Submitted URL: https://hubs.li/H0Chh930
Effective URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_c...
Submission: On December 10 via manual from US

Summary

This website contacted 8 IPs in 3 countries across 5 domains to perform 35 HTTP transactions. The main IP is 2a02:26f0:6c00::210:ba4b, located in Ascension Island and belongs to AKAMAI-ASN1, EU. The main domain is www.avira.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 8th 2020. Valid for: a year.
This is the only time www.avira.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
2 8 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
17 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
35 8
Domain Requested by
17 assets.prod-blog.avira.com www.avira.com
assets.prod-blog.avira.com
8 www.avira.com 2 redirects www.avira.com
assets.prod-blog.avira.com
7 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.avira.com
2 consent.cookiebot.com www.googletagmanager.com
consent.cookiebot.com
2 www.googletagmanager.com www.avira.com
www.googletagmanager.com
1 consentcdn.cookiebot.com consent.cookiebot.com
1 hubs.li 1 redirects
35 7

This site contains no links.

Subject Issuer Validity Valid
avira.com
Sectigo RSA Domain Validation Secure Server CA
2020-07-08 -
2021-07-08
a year crt.sh
prod.cms.avira.com
R3
2020-12-02 -
2021-03-02
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
consent.cookiebot.com
DigiCert ECC Extended Validation Server CA
2020-06-11 -
2022-06-11
2 years crt.sh
*.cookiebot.com
DigiCert Secure Site ECC CA-1
2020-09-03 -
2021-09-03
a year crt.sh

This page contains 2 frames:

Primary Page: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Frame ID: 924AA79643742C759950F317D52910D2
Requests: 38 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc.min.html
Frame ID: 524DDAA0659634915D6956223B5BFC4B
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://hubs.li/H0Chh930 HTTP 301
    https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218/?utm_campa... HTTP 301
    http://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campai... HTTP 301
    https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campai... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Page Statistics

35
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

7
Subdomains

8
IPs

3
Countries

2296 kB
Transfer

3204 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hubs.li/H0Chh930 HTTP 301
    https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218/?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225 HTTP 301
    http://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225 HTTP 301
    https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218
www.avira.com/en/blog/
Redirect Chain
  • https://hubs.li/H0Chh930
  • https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218/?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
  • http://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
  • https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
92 KB
22 KB
Document
General
Full URL
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba4b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
akamai /
Resource Hash
cd9c04ea881fffc9bf2f86f6199c51a87ac0e278a474ce05607e6ca74ae28bc1

Request headers

:method
GET
:authority
www.avira.com
:scheme
https
:path
/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
AWSALB=ZoV33VWlFvau2VYLClsFIsorWYkYHhzR+OT/tfUy+95CIs1OcvVjEvyB2oxOw1jyCjf8llb0T/vi+O3DVfWp+vrQza69mLF0tCMxfz9+SbgMdamWlbcF0Hu/mbzf; AWSALBCORS=ZoV33VWlFvau2VYLClsFIsorWYkYHhzR+OT/tfUy+95CIs1OcvVjEvyB2oxOw1jyCjf8llb0T/vi+O3DVfWp+vrQza69mLF0tCMxfz9+SbgMdamWlbcF0Hu/mbzf
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
link
<https://www.avira.com/blog/wp-json/>; rel="https://api.w.org/" <https://www.avira.com/blog/wp-json/wp/v2/posts/48834>; rel="alternate"; type="application/json" <https://www.avira.com/en/blog/?p=48834>; rel=shortlink <https://assets.prod-blog.avira.com/wp-content/cache/minify/c5eff.js.gzip?x33376>; rel=preload; as=script <https://assets.prod-blog.avira.com/wp-content/cache/minify/48b60.js.gzip?x33376>; rel=preload; as=script <https://assets.prod-blog.avira.com/wp-content/cache/minify/9cfa9.css.gzip?x33376>; rel=preload; as=style
referrer-policy
no-referrer-when-downgrade
content-encoding
gzip
content-length
21318
cache-control
max-age=0
expires
Thu, 10 Dec 2020 03:40:09 GMT
date
Thu, 10 Dec 2020 03:40:09 GMT
vary
Accept-Encoding
set-cookie
AWSALB=Dtg4oC5NysfLuoslnwmF6rRS2UHw3/wDiEYdnUwD1kJqunrzKtb+PBusXf/mW6hxU7SQzfVc3KaeWRmFTW+qLh0piKHmBug+T78LeUEbCMCMAw7wBu0JVzxwMadw; Expires=Thu, 17 Dec 2020 03:40:08 GMT; Path=/ AWSALBCORS=Dtg4oC5NysfLuoslnwmF6rRS2UHw3/wDiEYdnUwD1kJqunrzKtb+PBusXf/mW6hxU7SQzfVc3KaeWRmFTW+qLh0piKHmBug+T78LeUEbCMCMAw7wBu0JVzxwMadw; Expires=Thu, 17 Dec 2020 03:40:08 GMT; Path=/; SameSite=None; Secure
server
akamai

