infosecwriteups.com Open in urlscan Pro
162.159.152.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
Effective URL:
https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
Submission: On December 05 via manual (December 5th 2022, 8:51:15 am UTC) from BE — Scanned from DE

Summary HTTP 100 Redirects Links 92 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 100 HTTP transactions. The main IP is 162.159.152.4, located in and belongs to CLOUDFLARENET, US. The main domain is infosecwriteups.com. The Cisco Umbrella rank of the primary domain is 966576.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 16th 2022. Valid for: a year.

This is the only time infosecwriteups.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 22	162.159.152.4 162.159.152.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 22	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
49	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.237.24 143.204.237.24	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:238... 2600:9000:238d:7800:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:249... 2600:9000:2490:5800:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
100	8

22 162.159.152.4 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

infosecwriteups.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.237.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-237-24.cph50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:238d:7800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2490:5800:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 9835 glyph.medium.com — Cisco Umbrella Rank: 24247 miro.medium.com — Cisco Umbrella Rank: 15013 cdn-client.medium.com — Cisco Umbrella Rank: 25166	1000 KB
22	infosecwriteups.com 1 redirects infosecwriteups.com — Cisco Umbrella Rank: 966576	63 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 962 api2.branch.io — Cisco Umbrella Rank: 582	24 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 38	20 KB
1	app.link app.link — Cisco Umbrella Rank: 1938	591 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1149	6 KB
100	6

	Domain	Requested by
42	cdn-client.medium.com	infosecwriteups.com cdn-client.medium.com
22	infosecwriteups.com	1 redirects cdn-client.medium.com
19	miro.medium.com	infosecwriteups.com
9	glyph.medium.com	infosecwriteups.com glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
2	www.google-analytics.com	infosecwriteups.com cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	infosecwriteups.com
1	static.cloudflareinsights.com	infosecwriteups.com
1	medium.com	1 redirects
100	10

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
bazaar.abuse.ch
github.com
malpedia.caad.fkie.fraunhofer.de
docs.microsoft.com
weekly.infosecwriteups.com
policy.medium.com
pwnb0y.medium.com
anilyelken.medium.com
batish-1308.medium.com
rickdeacon.medium.com
floydforest.medium.com
help.medium.com
itunes.apple.com
play.google.com
www.linkedin.com
popalltheshells.medium.com
systemweakness.com
stefan-p-bargan.medium.com
blog.grahamzemel.com
thegrayarea.tech
frank-andrade.medium.com
towardsdatascience.com
medium.statuspage.io
about.medium.com
blog.medium.com
speechify.com

Subject Issuer	Validity	Valid
infosecwriteups.com Cloudflare Inc ECC CA-3	`2022-01-16` - `2023-01-16`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-10-24` - `2023-01-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.branch.io Amazon	`2022-10-11` - `2023-11-09`	a year	crt.sh
appipv4.link Amazon	`2022-05-25` - `2023-06-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
Frame ID: 923FF5D04A546722EC884BEFA938EEC3
Requests: 100 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Redline Stealer Malware Static Analysis | by Aaron Stratton | InfoSec Write-ups

Page URL History Show full URLs

https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146 HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fredline-st... HTTP 302
https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

100
Requests

100 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

8
IPs

3
Countries

1112 kB
Transfer

3314 kB
Size

11
Cookies

92 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=---three_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F69367b37a146&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderCollection&%7Estage=mobileNavBar&source=---three_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&source=post_page---three_column_layout_nav-----------------------three_column_layout_nav-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&source=post_page---three_column_layout_nav-----------------------three_column_layout_nav-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=---three_column_layout_nav-----------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=---three_column_layout_nav-----------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=---three_column_layout_nav-----------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---three_column_layout_nav-----------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/@aaron_199?source=post_page-----69367b37a146--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fcc1390803af5&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&user=Aaron+Stratton&userId=cc1390803af5&source=post_page-cc1390803af5----69367b37a146---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F69367b37a146&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/12aec3ae5c5828745e45a86fedbb1ff4c0631855f8e76d63f0ac7fb554d5afc3/
Title: https://bazaar.abuse.ch/sample/12aec3ae5c5828745e45a86fedbb1ff4c0631855f8e76d63f0ac7fb554d5afc3/

Search URL Search Domain Scan URL

URL: https://github.com/AaronS97/Yara-Rules/blob/main/Redline.yara
Title: https://github.com/AaronS97/Yara-Rules/blob/main/Redline.yara

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
Title: https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/standard/assembly/
Title: https://docs.microsoft.com/en-us/dotnet/standard/assembly/

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.management.managementobjectsearcher?view=dotnet-plat-ext-6.0
Title: https://docs.microsoft.com/en-us/dotnet/api/system.management.managementobjectsearcher?view=dotnet-plat-ext-6.0

Search URL Search Domain Scan URL

URL: https://weekly.infosecwriteups.com/
Title: Join our weekly newsletter

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fbugbountywriteup%2F69367b37a146&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&user=Aaron+Stratton&userId=cc1390803af5&source=-----69367b37a146---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/bugbountywriteup/newsletters/infosec-writeups?source=newsletter_v3_promo--------------------------newsletter_v3_promo-----------
Title: Take a look.

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=newsletter_v3_promo--------------------------newsletter_v3_promo----------41c32b933ede-
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F41c32b933ede&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fbugbountywriteup%2Fnewsletters%2Finfosec-writeups&collection=InfoSec+Write-ups&collectionId=7b722bfd1b8d&newsletterV3=Infosec+Writeups&newsletterV3Id=41c32b933ede&user=Anangsha+Alammyan&userId=6e2475a6e38a&source=--------------------------newsletter_v3_promo----------41c32b933ede-
Title: Get this newsletter

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fbugbountywriteup%2F69367b37a146&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&collection=InfoSec+Write-ups&collectionId=7b722bfd1b8d&source=post_page-----69367b37a146---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/@frank.leitner?source=post_page-----69367b37a146----0----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/tryhackme?source=post_page-----69367b37a146---------------tryhackme-----------------
Title: Tryhackme

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F408a111e880f&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fwrite-up-git-happens-tryhackme-408a111e880f&source=-----69367b37a146----0-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page_footer_cta_write-------------------------------------
Title: Write on Medium

Search URL Search Domain Scan URL

URL: https://medium.com/@faique?source=post_page-----69367b37a146----1----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/bug-bounty?source=post_page-----69367b37a146---------------bug_bounty-----------------
Title: Bug Bounty

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F611452063cf&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Faccount-takeover-worth-1000-611452063cf&source=-----69367b37a146----1-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://pwnb0y.medium.com/?source=post_page-----69367b37a146----2----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/c-language?source=post_page-----69367b37a146---------------c_language-----------------
Title: C Language

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Feb885c8a189a&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fc-language-for-hackers-beyond-0x01-eb885c8a189a&source=-----69367b37a146----2-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://anilyelken.medium.com/?source=post_page-----69367b37a146----3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cybersecuritytips?source=post_page-----69367b37a146---------------cybersecuritytips-----------------
Title: Cybersecuritytips

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fd0a71355058e&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Ferlik-vulnerable-soap-service-d0a71355058e&source=-----69367b37a146----3-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@infosecwriteups?source=post_page-----69367b37a146----4----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/security?source=post_page-----69367b37a146---------------security-----------------
Title: Security

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa0f3e6f980fb&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fiw-weekly-17-30-000-bounty-instagram-account-takeover-aws-security-series-google-a0f3e6f980fb&source=-----69367b37a146----4-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@fernand0?source=post_internal_links---------0----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@fernand0/daily-links-of-fernand0-enlaces-diarios-de-fernand0-issue-253-3ec900a0ae94?source=post_internal_links---------0----------------------------
Title: Daily links of Fernand0 — Enlaces diarios de Fernand0 — Issue #253

Search URL Search Domain Scan URL

URL: https://batish-1308.medium.com/?source=post_internal_links---------1----------------------------

Search URL Search Domain Scan URL

URL: https://batish-1308.medium.com/tryhackme-basic-pentesting-1164568eeb50?source=post_internal_links---------1----------------------------
Title: TryHackMe:Basic Pentesting

Search URL Search Domain Scan URL

URL: https://medium.com/@cryptoscrimper?source=post_internal_links---------2----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@cryptoscrimper/how-to-apply-to-run-a-pi-network-node-ea5b374cdb7?source=post_internal_links---------2----------------------------
Title: How To Apply to Run a Pi Network Node

Search URL Search Domain Scan URL

URL: https://rickdeacon.medium.com/?source=post_internal_links---------3----------------------------

Search URL Search Domain Scan URL

URL: https://rickdeacon.medium.com/confessions-of-an-ex-pen-tester-fear-data-in-pen-testing-a7d26e4303c2?source=post_internal_links---------3----------------------------
Title: Confessions of an Ex-Pen Tester: Fear & Data in Pen Testing

Search URL Search Domain Scan URL

URL: https://medium.com/@ceso?source=post_internal_links---------4----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/notes-on-the-present-future?source=post_internal_links---------4----------------------------
Title: Notes on the Present Future

Search URL Search Domain Scan URL

URL: https://medium.com/notes-on-the-present-future/bsp-sets-control-measures-vs-cyber-frauds-e6c942693b4d?source=post_internal_links---------4----------------------------
Title: BSP sets control measures vs cyber frauds

Search URL Search Domain Scan URL

URL: https://floydforest.medium.com/?source=post_internal_links---------5----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/illuminations-mirror?source=post_internal_links---------5----------------------------
Title: ILLUMINATION’S MIRROR

