040fa2212e9b83fa22ce058f5e01e9443a37b995240f3727eb56560120beac
b7a735ba01845585f276aa1f1e25c14f5e120c3a1a1a8850cb0791954464672a
c37277f9fe77c48b5aaafe4b9f8652824d49a3673a512134428f9ef2735b5b9e
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
ca87f2cdfb3fc95cae4af1bc9664ef564eeade8e186d5592dad78c5f642dd6e6
cdb27a10cec577751f00fa25c98d4082b9a52895e49cf6b80deaf53019f2f927
d07299d2dd8092a4b69592175bd1f901e54f341cf54c4859bc9298d265fbebd4
d1800c3cd3d9cb287a17eac011c15c5b25c8c14381a7c5a6bf339677c00aed48
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e6ecfd1daac5c0eac2b8e47c43b893aee49524cdd77ff16a0c2b3fc792eac0df
e888f08efada4184795c3b13a29db86c33f4032ecc5eb3503fe856804c54495c
ecd339e8ef6881ad042852e682c8cf0862c9da7057fc5fe64202b4c4641e6703
ede1bc5cad8ded8752c9aecabbe682eda1130dc5480713c3abf7316c8838143d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09b406a47df133894d2812252478e7c30fb6d57cca0c466c84f4bc140459810
f160acc7fa7638a9f299456627367b8adf3a8bc7f0c0d2eafb7c3973e97e3054
f1cd3e81957f669dc2026bb587c8e7f5a85f16639e3e06dec44cad829fedccf1
f32502dea46f2d30ba171ef19366fd6a1448d1126accedfbdec06673300dd94d
f39b33985c6844a47f6a09814dbca3774741c25ac9f1ba9def77e971c585d74f
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6d05f038c7548662e3fa0862bf0d850eb91b626f1ceab9cb133a28202b82587
f7f5dd09ae7e4fe97a33f1649d59fb6e4b17e833f35a0815880d86bffba8ae6c
f8dfdf89d6ffe1b192f7b71835fa074d7afc03c0081c3a1251f7647c2c08afee