Redirect headers

Content-Type
text/html
Content-Length
134
Location
https://www.avira.com:443/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Cache-Control
max-age=0
Expires
Thu, 10 Dec 2020 03:40:08 GMT
Date
Thu, 10 Dec 2020 03:40:08 GMT
Connection
keep-alive
Server
akamai
c5eff.js.gzip
assets.prod-blog.avira.com/wp-content/cache/minify/
260 KB
80 KB
Script
General
Full URL
https://assets.prod-blog.avira.com/wp-content/cache/minify/c5eff.js.gzip?x33376
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
c2d2b547494547ad06758536375f09103ff10501fcfbbdf789e0b2347f2cecc2

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
gzip
last-modified
Wed, 09 Dec 2020 11:32:22 GMT
etag
"88bffc0bc2d8aaf51518df201f43c543"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=0, private, no-store, no-cache, must-revalidate, public, max-age=31557600, s-maxage=31557600
accept-ranges
bytes
content-length
81100
48b60.js.gzip
assets.prod-blog.avira.com/wp-content/cache/minify/
22 KB
6 KB
Script
General
Full URL
https://assets.prod-blog.avira.com/wp-content/cache/minify/48b60.js.gzip?x33376
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f321858f0606be2b0228fc7b849fcf5e72885bdf736b2dabf54a3a7781d92153

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
gzip
last-modified
Wed, 09 Dec 2020 11:32:22 GMT
etag
"5b2dc64783ef48af1f9103e0b9bfd865"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=0, private, no-store, no-cache, must-revalidate, public, max-age=31557600, s-maxage=31557600
accept-ranges
bytes
content-length
6351
9cfa9.css.gzip
assets.prod-blog.avira.com/wp-content/cache/minify/
197 KB
35 KB
Stylesheet
General
Full URL
https://assets.prod-blog.avira.com/wp-content/cache/minify/9cfa9.css.gzip?x33376
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
214ebc013907c02c11e033e16676675a019161d4c75921bd923a43bf37109f4c

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
gzip
last-modified
Wed, 09 Dec 2020 11:32:22 GMT
etag
"fa3a97503d4c663e5777d03fb0e686ba"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=0, private, no-store, no-cache, must-revalidate, public, max-age=31557600, s-maxage=31557600
accept-ranges
bytes
content-length
35518
KievitWeb-Bold.woff
assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/
56 KB
56 KB
Font
General
Full URL
https://assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/KievitWeb-Bold.woff
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
16b555282ea8c779478cb1d8674dae40f689dcdeb4664cd762cbdfe47c476d8b

Request headers

Origin
https://www.avira.com
Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Fri, 09 Oct 2020 06:05:09 GMT
etag
"8652745947b62f03147b76cd5db508fb"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=26211111, s-maxage=31557600
accept-ranges
bytes
content-length
57084
expires
Sat, 09 Oct 2021 12:32:00 GMT
KievitWebPro-Regular.woff
assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/
54 KB
54 KB
Font
General
Full URL
https://assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/KievitWebPro-Regular.woff
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
01fba482f08656e11cbf03333b07048a33b574dc7024d5651f94b0b3cff89c3a

Request headers

Origin
https://www.avira.com
Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Fri, 16 Oct 2020 12:05:14 GMT
etag
"cb0b064a6f71ca79ea66c595c22211cc"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=26838649, s-maxage=31557600
accept-ranges
bytes
content-length
55076
expires
Sat, 16 Oct 2021 18:50:58 GMT
KievitWebPro-Medium.woff
assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/
55 KB
56 KB
Font
General
Full URL
https://assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/KievitWebPro-Medium.woff
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
b560f4b355f71bf3d9c4c92124294a15c7451c5a0abff85afcbe878b1a4be573