Search URL Search Domain Scan URL

URL: https://medium.com/illuminations-mirror/beware-of-this-scam-which-says-it-is-from-netflix-3c5e99c02623?source=post_internal_links---------5----------------------------
Title: Beware Of This Scam Which Says It is From Netflix

Search URL Search Domain Scan URL

URL: https://medium.com/@fernand0?source=post_internal_links---------6----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@fernand0/daily-links-of-fernand0-enlaces-diarios-de-fernand0-issue-287-ab226bafbe25?source=post_internal_links---------6----------------------------
Title: Daily links of Fernand0 — Enlaces diarios de Fernand0 — Issue #287

Search URL Search Domain Scan URL

URL: https://medium.com/@mopuxamuh?source=post_internal_links---------7----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@mopuxamuh/facebook-messenger-app-for-windows-10-download-e50b71710a5f?source=post_internal_links---------7----------------------------
Title: Facebook messenger app for windows 10 download

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----69367b37a146--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----69367b37a146--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----69367b37a146--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----69367b37a146--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----69367b37a146--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----69367b37a146--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----69367b37a146--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&source=post_page---three_column_layout_sidebar-----------------------three_column_layout_nav-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&source=post_page---three_column_layout_sidebar-----------------------three_column_layout_nav-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/@aaron_199?source=---three_column_layout_sidebar----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@aaron_199/followers?source=---three_column_layout_sidebar----------------------------------
Title: 57 Followers

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/aaron-stratton-112912210
Title: https://www.linkedin.com/in/aaron-stratton-112912210

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fcc1390803af5&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&user=Aaron+Stratton&userId=cc1390803af5&source=post_page-cc1390803af5--three_column_layout_sidebar-----------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Faa32b197fc12&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&newsletterV3=cc1390803af5&newsletterV3Id=aa32b197fc12&user=Aaron+Stratton&userId=cc1390803af5&source=---three_column_layout_sidebar-----------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://popalltheshells.medium.com/?source=read_next_recirc---three_column_layout_sidebar------0---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------

Search URL Search Domain Scan URL

URL: https://systemweakness.com/?source=read_next_recirc---three_column_layout_sidebar------0---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------
Title: System Weakness

Search URL Search Domain Scan URL

URL: https://systemweakness.com/malware-development-pt-3-exe-vs-dll-files-252ad7d9c254?source=read_next_recirc---three_column_layout_sidebar------0---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------
Title: Malware development pt. 3 — EXE vs DLL files

Search URL Search Domain Scan URL

URL: https://stefan-p-bargan.medium.com/?source=read_next_recirc---three_column_layout_sidebar------1---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------

Search URL Search Domain Scan URL

URL: https://stefan-p-bargan.medium.com/25-cybersecurity-search-engines-68bfcc2418ff?source=read_next_recirc---three_column_layout_sidebar------1---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------
Title: 25 Cybersecurity Search Engines

Search URL Search Domain Scan URL

URL: https://blog.grahamzemel.com/?source=read_next_recirc---three_column_layout_sidebar------2---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------

Search URL Search Domain Scan URL

URL: https://thegrayarea.tech/?source=read_next_recirc---three_column_layout_sidebar------2---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------
Title: The Gray Area

Search URL Search Domain Scan URL

URL: https://thegrayarea.tech/p1-bug-hunting-a-step-by-step-guide-to-sql-injection-76f95c8986b0?source=read_next_recirc---three_column_layout_sidebar------2---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------
Title: P1 Bug Hunting: A Step by Step Guide to SQL Injection

Search URL Search Domain Scan URL

URL: https://frank-andrade.medium.com/?source=read_next_recirc---three_column_layout_sidebar------3---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------

Search URL Search Domain Scan URL

URL: https://towardsdatascience.com/?source=read_next_recirc---three_column_layout_sidebar------3---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------
Title: Towards Data Science

Search URL Search Domain Scan URL

URL: https://towardsdatascience.com/predicting-the-fifa-world-cup-2022-with-a-simple-model-using-python-6b34bdd4f2a5?source=read_next_recirc---three_column_layout_sidebar------3---------------------52ee6174_a920_4d11_b88d_6cc58caf5891-------
Title: Predicting The FIFA World Cup 2022 With a Simple Model using Python

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=---three_column_layout_sidebar----------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=---three_column_layout_sidebar----------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/?source=---three_column_layout_sidebar----------------------------------
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=---three_column_layout_sidebar----------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=---three_column_layout_sidebar----------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=---three_column_layout_sidebar----------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=---three_column_layout_sidebar----------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=---three_column_layout_sidebar----------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=---three_column_layout_sidebar----------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146 HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146 HTTP 302
https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

100 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request redline-stealer-malware-static-analysis-69367b37a146 Show response
infosecwriteups.com/
Redirect Chain

https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146
https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

227 KB
47 KB

745ms
744ms

Document
text/html

162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb8d6890de13c22bdf7997edee152584f816676a6ed7426bcd33f04853993a66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 774b89c78f249a00-FRA
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Mon, 05 Dec 2022 08:51:08 GMT
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, lite/main-20221202-232731-ac903845d4, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
medium-missing-time: 217
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 567
x-request-received-at: 1670230268179

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 774b89c5ca08bb65-FRA
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Mon, 05 Dec 2022 08:51:08 GMT
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 48
x-frame-options: sameorigin
x-obvious-info: 20221202-1727-root,d09baca1
x-obvious-tid: 1670230267946:acd05d1456c8
x-opentracing: {"ot-tracer-spanid":"035f651d77a41272","ot-tracer-traceid":"5c28e9a1782e9657","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 18 KB
1 KB 66ms
57ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 1878
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cc5968bb65-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 05 Dec 2022 10:51:08 GMT

GET
H2 200 1*MVZ5xWBD_4cujO5QqxL4GA.webp
miro.medium.com/max/720/ 8 KB
8 KB 181ms
173ms Image
image/webp 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*MVZ5xWBD_4cujO5QqxL4GA.webp

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44aeeb7474b5c96d72465b1def51cfee781d78871ffaf291b9ae0487a626be7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 525
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7796
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89cc5967bb65-FRA
expires: Wed, 04 Jan 2023 08:51:08 GMT

GET
H2 200 manifest.0709973c.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
6 KB 124ms
114ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.0709973c.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea1c680c56cb305b54bc5ed9a88b539df53a4db465e5185a2948a0191d59d745

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
x-amz-version-id: 0FUFHo59332_ZM5ye.Ie05.1nscR9A5Y
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K8JB4F4HPVW2XDGK
age: 205375
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 7E3pUtSCN/SY95hpPEAo+supHJRRMZh/zUVFe5dBUPU6LOR5ApN9g6LLdXJMVnAhtGkfKDafoifkAMzOq0vhLQ==
last-modified: Fri, 02 Dec 2022 22:50:13 GMT
server: cloudflare
etag: W/"d68c67995e2a68d2d527b4a8e005597f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cc79a7bb65-FRA
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H2 200 3034.5bf7db30.js Show response
cdn-client.medium.com/lite/static/js/ 698 KB
216 KB 78ms
69ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

955c47ee44b0feca62780cf5cb5aaba68e9fe3a04677da7795a333c19bc572e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
x-amz-version-id: y1rYgVhPualMEnaz6jRgLipmQEO8IsWZ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: TKBCH6NBJQ8Z13X0
age: 1037536
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: AUsXzcuegx1uEV4qBtmPsXVrs9yGeDzF0mujF+pDrFUlTnEkugR8EYgN7dmyhbNbmJISlX4v/7s=
last-modified: Wed, 26 Oct 2022 07:23:02 GMT
server: cloudflare
etag: W/"7110b0720ae180303abf08a9f0824e88"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cc799fbb65-FRA
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H2 200 main.93ba9696.js Show response
cdn-client.medium.com/lite/static/js/ 778 KB
193 KB 117ms
108ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.93ba9696.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ea3cadfa62508fddc0401e3b85709ada4ce576a464bfab0fb569ca461bbd2e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
x-amz-version-id: B2WGVTRBNdqWe7N29WG3PKAYflgWeTZf
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: M73XJV05TD0Z2CS8
age: 222667
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: RFjADVvkGt6gIrqBFQ4dog4nFolt/WrPpZ/vbxTwjQm6XTvhZoVvXcCNCrlhSrfXY5dzuPDck9s=
last-modified: Fri, 02 Dec 2022 18:42:24 GMT
server: cloudflare
etag: W/"f09ddb0ce3ff865513ee48d8037a4562"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cc79a1bb65-FRA
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H2 200 instrumentation.c71f0248.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 121ms
112ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.c71f0248.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
x-amz-version-id: 5yZx.RXNRFD2wk5kW8slm2OPTbsuZqQM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DN80NP6MC45XWT2W
age: 228314
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XL/2Jb9u14qm8cCj//wgdYe0Ggn1t1G4gX21uBRkpd82xhiecCSbOyioU4BrWRYiv2q6edekGpo=
last-modified: Wed, 07 Sep 2022 22:21:02 GMT
server: cloudflare
etag: W/"1c4019035217766e8fa41b4d396c90c0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cc799bbb65-FRA
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H2 200 8732.9d4e0df2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 65 KB
19 KB 123ms
114ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8732.9d4e0df2.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

008b735b5e27e2ddea50ac42eeaef63fae74d969ff15e3144c7b9f7c927baffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
x-amz-version-id: NxzGjDoZXtQ2GwkHKvwxxgw5Nexyfnov
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VKC99QTCBK1JJRSK
age: 1004835
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: q5KO0l+kDDFVGCiz9TdU1XKQr813wXW0hWzBb+kJKHGPuS2cbr/qlFqjRQD4lviAyLSsWb0H0qU=
last-modified: Tue, 28 Jun 2022 21:50:52 GMT
server: cloudflare
etag: W/"6282534288238b33d8aa9c488837d8c9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cc79a3bb65-FRA
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H2 200 3447.00c8d7d7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 86ms
77ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3447.00c8d7d7.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc3bdd29c56ec82f7f192a18193d47f93dc2c4ae6096a69d1158e9f1460a5a11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
x-amz-version-id: wxcXSCM_bcSaX49t4LfRSeBOd.4Ud2pL
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA25KRDFWDB23VX
age: 985032
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ObsPuQDpb7QQfFdBdSvGiHiRGg8dzGcxdM3TEhz7uSJWBOPIc0zHvTU1TUnr44JtGcjtkpIySoM=
last-modified: Wed, 23 Nov 2022 20:58:56 GMT
server: cloudflare
etag: W/"d7b3b7ed2a28aa9ee1d728f93856180c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cc79a5bb65-FRA
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H3 200 AppLayout.44ad87cb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 117 KB
23 KB 260ms
212ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.44ad87cb.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ec458ce5b46d7eedf6d74e2473f71e6367ef2116cd303f8e5a111b01025b40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: IDvBkWhM7ANse10TWxyW_HqN5Flml_j6
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y76ZE90QNWPFVSCA
age: 205376
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: P2rTZ/B6Q0Da0f36WqroBZcmg/+mIWmtROc/uPVsEueQh/sXT5GBjeZKf2ufGUgf/8G9mITuG3k=
last-modified: Fri, 02 Dec 2022 22:49:44 GMT
server: cloudflare
etag: W/"0034ac3cc1c72c66a83d03c31cf7d361"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3938bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 reporting.bbdcaa9d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 261ms
213ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.bbdcaa9d.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: hDbV.8OiTMB.Vn8rqDBCJ.dxBb4bMoaR
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2R4YTKBCDDS6HF3J
age: 563331
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: hpLJFwZLVe3kLMmVyN1xu6SbW8NO3o//weOaZ5BXpjjUY6yHS7cvPj69YBWyN1dhbN/YbQe1UB4=
last-modified: Fri, 01 Jul 2022 00:11:40 GMT
server: cloudflare
etag: W/"72bc359fe3377069bd162b3be6ed3d05"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd393bbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 9658.17030d28.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
1 KB 261ms
213ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9658.17030d28.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

601f0395312c80eca646294da8644382a9187a1ba327cd2e61afeaebf72d404c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: LU4sW2n.29KPKm37dv0UiACV943hIOiN
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W2PN8GSGWHAHQJ9Z
age: 208712
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: zcUAQn0HWwZuYfxpPxJrwGEaUadYpYRbalVguqAYCRPp4TaHIYxWesViclQc9OGHGbVwAGwOaRg=
last-modified: Fri, 04 Nov 2022 21:15:59 GMT
server: cloudflare
etag: W/"980d4d6173178591ee5013487f00755c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd393fbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 262ms
214ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: KZ14F4DJ39Z3KD31
age: 515336
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3940bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 1961.72b183c8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 268ms
220ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1961.72b183c8.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

020cd8f8d0924d2122db07b848a8bd3217502a2cac01ab2349d71d6b8efce2eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: 2UFNHQ528nazPWxJLXg3xgI4xct9fQKg
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Q560EA8RWSJNZ228
age: 1178305
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5nJF/5DbOofSrJm286aWs7mzJkI6QEw1wqXGxYOJ3CaAegeeOkDjXIHWD5G3HflQDdr5fkFLhk8=
last-modified: Mon, 24 Oct 2022 03:04:44 GMT
server: cloudflare
etag: W/"3f014355f94dd90a298dfaea41b43523"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3942bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 5472.a7dd22a2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 268ms
220ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.a7dd22a2.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: gSXxPhc0hcRrksmL2PGhPrVOkWw4VC83
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: TYK0PEA01R37Z2AF
age: 213337
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /HTy1mXHJwPGew/xYMqQ7tFbF5Jg3lNbiP2FCK1QESRXm8fU5OQ78/pj2bTQ3xJ5WF5PwhIz13s=
last-modified: Fri, 21 Oct 2022 21:04:08 GMT
server: cloudflare
etag: W/"bfe1dd364c3e6da6632a1d6c3b6fb9a0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3945bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 2130.e6d6e16e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 223ms
177ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2130.e6d6e16e.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2a9dd3b8ef4ec3f42318f6d2bc9a739af1472478257be2ec1bc85977c42a2e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: feHY8AqvQ4htitZNX_Cyn_81uTwXNshR
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 690NB69BVT4W8V5E
age: 600104
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: DRXY5tAIM8Gr03SqacG7kFSBNZbHxkupg666Q7YXKbhW0cSV4LJZq9w7MeHlJZ6FRrcmu8/UuE8=
last-modified: Fri, 25 Nov 2022 08:50:45 GMT
server: cloudflare
etag: W/"553a7c415dcde96546d5458e576e3abd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3928bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 2981.3c13b705.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 252ms
205ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.3c13b705.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2cfff7f9e5ae872a94184b0fc2a35af5c0c1687ba0099349708d02972ba0e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: flgBQ3ITusZieO73Mu0xsSFY2vYmHZMO
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VP9RBAQK0GXSF95J
age: 582697
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Tg8vtbqTsgAOFtd/8IGSjt/HyZ6t+xQ8455LuQ09mi0EU7RrMx2snMBTF70/Bl3Fj8gqMwap+f4=
last-modified: Mon, 17 Oct 2022 13:57:10 GMT
server: cloudflare
etag: W/"5f0c27fb992a26bd3f0d8b1937fc0595"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3929bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 6507.da0f4b48.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
2 KB 253ms
206ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6507.da0f4b48.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40df506c1893a77c1d04d8682662a4f41046954d8b560ac1172de9fcd1b7fb33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: dtN8lTrK.gK5W5rO3zmV3_QWk6sHiwXM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: V6ABBBVPRHQAXPX7
age: 552587
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 1r5BvJyIfw2qQWso59+bFnBFPWfobOpwfCF8Ty+t28yImrVBhEOSSGm20BKk+QRk9Qmx0CLmov4=
last-modified: Tue, 22 Nov 2022 21:53:19 GMT
server: cloudflare
etag: W/"35d06b6d45cefbbf1c1298d3bb2cae9e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd392abbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 3115.b23c6c7a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 133 KB
38 KB 254ms
207ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3115.b23c6c7a.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be2516488e3300a233b2e780a956bc703d056360bd97b66eb510dbc4e661c827

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: TjcPWpMTGTf8rDzCSmSo7Bww3ajQRos1
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: A780CM2CW3ADACH6
age: 375164
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: xBY7MjVR/zN9SqOtVmZqYss0X+BGN/DjsZAMsoHBGvbAlRqridiHMwvDq/OlhWqY0NgR8+LHIDU=
last-modified: Wed, 30 Nov 2022 23:45:03 GMT
server: cloudflare
etag: W/"f949c358c893cc6f9010a8ef655b527f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd392dbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 4161.74a9962e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 256ms
209ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4161.74a9962e.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd71584c2afb9dec99438d16e68ffa174a200937e5e7fb527237b4ae96777f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: AFvp99SDJNMLmZX.6ljRiKtDo6jHV508
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60X24AC5WQ51D5V
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ehfTxiBASGrY0OCaYkp9i3/td5pfTHSEN6V5n1NqlXcz5U1NscPtbwaHlkIxriv8gY/DPX0O4+Q=
last-modified: Wed, 23 Nov 2022 09:44:39 GMT
server: cloudflare
etag: W/"a2182ee724ea960dca7729163df30abe"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd392ebbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 8195.c31519be.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 27 KB
6 KB 257ms
210ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8195.c31519be.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2db760f6fe970461e103c1fe6ad1005af87dd510c8291043fe5ce63aec3374ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: uAqH6kO9BwFAZcxhPUqaEgZi.UE8RmBA
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: N79NADJW2848F7KN
age: 222688
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: YMOfbyNhkpApx54KGxHiAiHFrDds3oLxwhfNDIIkfAdpgQ3xxQrFaQqE4CuyNYKsOrN72wlZWILDGthBEp/qvw==
last-modified: Fri, 02 Dec 2022 18:41:53 GMT
server: cloudflare
etag: W/"30793f51d53e43641554a4b088146b76"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3930bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 6336.6353f868.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
4 KB 259ms
212ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6336.6353f868.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8208ed3f5800f2f02cc71aaf1aa172cc36366ac6b668675b5b37fe7181db33e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: P20dW67vNiBWSsMUWJtPZu36oImbtXva
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: N0WAXP6JA0DP8PKJ
age: 1108459
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: VNPZdrlNPvedE9gwqgaXlSm7bomV/wLmf2ob6yjJJvFh4jfTm0pQT1Glcol7Qyykqen2wMyEmU4=
last-modified: Mon, 07 Nov 2022 20:08:10 GMT
server: cloudflare
etag: W/"b9826131f30281b3ca262505fed0d243"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3932bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 3577.44792bd6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
7 KB 259ms
212ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3577.44792bd6.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94b3d8441f4279288223e03cfd96a18bed293c24ec1356d9bd1196d1888b3d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: lkWpjx8VLhNfZ8QGm3iAOXH1y3fP2jEE
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: N79G5HT70F9J403V
age: 222688
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: wqhaoH8M6G2HcCQ7fa8S4GI60wfCECdym6eQCsi8yjt6LR3FKvkl+6MhvE7MsX63zoGJZ5yyCS+sJXz7OqzbEQ==
last-modified: Thu, 01 Dec 2022 22:52:59 GMT
server: cloudflare
etag: W/"f6b4c8293b24c2e2161fc8cef285790a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3934bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 6495.754e829f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
5 KB 119ms
75ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6495.754e829f.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a745761cd28ddfb1e5d1cdff61e5e1963c9c58f2e94374557af7c7f6ee8d6a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: rlKqguiBAlHGru7U_A7jA1LW7_RaB3Vw
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60WMPW3E8CP360E
age: 513947
server-timing: cf-q-config;dur=7.0000096457079e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: gzz/oMItBIkiYI5p1q3MXbK6WWKlvaVXTRQLdZrSuEWdtyU6Z7bPZb3aKUXXr2B4aW6fzrBTn4A=
last-modified: Wed, 23 Nov 2022 09:44:42 GMT
server: cloudflare
etag: W/"b9d39ea63ec4681620ab6c177661d5c5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd38ffbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 3496.cd0d34c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 41 KB
12 KB 139ms
95ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3496.cd0d34c4.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3be3d67eaad946d3742b446ae48d4daa0af87b3cc807784ac346ba86f6b06537