Request headers

Origin
https://www.avira.com
Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Fri, 09 Oct 2020 06:05:09 GMT
etag
"e3e978f02a0cba365d213e745bedfdb4"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=26211095, s-maxage=31557600
accept-ranges
bytes
content-length
56608
expires
Sat, 09 Oct 2021 12:31:44 GMT
KievitWebPro-Light.woff
assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/
55 KB
55 KB
Font
General
Full URL
https://assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/KievitWeb/KievitWebPro-Light.woff
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a791aba3842d3766494ad0aa2a1b9cdbd2bb8aa8b2235aedea82e993c851a1ab

Request headers

Origin
https://www.avira.com
Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Fri, 09 Oct 2020 06:05:09 GMT
etag
"a8a9d6aaf9f3940badc66e2a2aa21047"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=26211122, s-maxage=31557600
accept-ranges
bytes
content-length
56020
expires
Sat, 09 Oct 2021 12:32:11 GMT
avira_icons.ttf
assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/avira_icons/
171 KB
171 KB
Font
General
Full URL
https://assets.prod-blog.avira.com/wp-content/themes/avira-blog/fonts/avira_icons/avira_icons.ttf?75fixw
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
3199043f616f378bd0a4fe51c0dd6f0a5c699c970bcda23db2ff46c910a6bacd

Request headers

Origin
https://www.avira.com
Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Mon, 19 Oct 2020 13:05:23 GMT
etag
"422037d348abf325581765efae50c193"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/vnd.ms-opentype
access-control-allow-origin
*
cache-control
public, max-age=27181229, s-maxage=31557600
accept-ranges
bytes
content-length
174712
expires
Wed, 20 Oct 2021 18:00:38 GMT
avira-logo-black.svg
assets.prod-blog.avira.com/wp-content/themes/avira-blog/img/
2 KB
1 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/themes/avira-blog/img/avira-logo-black.svg
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
b06a086772e41e5c71e268946669ad339dd475cd64aa09c2cdcf0c0ad9cb1b49

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
gzip
last-modified
Fri, 06 Mar 2020 12:52:56 GMT
etag
W/"55e251736d7cc3b7224743f8d1ebee62"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=27181214, s-maxage=31557600
content-length
1255
expires
Wed, 20 Oct 2021 18:00:23 GMT
Gafgyt-Pulse-Secure-02-861x540.png
assets.prod-blog.avira.com/wp-content/uploads/2020/12/
711 KB
713 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/uploads/2020/12/Gafgyt-Pulse-Secure-02-861x540.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
2b952d77cdd25e96c4103b104daf93c7ff76cd5152fcfc80634b918c42ba5c5b

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Mon, 07 Dec 2020 17:48:47 GMT
etag
"a9cfeef8e1925b5d61d224f48bee4915"
content-type
image/png
cache-control
public, max-age=31349977, s-maxage=31557600
accept-ranges
bytes
content-length
727905
expires
Tue, 07 Dec 2021 23:59:46 GMT
placeholder-180x135.png
www.avira.com/blog/wp-content/themes/avira-blog/img/
98 B
326 B
Image
General
Full URL
https://www.avira.com/blog/wp-content/themes/avira-blog/img/placeholder-180x135.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba4b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
akamai / W3 Total Cache/0.14.4
Resource Hash
44321d15b5a4c24d1d4326bf1978096b20a8b5cb3d4cbe2acc950d2dca4039e0

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 25 Nov 2020 15:32:04 GMT
server
akamai
x-powered-by
W3 Total Cache/0.14.4
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=278121
accept-ranges
bytes
content-length
98
etag
"5fbe78f4-62"
expires
Sun, 13 Dec 2020 08:55:30 GMT
placeholder.png
www.avira.com/blog/wp-content/themes/avira-blog/img/
1 KB
1 KB
Image
General
Full URL
https://www.avira.com/blog/wp-content/themes/avira-blog/img/placeholder.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba4b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
akamai / W3 Total Cache/0.14.4
Resource Hash
166cd58210d4142ff3465af4ed044eaf2b2bbaaddb46d7917db1937700206b4a