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: 4SUIIDeMIb92c6EOT3q3BA0TZ0_mOqe8
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60GS1XMF0R6QFGN
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 1H9gQjxGnDw0/FSMW1eV4itsx1Lms6gWEUWIehvEIVC0BccrdeH3p+QOKPj99WNi8FpFx06GmvU=
last-modified: Thu, 24 Nov 2022 09:41:24 GMT
server: cloudflare
etag: W/"0ab64efe07c12fb40c7806bdcce1a783"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3902bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 8468.5750314c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
6 KB 139ms
95ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8468.5750314c.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60441194246cfbc97dd003260a1be2b54fb8ec679d36cddcb0714b43e6d619a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: vP51drdWvD0bF_7qsPzEDvESpqQj5fTl
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60X5BN90G8XZQZ3
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: TOyFpmsBMGqAPKZ7wGZ0L6u/8Wd2F9n0Gf5Qcmuz9NHOKZptYkdy2WguMMQz47Ik1lsICIo+x+8=
last-modified: Tue, 29 Nov 2022 09:32:28 GMT
server: cloudflare
etag: W/"e2f2af01cdc8b511f8f8860ea61a87e1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3904bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 6804.3651d6ad.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 32 KB
11 KB 180ms
135ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6804.3651d6ad.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07b60df462e09543e3ad6724353944aa5826afd5b38388a383aebcdb9f0b4863

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: OU4N6tl..T9OWctGa67ZOBlXTe4uiYNL
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA84DNNZFDDSTBN
age: 985255
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: +jfInuRGcZNyxFpxPyx7OhqqyQtDWxGO6ZwGqnBYBt9hrv/gq6Z3pbHz/+oefYj5YKd7LKo8tUo=
last-modified: Wed, 23 Nov 2022 20:59:01 GMT
server: cloudflare
etag: W/"7e1b793230c0c9c7e794ea52a634955c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3909bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 864.629340cc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 181ms
136ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.629340cc.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9983a297fa001cd7a6ae6048ddd496df43ff42f4ba51ec9c5c6d214ac5999a45

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: 8tiydUqCosOl_uBeAEP.0pzlrtdDnwJB
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60NH37FZTSX1T2Y
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: NdjQ6frLnty/90qL8vfxce5Q+ifN2dNBxh3tGe3nSdR+5hzTawPSVI6tiCJu377xey62ahxvTf4=
last-modified: Thu, 24 Nov 2022 09:41:31 GMT
server: cloudflare
etag: W/"35425e37b13ced78d2e09a3f2b2b46d2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd390bbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 1932.1f0b15f4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 183ms
138ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1932.1f0b15f4.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39f638c6409c098e84d8fc6f4cd1a45ec2d02cc51ff98da918d7e462cf32999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: 5Cb0ljzTLXRjGJ0jp4Ew49xai6ONBSZ8
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 3XP9KC71F89XYE7H
age: 414615
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Va9yeTvwvnizjJMGrzsPu1BlaqDAGpWjeaiWWK/9TnBww4iPwh+kgoCsxanH6k6ssTL/e/p12qo=
last-modified: Wed, 30 Nov 2022 11:11:59 GMT
server: cloudflare
etag: W/"d24cff53b6121f829783f76405c03453"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3910bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 5722.6f39656a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
7 KB 184ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5722.6f39656a.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16bc64e283626db91df5a8defe54030f24e31c44589f7adb103bfba48f21ccfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: eNq1u1pYsDiIwA9BHHVkRl3nVy.D.tJe
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA6ZS8BGSNA55A5
age: 985255
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KqQOsqxTDensPQ0eQUCHNor/WtjhoxwCnn1GZ+zlzAVRNJ7vlDw/9nJZaQFTHwG5dbIob72aVe4=
last-modified: Wed, 23 Nov 2022 20:58:59 GMT
server: cloudflare
etag: W/"589d331bd6b6ee90c43cb1bb6f2b6106"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3912bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 2920.36206b57.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
6 KB 184ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2920.36206b57.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63ae87bf3014acfdb39910d6e88ca639effe4dd20fa772da393e53567e5b0f17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: eB7tYnNRTYTo31nG2COxArLsorgfQGAO
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60KHDE3CBDD0D70
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: BkYdw3byyJXH7iK9e5oXOOA5Q+k8sZmXgXeePokTsbbedob/MK4j+bHQDBrG2nDiTlC3ScnPnxg=
last-modified: Tue, 29 Nov 2022 09:32:19 GMT
server: cloudflare
etag: W/"1170e4102b490c3d6375259d96c99f7f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3913bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 6912.32116829.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
2 KB 184ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6912.32116829.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bccaab228d8683e2292c683c73b54ab145855b33f5bce0884b4b15c5fe1fcb14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: bvWKJjmv3APLMBo6vryDjaLiZ.5lUghI
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SX3108JYQ1CAD2MQ
age: 254002
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: uAwbJjWcjalNZob6iozAPdYa+bA/LYT0OdK9KMUNxFT+97ZyH0w/Mi91CdbEjCMZDnRKyn6GBas=
last-modified: Thu, 03 Nov 2022 11:11:11 GMT
server: cloudflare
etag: W/"8a542445b415876feab2407b21f58d20"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3916bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 8051.2f647101.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 59 KB
14 KB 214ms
169ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8051.2f647101.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8a9419c6b434d633e2728c97782267bc1936722c8deacc8a7ecd76949dbcc15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: zzByOQdt6cyq0vMrU4UCKappvQCIYlds
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA9BYNDJACZKQZ1
age: 985255
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 8SKy3nI4TgyCL4sW1/coZ+P0wzrzDJsDzYdP43X3XPXIXYH7FKbWSgmnUnbefVAaCG/20PCtG5E=
last-modified: Wed, 23 Nov 2022 20:59:02 GMT
server: cloudflare
etag: W/"3f7455fa498ea702ab8e5391403e9a02"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3918bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 4959.f3156dd2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 41 KB
12 KB 100ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4959.f3156dd2.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1985936d8497b298c344f8b16790cbaceb73ef98b301b350daf3b049cdd3cdd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: 4nKL2IUW9WWFG_9.581v6qb.Zc37mgUV
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 3XP94X5YB3733Z3B
age: 414615
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: gsGH0Y61RtN6Pbt/xrNRdD9EE7eMHosVMHjXz49VJ7Nh17Y76GkPPZDir55UwNSMSOxHr8rSzb4=
last-modified: Wed, 30 Nov 2022 09:55:59 GMT
server: cloudflare
etag: W/"20362e75b357a02e4a71a95ed36822f8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd391ebbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 5267.52eaa435.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 25 KB
6 KB 218ms
172ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5267.52eaa435.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57e78ac026d5968225b54a59c52b99a6e301b9ec4fb13c00a60426a0d685eedd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: kr.gL9qgd0jopYo9Uzc0XQ3zRljxWJ3.
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60MEW7GQQY0BGDD
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: kjHRjhX8Nl1WdaO/Pc5olArSjKtFdxpXxfLuVyKA3kb6jbU4UW7BdqFESKEcPlZX+NZr7gk6jbo=
last-modified: Tue, 29 Nov 2022 09:32:23 GMT
server: cloudflare
etag: W/"3c1f6e1c347baf3454bc263cd5f99b68"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd391fbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 7129.bfaa754e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
7 KB 218ms
173ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7129.bfaa754e.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d35c7a9d627398567e75636b5a070fda249db29eac7b19bdd8077a43468887

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: JHV0H4.jbSO5KhhHY0ueuzW3oLpFmbF2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K92689KFZ5F3HNRB
age: 293813
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ih0l4lwU8XjcVwi3SPLIHrwVh70ovDZhtxpb+s2PK2NRNMDnJQj3qVJEjArnC5ZAHRmSAtd5X0Q=
last-modified: Thu, 03 Nov 2022 21:15:48 GMT
server: cloudflare
etag: W/"0db7ee9db293738b618fa7bb5dcf7fd3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3921bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 PostPage.MainContent.c5266e55.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 119 KB
30 KB 219ms
173ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.c5266e55.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8e62e884b678aebbc954199d934915a4d99fcee2055d9075259a7fdfa9d94bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: zC_CdomqYf73ptAR3l1e4aiiQATBB_3F
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6GP4DNCB353WVEEE
age: 414615
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: kDvoL/oSGvoeNys8+VCLsjhEE8BX9otWLMzi9xDB623I2SPXn0bo3wbPqovLXya3EY/Y7xXCCZs=
last-modified: Tue, 29 Nov 2022 16:51:19 GMT
server: cloudflare
etag: W/"1e4c312fdc5a1d05ff27cb77622cf580"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3923bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 8261.327b4710.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 221ms
175ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8261.327b4710.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93be53fb36b8b5292015b9aef774a5bfa07553e4245affa31186e4f7b3ec50ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: TWef8fCHr0x6xEkBNaDd1iJPHVTzdedM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VCJ2MGRC298H16DR
age: 552366
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: w6fx13Y+1pjSwTPocSTN6V7ppIg6nQyS0MWv/KY9Ovpf2kKlG9HvLbhAHpgOeEYIIBEnx76zbJk=
last-modified: Tue, 22 Nov 2022 21:53:22 GMT
server: cloudflare
etag: W/"35e8c8afff5e798b6bbb09a4cac45fcf"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3925bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 5180.8d4bb5c6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 32 KB
3 KB 222ms
176ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5180.8d4bb5c6.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4617e0e46708dd89cb6f08d4f1bc54e8e503da916e914ddc6c4516288955b465

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: gb8nDgxes_jZsQEflNgusaLWBCIDXTh8
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60QFBDH73MGEBM9
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: bgKZ7k7dMI8Ye6fJjf2DmBoBO+GmLSVQaIaZ+V6WjTNSQnH8uBZWzQWY3WtG57RB0I3/72wgDwQ=
last-modified: Tue, 29 Nov 2022 09:32:23 GMT
server: cloudflare
etag: W/"dcbd4a566a9267422196feebce3e6104"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3927bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 4015.0763664b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 27 KB
8 KB 270ms
222ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4015.0763664b.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dd67a26a3fc8f7e024f4f64403b638f7465578696913f6f02606d242233d969

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: tGL5KEOOdPpHVaknGZ3lrA2iYZRjSMZA
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60SVHMMX8X1QGMD
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: x0rrbP8joip6iVHTvVoW23GYqccGTTBRV5x7Y0PPT3ag+x6fKmm97LSR19/OrgaxXBOuyncxYFA=
last-modified: Tue, 29 Nov 2022 09:32:21 GMT
server: cloudflare
etag: W/"625327398121c585881579f1c9129319"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3946bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 PostPage.RightColumnContent.e074da93.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 32 KB
8 KB 289ms
241ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.e074da93.chunk.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c65351736a38e50e862be1df239efcd905acee755cbe6bad762391741f37a74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: caubJkaJBhmKRxPxJiFgluCOx0xtuW5M
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: G60VNX87GZK92PSJ
age: 513947
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: wGBrCPhbeyzTOO/gVBP8gn0y8Wtm09i8ZGK1DHJslAdWoActLORcFVfNLnV1uxBCpFCrFyNWvhQ=
last-modified: Tue, 29 Nov 2022 09:32:51 GMT
server: cloudflare
etag: W/"0844d0814dbdad619656f5714b460d97"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89cd3949bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 264ms
184ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 774b89ccfc549b74-FRA

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 194ms
149ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 25831915
x-envoy-upstream-service-time: 32
server-timing: cf-q-config;dur=7.9999881563708e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cd2ad19a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 139ms
94ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 24480269
x-envoy-upstream-service-time: 16
server-timing: cf-q-config;dur=4.9999944167212e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cd2acc9a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 138ms
94ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 8222779
x-envoy-upstream-service-time: 62
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cd2aca9a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H3 200 source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 100ms
56ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 8942206
x-envoy-upstream-service-time: 32
server-timing: cf-q-config;dur=8.000002708286e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cd2ad39a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H3 200 source-serif-pro-700-italic.woff
glyph.medium.com/font/7f2eb60/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
14 KB 193ms
149ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/7f2eb60/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2be45fe7a399b7cd926a3daf4d472a60b61eefe3e9c19a68cd0acc2e4b3d991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7667225
x-envoy-upstream-service-time: 1039
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cd2ad59a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 229ms
185ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 24187625
x-envoy-upstream-service-time: 31
server-timing: cf-q-config;dur=6.0000020312145e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cd2ad89a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H3 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 212ms
185ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7667224
x-envoy-upstream-service-time: 1475
server-timing: cf-q-config;dur=8.000002708286e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89cd2ad99a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:08 GMT

GET
H2 200 1*AYD5ja6D0tjSzJ4RjetQtQ.png
miro.medium.com/fit/c/64/64/ 2 KB
2 KB 96ms
94ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/64/64/1*AYD5ja6D0tjSzJ4RjetQtQ.png

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7bdc2d62e97c3bc273f6aa7322ca0281b5d116defa077ff7d920f65aff6c19b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 524817
x-envoy-upstream-service-time: 69
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1953
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 774b89cd0b1ebb65-FRA
expires: Wed, 04 Jan 2023 08:51:08 GMT

GET
H2 200 1*nOkDSeVeGRLLifuHpUfRqA.jpeg
miro.medium.com/fit/c/96/96/ 5 KB
5 KB 151ms
150ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*nOkDSeVeGRLLifuHpUfRqA.jpeg

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83771fdda5b4e88e849fe667af3dbfa706f1f89c0a8d5e08e1b942d7eafbc5f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 65
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5280
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220912-192647-a63a7427a9
accept-ranges: bytes
cf-ray: 774b89cd0b24bb65-FRA
expires: Wed, 04 Jan 2023 08:51:09 GMT

GET
H2 200 1*JnNNiPyNAwvdsKkOHBUvuw.webp
miro.medium.com/max/720/ 5 KB
5 KB 144ms
143ms Image
image/webp 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*JnNNiPyNAwvdsKkOHBUvuw.webp

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c05ed6b9ad635315c5fe88c553940999aaa2df54e54cb0a8ebc76ef9066e392

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 18
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4750
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89cd0b27bb65-FRA
expires: Wed, 04 Jan 2023 08:51:09 GMT

GET
H2 200 1*3DlzpJp0MwUul0vwWdPkdg.webp
miro.medium.com/max/720/ 9 KB
9 KB 146ms
145ms Image
image/webp 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*3DlzpJp0MwUul0vwWdPkdg.webp

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f040c8931649e6949cf8049e28a05fca241c5fe6bcbc6374b191056f72dfaa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 198
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9138
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89cd0b2abb65-FRA
expires: Wed, 04 Jan 2023 08:51:09 GMT

GET
H2 200 1*GbMOFYsSGarUnqemdvAbQg.webp
miro.medium.com/max/640/ 4 KB
4 KB 149ms
148ms Image
image/webp 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/640/1*GbMOFYsSGarUnqemdvAbQg.webp

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da283f4bff443cfa51acb41589de9218f04f3ffb966420257116442c70583762

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 155
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4474
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89cd0b2cbb65-FRA
expires: Wed, 04 Jan 2023 08:51:09 GMT

GET
H3 200 1*6k2j6r4dJubJZYYolE6KRg.webp
miro.medium.com/max/720/ 28 KB
28 KB 178ms
177ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*6k2j6r4dJubJZYYolE6KRg.webp

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00afd80475cb263a0481ebd053c517d97f8d91d65826b29baee3eade51c7a864

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 938
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28638
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89cdaa13bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:09 GMT

GET
H3 200 1*nOkDSeVeGRLLifuHpUfRqA.jpeg
miro.medium.com/fit/c/176/176/ 13 KB
13 KB 177ms
176ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/176/176/1*nOkDSeVeGRLLifuHpUfRqA.jpeg

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3b8be9acb1b5d205e346bef65e1b27863ccb807747e4d3ded979759016e627

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 46816
x-envoy-upstream-service-time: 62
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13032
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220525-094934-61c2d29c30
accept-ranges: bytes
cf-ray: 774b89cdaa0fbbe5-FRA
expires: Wed, 04 Jan 2023 08:51:09 GMT

GET
H3 200 2230.571ed6c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 57ms
57ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2230.571ed6c4.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.0709973c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: jyYM.ZgM9PE2gJOEnsek2uD4i4PcWdTK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 5B1CYTHMK2616DY7
age: 1178185
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Otu4Bzadtbnet2y7EcEb8o/GGiEGQboxNDtYyXCV5GM+59Q94+pwvBgKKEOrg9xRHn4Y4uwRjlE=
last-modified: Mon, 24 Oct 2022 03:04:44 GMT
server: cloudflare
etag: W/"80138a2fe8e56b8f784a37863eea34c5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89d29e43bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 PostGiveTipOnExternalPlatform.00ea0cc1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 51ms
51ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostGiveTipOnExternalPlatform.00ea0cc1.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.0709973c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41b8c750933df03e0beb11e1e362c1fd918eca7536d5480fb1dc74e58a93a19e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:09 GMT
x-amz-version-id: hc4z7sYPnnI95L7G2Lv8B8ITjxs6sci6
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6GZHVJXD4BP93ZM2
age: 208717
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 87jdKStWmhZhCCn0awZYmomLWe8TnUtSLUwj0FBrxq/P9pKAT4uO2pTYeeR57mhmntoXgIM2pqg=
last-modified: Fri, 04 Nov 2022 21:16:14 GMT
server: cloudflare
etag: W/"3aaaaf7df87a1de9c96c2f8e94669f30"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89d32fc8bbe5-FRA
expires: Tue, 05 Dec 2023 08:51:09 GMT