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 25 Nov 2020 15:32:04 GMT
server
akamai
x-powered-by
W3 Total Cache/0.14.4
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=263074
accept-ranges
bytes
content-length
1202
etag
"5fbe78f4-4b2"
expires
Sun, 13 Dec 2020 04:44:43 GMT
Gartner-popup-1-571x326.jpg
assets.prod-blog.avira.com/wp-content/uploads/2020/10/
26 KB
26 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/uploads/2020/10/Gartner-popup-1-571x326.jpg
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
9778ce5b9781dada3bfa1189d6d959a4de532702727c28cc5f52626e23a1c2a9

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Thu, 08 Oct 2020 13:03:37 GMT
etag
"133231054a432bd1895ffb54f762514b"
content-type
image/jpeg
cache-control
public, max-age=26148172, s-maxage=31557600
accept-ranges
bytes
content-length
26254
expires
Fri, 08 Oct 2021 19:03:01 GMT
gtm.js
www.googletagmanager.com/
131 KB
42 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TK3DGR7
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1cd1a7a2b2fc32002bc8355f91cf71e610281c62861e02de423528601acb71b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42387
x-xss-protection
0
last-modified
Thu, 10 Dec 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 10 Dec 2020 03:40:09 GMT
avira-logo-oem.png
assets.prod-blog.avira.com/wp-content/themes/avira-blog/img/
2 KB
2 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/themes/avira-blog/img/avira-logo-oem.png
Requested by
Host: assets.prod-blog.avira.com
URL: https://assets.prod-blog.avira.com/wp-content/cache/minify/9cfa9.css.gzip?x33376
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
aaede122ef10bf5e5606a1e7f1a0a49080351a69bf817b51c4d3b013e0018b8d

Request headers

Referer
https://assets.prod-blog.avira.com/wp-content/cache/minify/9cfa9.css.gzip?x33376
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Wed, 25 Nov 2020 15:06:38 GMT
etag
"4bbae306e316e9b1ba5bac5daa340463"
content-type
image/png
cache-control
public, max-age=30302869, s-maxage=31557600
accept-ranges
bytes
content-length
2202
expires
Thu, 25 Nov 2021 21:07:58 GMT
blog.png
assets.prod-blog.avira.com/wp-content/uploads/2020/12/
258 KB
258 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/uploads/2020/12/blog.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
d52b0315b60e233a13b8dd5018fb23c19175c4063ea9ae403534918f92f73358

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Mon, 07 Dec 2020 09:25:10 GMT
etag
"304019a5cbe980d0024179749f3b6db8"
content-type
image/png
cache-control
public, max-age=31322052, s-maxage=31557600
accept-ranges
bytes
content-length
263778
expires
Tue, 07 Dec 2021 16:14:21 GMT
blog2-700x308.png
assets.prod-blog.avira.com/wp-content/uploads/2020/12/
165 KB
165 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/uploads/2020/12/blog2-700x308.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a5fa055815d562b63a5822cd36eaf67c19e801c108dc7fa490deb1edad26fe83

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Mon, 07 Dec 2020 09:25:08 GMT
etag
"3466157138a1a45aba3f83c1ccee07e3"
content-type
image/png
cache-control
public, max-age=31322044, s-maxage=31557600
accept-ranges
bytes
content-length
168618
expires
Tue, 07 Dec 2021 16:14:13 GMT
blog3-700x205.png
assets.prod-blog.avira.com/wp-content/uploads/2020/12/
109 KB
109 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/uploads/2020/12/blog3-700x205.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
2e74c7d60ca78e0bb4ea877b74bba12f4fd21c5d2be97f0186d35cce593cc6a9

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Mon, 07 Dec 2020 09:24:35 GMT
etag
"eb6a47542385e15022051d6aff8449d5"
content-type
image/png
cache-control
public, max-age=31356144, s-maxage=31557600
accept-ranges
bytes
content-length
111415
expires
Wed, 08 Dec 2021 01:42:33 GMT
blog4-700x224.png
assets.prod-blog.avira.com/wp-content/uploads/2020/12/
88 KB
88 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/uploads/2020/12/blog4-700x224.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
866205b9f981614167c368bf072c210fa06221f0b6eec4a9257990d3d3993449

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Mon, 07 Dec 2020 09:24:05 GMT
etag
"dffcc901b67e63b4fc379b93475e933a"
content-type
image/png
cache-control
public, max-age=31356149, s-maxage=31557600
accept-ranges
bytes
content-length
89789
expires
Wed, 08 Dec 2021 01:42:38 GMT
blog5-700x237.png
assets.prod-blog.avira.com/wp-content/uploads/2020/12/
141 KB
141 KB
Image
General
Full URL
https://assets.prod-blog.avira.com/wp-content/uploads/2020/12/blog5-700x237.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:16::b856:fbcf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
21444e5a9a209e4aa1fa6d293764bbb831616ef37e3bcc097b072f3068da11d8