GET
H3 200 1*AYD5ja6D0tjSzJ4RjetQtQ.png
miro.medium.com/fit/c/32/32/ 925 B
1 KB 58ms
57ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/32/32/1*AYD5ja6D0tjSzJ4RjetQtQ.png

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f26934161f6266bcac7d1fe648678b69d5f5bf5585760d7f70b01ef800d70210

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 164662
x-envoy-upstream-service-time: 36
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 925
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 774b89d398edbbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*nOkDSeVeGRLLifuHpUfRqA.jpeg
miro.medium.com/fit/c/48/48/ 2 KB
2 KB 66ms
65ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/48/48/1*nOkDSeVeGRLLifuHpUfRqA.jpeg

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d5b4bb7e718cd0194efc67fc0f4dff907764709a5f1beeb87d58674def0da66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 46816
x-envoy-upstream-service-time: 52
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1996
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89d398f4bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*nOkDSeVeGRLLifuHpUfRqA.jpeg
miro.medium.com/fit/c/88/88/ 5 KB
5 KB 60ms
59ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/88/88/1*nOkDSeVeGRLLifuHpUfRqA.jpeg

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee4aa0f090831e75f50ed0dd0033baf737f236b59dc9995cfc2e176bac39d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 46816
x-envoy-upstream-service-time: 47
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4837
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221110-232540-7dbbb888f8
accept-ranges: bytes
cf-ray: 774b89d398f9bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 143 B
530 B 212ms
211ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79db687a4418d9b3cac097e9245efd203dfc2de7758b0dea338f1e9003895e3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 18
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"8f-4YkLCPGjnF5mfzqehuNLyJWcKQg"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079
cf-ray: 774b89d49f2d6949-FRA
x-request-received-at: 1670230270291

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 1 KB
937 B 290ms
290ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f076a8367c7720a7cfe3b288e02ae9d953c926469c16a6e5643d3162f0096f58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: CollectionViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 73
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"558-YTZizd6F1CAG9G4UJmkhxGXx5ao"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d49f316949-FRA
x-request-received-at: 1670230270301

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 1 KB
1 KB 265ms
265ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdf51f137ccee583f6af64c51e776f3319764a9688ca74a060bd528c04d63a63

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: FloatingPostActionsQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 79
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"4f1-2D7n1X+jUMqIy+HC5kFdolBkxlU"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d4af396949-FRA
x-request-received-at: 1670230270286

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 210 B
575 B 218ms
218ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62751d0d1a6f1593656e262f9c3f51b69e36348bb0e3a300bda2b75e23b8890d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 45
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-3sYGu5igd4weq1R9AjcnvBfdeqc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d4af3b6949-FRA
x-request-received-at: 1670230270280

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 210 B
578 B 247ms
246ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1908ea18abf7129be431abe3e968ff0c2400878eb166005f7ed8a44f290e6f06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 49
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-y/RZ42sUz1EcMnZT6/zTG/WoRzo"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d4af3d6949-FRA
x-request-received-at: 1670230270287

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 108 B
541 B 270ms
270ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: PostPageMeterQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 61
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d4af416949-FRA
x-request-received-at: 1670230270315

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 2 KB
1 KB 270ms
268ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

837c2540210f4f3f89c58d197b57570e30a60637cfed3550f9bf2c84a48bcf58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: PublisherFollowersDialogUserQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 88
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"96f-j64rRtajJPMPOp/Fc7D5AwdXkT0"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d4af4d6949-FRA
x-request-received-at: 1670230270281

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 5 KB
2 KB 359ms
358ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e00917aa85ddb8fb0dc4d0aba0524e1b0e1231a17096c8128f0d6f404d95da07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: RecircSidebarQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 183
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1509-mtfuL6/WZY+piAWHKuAA5ZE77qc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d4af516949-FRA
x-request-received-at: 1670230270282

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 96 B
531 B 250ms
245ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9a241752705aad7e5217935b989cfb08cc24037ccf8211b5cfe275a5636bfdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 50
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"60-v+jjkXr0lAlyan8KgfGejPZ7VgU"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d4af546949-FRA
x-request-received-at: 1670230270298

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 103 B
513 B 228ms
223ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e304bb21db9e8a9fb415f9747480311477fead1968c47af452f1d7d47c7380e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 29
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"67-iUVgbHu898Fh+uzCnAKSytesX8E"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079
cf-ray: 774b89d4af5b6949-FRA
x-request-received-at: 1670230270287

POST
H3 204 rum Show response
infosecwriteups.com/cdn-cgi/ 0
180 B 46ms
41ms XHR
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/cdn-cgi/rum?

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: application/json

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://infosecwriteups.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 774b89d4dfbe6949-FRA

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 81 B
496 B 205ms
204ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79eaa975f95f9f21cce1ec3884983a980e591ca02c65da70b9bfdb90d9b389bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 32
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"51-TvtZpv+/5GnD536lNHfDxr9J+5g"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079
cf-ray: 774b89d4fff56949-FRA
x-request-received-at: 1670230270326

POST
H3 200 /
infosecwriteups.com/_/clientele/reports/performance/ 0
0 209ms
209ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.93ba9696.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, clientele/main-20221122-003601-db8b653b35
x-envoy-upstream-service-time: 12
cf-ray: 774b89d6cbf96949-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
infosecwriteups.com/_/clientele/reports/performance/ 0
0 195ms
195ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.93ba9696.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, clientele/main-20221122-003601-db8b653b35
x-envoy-upstream-service-time: 11
cf-ray: 774b89d6cc046949-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
infosecwriteups.com/_/clientele/reports/performance/ 0
0 191ms
191ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.93ba9696.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, clientele/main-20221122-003601-db8b653b35
x-envoy-upstream-service-time: 11
cf-ray: 774b89d6cc056949-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 120ms
37ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 07:15:46 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 5724
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 05 Dec 2022 09:15:46 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 72 KB
22 KB 152ms
50ms Script
text/javascript 143.204.237.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: infosecwriteups.com
URL: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?gi=a0d694495baf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.237.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-237-24.cph50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 83cad37f70113f7b8bbb98c2ef8ee949f9a611e402e55ee826aef65130f2ef77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: LzwY9oP1_KD6QZAz0SCDQRP53VCVCZV0
content-encoding: gzip
via: 1.1 8cd193739d511303cb3678dc24369a0c.cloudfront.net (CloudFront)
date: Mon, 05 Dec 2022 08:49:05 GMT
last-modified: Thu, 17 Nov 2022 20:07:47 GMT
server: AmazonS3
x-amz-cf-pop: CPH50-C1
age: 129
etag: "2a6320386437cc44ae1713f25f6ea30b"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 22048
x-amz-cf-id: amfQEIXtm6WClqvgtbKdZvhgeaO5oe1CEtSdlqqkjdEwwU8FixxGgQ==

GET
H3 200 1*-b6WuCfmjt3_kUbryMzqvw.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 55ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*-b6WuCfmjt3_kUbryMzqvw.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53857a8d6050d04650df8e7ea06cf1f4cc73c37ec773b7f842b30425e91e8fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 162186
x-envoy-upstream-service-time: 62
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1051
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221025-211935-1d2fb7e3f2
accept-ranges: bytes
cf-ray: 774b89d83c02bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*_kv4oRNFav2B45-UEY4WFA.png
miro.medium.com/focal/56/56/50/50/ 5 KB
5 KB 67ms
64ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*_kv4oRNFav2B45-UEY4WFA.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db3365674bb7bd359a1794daada6bb567c8ebf8c714084b44f8f41d3f39c3006

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 162186
x-envoy-upstream-service-time: 40
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4734
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89d83c0cbbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*644vXLhchSkNmnY-SyfBNQ.jpeg
miro.medium.com/fit/c/20/20/ 939 B
1 KB 68ms
65ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*644vXLhchSkNmnY-SyfBNQ.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4de2cbb6351e33411bfb888fa36d086a6f1489a926549999f4f10de68f75e90

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 176488
x-envoy-upstream-service-time: 110
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 939
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221101-223452-1a369f363a
accept-ranges: bytes
cf-ray: 774b89d83c12bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*b2t6SRb-LyzNV-mdZNPfew.png
miro.medium.com/focal/56/56/50/50/ 3 KB
4 KB 59ms
56ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*b2t6SRb-LyzNV-mdZNPfew.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83a9dc2d38bc866cc7091dc020f8b7cbd5b95acc340b9f5c463c2e9e048665db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 585229
x-envoy-upstream-service-time: 67
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3358
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221019-203336-e8d80f1fe8
accept-ranges: bytes
cf-ray: 774b89d83c14bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*5lIX_vn4BppqL5KdAqQtGg.jpeg
miro.medium.com/fit/c/20/20/ 825 B
1 KB 56ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*5lIX_vn4BppqL5KdAqQtGg.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d239bb4e798d807f42ef1665ddfe9352ec22543a8fb6ede7b14a41ba7dea0ee2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 549689
x-envoy-upstream-service-time: 54
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 825
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221110-232540-7dbbb888f8
accept-ranges: bytes
cf-ray: 774b89d83c16bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*J9j5Q-jsU9HATIhqH9T4_g.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 57ms
55ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*J9j5Q-jsU9HATIhqH9T4_g.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cca1409546a11a3a5fc6a4fc9fc22f39b69b5f9a4256e8d78fb3cb6c9ebab8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 336763
x-envoy-upstream-service-time: 139
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1760
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 774b89d83c19bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*veEX4-CiLz5jqUjwWfQo_Q.jpeg
miro.medium.com/fit/c/20/20/ 962 B
1 KB 60ms
58ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*veEX4-CiLz5jqUjwWfQo_Q.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19b6ae3e6dbb97c56c8ca795bc8bd4158368394d2ce673656e9ba39c666f50fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 175389
x-envoy-upstream-service-time: 65
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 962
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220308-111139-470fbc5021
accept-ranges: bytes
cf-ray: 774b89d83c1ebbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

GET
H3 200 1*-0T6gsOd4XaTegeyak0rdQ.png
miro.medium.com/focal/56/56/50/50/ 4 KB
5 KB 70ms
67ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*-0T6gsOd4XaTegeyak0rdQ.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcc71bc94ce19f90b056d3ddd66fac086a649b12b61f887870c35753aef35ae7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 81615
x-envoy-upstream-service-time: 1940
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221118-171949-4cd2abe4aa
accept-ranges: bytes
cf-ray: 774b89d83c22bbe5-FRA
expires: Wed, 04 Jan 2023 08:51:10 GMT

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 83 B
499 B 211ms
210ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7a13fba209ab5d473a062edd21e74b5e18ab30f267cd7f43cc5d64e71ffa984

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"53-NUwQQ/hq6PY4YvrNxH/qaLXg7CY"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079
cf-ray: 774b89d83f576949-FRA
x-request-received-at: 1670230270860

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 210 B
576 B 457ms
456ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62751d0d1a6f1593656e262f9c3f51b69e36348bb0e3a300bda2b75e23b8890d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:11 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 264
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-3sYGu5igd4weq1R9AjcnvBfdeqc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d83f5c6949-FRA
x-request-received-at: 1670230270856

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 121ms
44ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=216300870&t=pageview&_s=1&dl=https%3A%2F%2Finfosecwriteups.com%2Fredline-stealer-malware-static-analysis-69367b37a146&ul=en-us&de=UTF-8&dt=Redline%20Stealer%20Malware%20Static%20Analysis%20%7C%20by%20Aaron%20Stratton%20%7C%20InfoSec%20Write-ups&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1650593763&gjid=1415105397&cid=841103414.1670230271&tid=UA-24232453-2&_gid=473291996.1670230271&_r=1&_slc=1&z=600487309

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 08:51:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://infosecwriteups.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 91 B
591 B 287ms
194ms Script
text/javascript 2600:9000:238d:7800:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.71.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:238d:7800:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

ef9744deef8c80159b4e899c426ae5c79d24f5d153bea26c317f3cb0d585053c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront)
server: openresty
x-amz-cf-pop: AMS1-P1
etag: W/"5b-2l5dNuG3lOiyBJcML01Vw0PdduE"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: a4IkJthGk6hx3oOAbfiwMf00-3-QHf-rLkbIn-nt-akQKDwQKq8o-g==

GET
H3 200 4560.7250e40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
12 KB 63ms
63ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4560.7250e40f.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.0709973c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9c6c1986a7c4650f9b90a600156c60dee211affa313b7c432f4f5fa9d018103

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
x-amz-version-id: Yc76TVXMlk4x5x0rdsryVuzX1gU477vF
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RNJ7DCF2ETVYM89E
age: 222687
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: HlHpVHDFGwLpBglSqmvMN117FCOQAFadkLqFN1AHyjT0/ptgeiVlFOs6Eve2RRzFl13semx9zGU=
last-modified: Thu, 01 Dec 2022 22:53:00 GMT
server: cloudflare
etag: W/"43eb59508da6b73b96819f62ecdc3613"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89d84c3dbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:10 GMT

GET
H3 200 PostNextFiveStories.22db494d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
2 KB 86ms
85ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostNextFiveStories.22db494d.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.0709973c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fe1086c9071386e664fa4394b17a001c3ae16501d07184acf670fcb5c25c629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:10 GMT
x-amz-version-id: 1ypCNt4sSMzK1KiQpZsqUZJLaEUR2cQx
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YESEJRSZZSQEAYNS
age: 985912
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: VviaL6DnF8L2vU5yoBMD6LPP11DKXr2Nv19XGz+uH9yrekOPaYZ+5fgesLkrmcjbahFGet/czio=
last-modified: Wed, 23 Nov 2022 20:59:22 GMT
server: cloudflare
etag: W/"eb2cae3089469bea54ddd1e9124b2d4e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 774b89d84c3fbbe5-FRA
expires: Tue, 05 Dec 2023 08:51:10 GMT

POST
H3 200 graphql Show response
infosecwriteups.com/_/ 24 KB
5 KB 505ms
502ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3c382219134c178442231c227637231e340d2d815da4f25b2f2f2b4fb152e1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 491e57153905adac
medium-frontend-path: /redline-stealer-malware-static-analysis-69367b37a146
graphql-operation: PostNextFiveStoriesCollection
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
medium-frontend-app: lite/main-20221202-232731-ac903845d4
apollographql-client-version: main-20221202-232731-ac903845d4
ot-tracer-spanid: 66c41c911effc839

Response headers

date: Mon, 05 Dec 2022 08:51:11 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 331
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"6143-Uk6MQ5Dy4p0TluPmczaZVLRr288"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35, rito/main-20221202-202217-46827a4079, tutu/main-20221202-172614-d09baca10c
cf-ray: 774b89d929466949-FRA
x-request-received-at: 1670230271006

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
678 B 429ms
343ms XHR
application/json 2600:9000:2490:5800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:5800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

78b283ad59729d66e9a07f9ea360e30ede90d84600b8e44f570a131244642b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 05 Dec 2022 08:51:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: d23bf7dcd5764ddb92a31c92a22b2148-2022120508
content-length: 316
x-amz-cf-id: 6OGD8sydUkmkEVWgD1umQGsENaxmbTLlt-RWA04kGZMuXPMQAJz2Og==

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 57 KB
57 KB 66ms
65ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://infosecwriteups.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:51:11 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 8942208
x-envoy-upstream-service-time: 39
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 774b89dd1ab09a00-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 05 Dec 2023 08:51:11 GMT

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
612 B 357ms
357ms XHR
application/json 2600:9000:2490:5800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:5800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a50ba29c203888c0725fa524e7f57fae1906b816d85f2a045c6c80343b1fa415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 05 Dec 2022 08:51:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
etag: W/"b7-8kcHPba2TwDcrmRVb8NRq0Bn5NI"
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: bb64612bff934afcab3cb7014d153a38-2022120508
content-length: 183
x-amz-cf-id: YybSBUrs0MdiYSDqVeltypkhRmC7M5sT9fNowcb9rPCBggACd3KSqA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
435 B 261ms
261ms XHR
application/json 2600:9000:2490:5800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:5800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 05 Dec 2022 08:51:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 2ffb6691c5ca4fe5a77fc59809719446-2022120508
content-length: 28
x-amz-cf-id: bAmEXvt1T4QIBMAq0XYcDavJUPwaLIgYsFj2K0ZBsYHhEq8OTpcRVA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
435 B 348ms
348ms XHR
application/json 2600:9000:2490:5800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:5800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 05 Dec 2022 08:51:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 354ca6b5c9e14dfc9ac4bceeaede898e-2022120508
content-length: 28
x-amz-cf-id: qEA5RGROk5bJk72Zu9V-EMFSIZYqOZEHaMyUO1Bt3_fQnjKtX_fGaQ==

POST
H3 200 oh-noes
infosecwriteups.com/_/ 101 B
0 205ms
205ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/oh-noes

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.93ba9696.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://.braintree-api.com https://.braintreegateway.com https://accounts.google.com https://getpocket.com https://infosecwriteups.com https://.infosecwriteups.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://.branch.io 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: application/json

Response headers

date: Mon, 05 Dec 2022 08:51:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://infosecwriteups.com https://*.infosecwriteups.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-powered-by: Medium
x-obvious-info: 20221202-1727-root,d09baca1
x-envoy-upstream-service-time: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1670230274941:8cd4525fe2d2
server: cloudflare
worker-missing-cookies: 0
x-frame-options: sameorigin
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35
cf-ray: 774b89f1cffb6949-FRA
link: <https://medium.com/humans.txt>; rel="humans"
x-opentracing: {"ot-tracer-spanid":"459521e3228c53a0","ot-tracer-traceid":"45759f43c3d915f2","ot-tracer-sampled":"true"}
expires: Thu, 09 Sep 1999 09:09:09 GMT

POST
H3 200 batch Show response
infosecwriteups.com/_/ 17 B
296 B 329ms
329ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://infosecwriteups.com/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.93ba9696.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: application/json

Response headers

date: Mon, 05 Dec 2022 08:51:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221201-154001-ca51a1fc35
x-envoy-upstream-service-time: 159
cf-ray: 774b89f1d80c6949-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.infosecwriteups.com/	1969-12-31 23:59:59	Name: __cfruid Value: 1e7aac85e23456f08b21370641d8853011e99e1e-1670230267
.medium.com/	1970-01-20 16:42:46	Name: sid Value: 1:V9qKngFQV9kkmBxceMVMC2eAdlzOljZksPPrh8McEof3XT870lk8BZ3ibMvk7Kjb
.medium.com/	1970-01-20 16:42:46	Name: uid Value: lo_3d3149b07746
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 622a112543f98a199b2e17ee42f20561fc1e87e2-1670230268
infosecwriteups.com/	1970-01-20 16:42:46	Name: uid Value: lo_3d3149b07746
infosecwriteups.com/	1970-01-20 16:42:46	Name: sid Value: 1:oB/3YJZ0bNEu61ZGyCv84G0G+1NoYWNPps+n/IkOAzwWV9lRXo4gL1zFIBIeyIHx
infosecwriteups.com/	1970-01-20 07:57:11	Name: _dd_s Value: rum=0&expire=1670231169859
.infosecwriteups.com/	1970-01-20 17:33:10	Name: _ga Value: GA1.2.841103414.1670230271
.infosecwriteups.com/	1970-01-20 07:58:36	Name: _gid Value: GA1.2.473291996.1670230271
.infosecwriteups.com/	1970-01-20 07:57:10	Name: _gat Value: 1
.app.link/	1970-01-20 16:42:46	Name: _s Value: FpWgtbOUxvSAsVSGhqW1SwtokcgQt9P0s0BWh9oWR7WEpjD%2BC4cU%2BhRo3HcYGC3S

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
infosecwriteups.com
medium.com
miro.medium.com
static.cloudflareinsights.com
www.google-analytics.com
143.204.237.24
162.159.152.4
2600:9000:238d:7800:19:9934:6a80:93a1
2600:9000:2490:5800:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:3965
2a00:1450:4001:80b::200e
008b735b5e27e2ddea50ac42eeaef63fae74d969ff15e3144c7b9f7c927baffd
00afd80475cb263a0481ebd053c517d97f8d91d65826b29baee3eade51c7a864
020cd8f8d0924d2122db07b848a8bd3217502a2cac01ab2349d71d6b8efce2eb
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
07b60df462e09543e3ad6724353944aa5826afd5b38388a383aebcdb9f0b4863
0ec458ce5b46d7eedf6d74e2473f71e6367ef2116cd303f8e5a111b01025b40f
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
16bc64e283626db91df5a8defe54030f24e31c44589f7adb103bfba48f21ccfd
1908ea18abf7129be431abe3e968ff0c2400878eb166005f7ed8a44f290e6f06
1985936d8497b298c344f8b16790cbaceb73ef98b301b350daf3b049cdd3cdd8
19b6ae3e6dbb97c56c8ca795bc8bd4158368394d2ce673656e9ba39c666f50fb
1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b
1dd67a26a3fc8f7e024f4f64403b638f7465578696913f6f02606d242233d969
293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174
2c05ed6b9ad635315c5fe88c553940999aaa2df54e54cb0a8ebc76ef9066e392
2db760f6fe970461e103c1fe6ad1005af87dd510c8291043fe5ce63aec3374ca
2ee4aa0f090831e75f50ed0dd0033baf737f236b59dc9995cfc2e176bac39d9f
2fd71584c2afb9dec99438d16e68ffa174a200937e5e7fb527237b4ae96777f2
39f638c6409c098e84d8fc6f4cd1a45ec2d02cc51ff98da918d7e462cf32999f
3be3d67eaad946d3742b446ae48d4daa0af87b3cc807784ac346ba86f6b06537
3c65351736a38e50e862be1df239efcd905acee755cbe6bad762391741f37a74
3fe1086c9071386e664fa4394b17a001c3ae16501d07184acf670fcb5c25c629
40df506c1893a77c1d04d8682662a4f41046954d8b560ac1172de9fcd1b7fb33
41b8c750933df03e0beb11e1e362c1fd918eca7536d5480fb1dc74e58a93a19e
44aeeb7474b5c96d72465b1def51cfee781d78871ffaf291b9ae0487a626be7a
4617e0e46708dd89cb6f08d4f1bc54e8e503da916e914ddc6c4516288955b465
4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46
4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14
53857a8d6050d04650df8e7ea06cf1f4cc73c37ec773b7f842b30425e91e8fd4
57e78ac026d5968225b54a59c52b99a6e301b9ec4fb13c00a60426a0d685eedd
601f0395312c80eca646294da8644382a9187a1ba327cd2e61afeaebf72d404c
60441194246cfbc97dd003260a1be2b54fb8ec679d36cddcb0714b43e6d619a4
62751d0d1a6f1593656e262f9c3f51b69e36348bb0e3a300bda2b75e23b8890d
63ae87bf3014acfdb39910d6e88ca639effe4dd20fa772da393e53567e5b0f17
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
6d5b4bb7e718cd0194efc67fc0f4dff907764709a5f1beeb87d58674def0da66
6f3b8be9acb1b5d205e346bef65e1b27863ccb807747e4d3ded979759016e627
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
78b283ad59729d66e9a07f9ea360e30ede90d84600b8e44f570a131244642b06
79db687a4418d9b3cac097e9245efd203dfc2de7758b0dea338f1e9003895e3c
79eaa975f95f9f21cce1ec3884983a980e591ca02c65da70b9bfdb90d9b389bd
83771fdda5b4e88e849fe667af3dbfa706f1f89c0a8d5e08e1b942d7eafbc5f7
837c2540210f4f3f89c58d197b57570e30a60637cfed3550f9bf2c84a48bcf58
83a9dc2d38bc866cc7091dc020f8b7cbd5b95acc340b9f5c463c2e9e048665db
83cad37f70113f7b8bbb98c2ef8ee949f9a611e402e55ee826aef65130f2ef77
8e304bb21db9e8a9fb415f9747480311477fead1968c47af452f1d7d47c7380e
8ea3cadfa62508fddc0401e3b85709ada4ce576a464bfab0fb569ca461bbd2e2
93be53fb36b8b5292015b9aef774a5bfa07553e4245affa31186e4f7b3ec50ed
955c47ee44b0feca62780cf5cb5aaba68e9fe3a04677da7795a333c19bc572e8
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
9983a297fa001cd7a6ae6048ddd496df43ff42f4ba51ec9c5c6d214ac5999a45
9cca1409546a11a3a5fc6a4fc9fc22f39b69b5f9a4256e8d78fb3cb6c9ebab8c
9f040c8931649e6949cf8049e28a05fca241c5fe6bcbc6374b191056f72dfaa4
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a2cfff7f9e5ae872a94184b0fc2a35af5c0c1687ba0099349708d02972ba0e1e
a4d35c7a9d627398567e75636b5a070fda249db29eac7b19bdd8077a43468887
a50ba29c203888c0725fa524e7f57fae1906b816d85f2a045c6c80343b1fa415
a745761cd28ddfb1e5d1cdff61e5e1963c9c58f2e94374557af7c7f6ee8d6a70
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a9a241752705aad7e5217935b989cfb08cc24037ccf8211b5cfe275a5636bfdc
b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b7a13fba209ab5d473a062edd21e74b5e18ab30f267cd7f43cc5d64e71ffa984
b7bdc2d62e97c3bc273f6aa7322ca0281b5d116defa077ff7d920f65aff6c19b
bb8d6890de13c22bdf7997edee152584f816676a6ed7426bcd33f04853993a66
bcc71bc94ce19f90b056d3ddd66fac086a649b12b61f887870c35753aef35ae7
bccaab228d8683e2292c683c73b54ab145855b33f5bce0884b4b15c5fe1fcb14
be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3
be2516488e3300a233b2e780a956bc703d056360bd97b66eb510dbc4e661c827
c2a9dd3b8ef4ec3f42318f6d2bc9a739af1472478257be2ec1bc85977c42a2e7
c4de2cbb6351e33411bfb888fa36d086a6f1489a926549999f4f10de68f75e90
c8e62e884b678aebbc954199d934915a4d99fcee2055d9075259a7fdfa9d94bc
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
cdf51f137ccee583f6af64c51e776f3319764a9688ca74a060bd528c04d63a63
d239bb4e798d807f42ef1665ddfe9352ec22543a8fb6ede7b14a41ba7dea0ee2
d3c382219134c178442231c227637231e340d2d815da4f25b2f2f2b4fb152e1a
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
d9c6c1986a7c4650f9b90a600156c60dee211affa313b7c432f4f5fa9d018103
da283f4bff443cfa51acb41589de9218f04f3ffb966420257116442c70583762
db3365674bb7bd359a1794daada6bb567c8ebf8c714084b44f8f41d3f39c3006
dc3bdd29c56ec82f7f192a18193d47f93dc2c4ae6096a69d1158e9f1460a5a11
e00917aa85ddb8fb0dc4d0aba0524e1b0e1231a17096c8128f0d6f404d95da07
e2be45fe7a399b7cd926a3daf4d472a60b61eefe3e9c19a68cd0acc2e4b3d991
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc
e94b3d8441f4279288223e03cfd96a18bed293c24ec1356d9bd1196d1888b3d6
ea1c680c56cb305b54bc5ed9a88b539df53a4db465e5185a2948a0191d59d745
ef9744deef8c80159b4e899c426ae5c79d24f5d153bea26c317f3cb0d585053c
f076a8367c7720a7cfe3b288e02ae9d953c926469c16a6e5643d3162f0096f58
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f26934161f6266bcac7d1fe648678b69d5f5bf5585760d7f70b01ef800d70210
f8208ed3f5800f2f02cc71aaf1aa172cc36366ac6b668675b5b37fe7181db33e
f8a9419c6b434d633e2728c97782267bc1936722c8deacc8a7ecd76949dbcc15

infosecwriteups.com Open in urlscan Pro 162.159.152.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

100 Requests

100 %HTTPS

75 %IPv6

6 Domains

10 Subdomains

8 IPs

3 Countries

1112 kBTransfer

3314 kBSize

11 Cookies

92 Outgoing links

Page URL History

Redirected requests

100 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

infosecwriteups.com Open in urlscan Pro
162.159.152.4 Public Scan

Screenshot
Live screenshot

Full Image

100
Requests

100 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

8
IPs

3
Countries

1112 kB
Transfer

3314 kB
Size

11
Cookies

100 HTTP transactions
0 data transactions