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Mon, 07 Dec 2020 09:23:32 GMT
etag
"d0a10582a0c149e8ce2b9c50016906d7"
content-type
image/png
cache-control
public, max-age=31356044, s-maxage=31557600
accept-ranges
bytes
content-length
144143
expires
Wed, 08 Dec 2021 01:40:53 GMT
truncated
/
44 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
82 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
90 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
38 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/webp
get-my-account-links
www.avira.com/api/v1/
206 B
839 B
XHR
General
Full URL
https://www.avira.com/api/v1/get-my-account-links?logged_in=false&locale=en
Requested by
Host: assets.prod-blog.avira.com
URL: https://assets.prod-blog.avira.com/wp-content/cache/minify/c5eff.js.gzip?x33376
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba4b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
akamai /
Resource Hash
20d131129aed0fbcbe7410d7b1945f72ced394e1148df8447df80cae79efd4ba

Request headers

Accept
*/*
Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
gzip
server
akamai
vary
Accept-Encoding
content-type
application/json
cache-control
private, no-cache
content-length
161
expires
Thu, 10 Dec 2020 03:40:09 GMT
gtm.js
www.googletagmanager.com/
104 KB
38 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MP55636&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TK3DGR7
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6d7922d4a1b48257dffaefa8c56b43de6db2daff8e975187732a1777d4e74931
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38223
x-xss-protection
0
last-modified
Thu, 10 Dec 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 10 Dec 2020 03:40:09 GMT
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TK3DGR7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
3019
date
Thu, 10 Dec 2020 02:49:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Thu, 10 Dec 2020 04:49:50 GMT
ec.js
www.google-analytics.com/plugins/ua/
3 KB
1 KB
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:13:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
1576
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1306
x-xss-protection
0
expires
Thu, 10 Dec 2020 04:13:53 GMT
collect
www.google-analytics.com/
35 B
62 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j87&aip=1&a=1315848527&t=pageview&_s=1&dl=https%3A%2F%2Fwww.avira.com%2Fen%2Fblog%2Fa-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218%3Futm_campaign%3Dresearch_30%26utm_content%3D148540088%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-19101225&ul=en-us&de=UTF-8&dt=A%20Gafgyt%20variant%20that%20exploits%20Pulse%20Secure%20CVE-2020-8218%20%7C%20Avira%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAEAL~&cid=109097436.1607571609&tid=UA-18632931-1&_gid=1626090271.1607571609&gtm=2wgbu0TK3DGR7&cg1=%2Fblog%2Fa-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218&cd20=&cd21=(not%20set)&cd34=(not%20set)&cd46=https%3A%2F%2Fwww.avira.com%2Fen%2Fblog%2Fa-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218%3Futm_campaign%3Dresearch_30%26utm_content%3D148540088%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-19101225&cd61=(not%20set)&cd62=(not%20set).1607571609376&cd71=(not%20set)&cd78=NaN&cd79=NaN&cd96=1&cd109=post-template%20post-template-insights-single%20post-template-insights-single-php%20single%20single-post%20postid-48834%20single-format-standard%20is-not-insights-cat%20lang-en%20osx%20chrome&cd110=1&cd69=109097436.1607571609&z=1206372559
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Dec 2020 01:19:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
8426
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
js
www.google-analytics.com/gtm/
89 KB
35 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=OPT-BCR7T76&t=gtm108&cid=109097436.1607571609&aip=true
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cf9f86bf931a1d4c04f518b40118aa8403e1e7a69dde7a22e65fe1a14cc782aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35765
x-xss-protection
0
expires
Thu, 10 Dec 2020 03:40:09 GMT
analytics.js
www.google-analytics.com/
46 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MP55636&l=dataLayer
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
3019
date
Thu, 10 Dec 2020 02:49:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Thu, 10 Dec 2020 04:49:50 GMT
uc.js
consent.cookiebot.com/
71 KB
17 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js?cbid=5b6b1891-ba80-43e2-82ec-cd787eb689f9&culture=en
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MP55636&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
8e0d2ab4f0a4a7e5a6c1755abf9d48ac795a9ab41c35802bbda956e4338ff50f

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
gzip
last-modified
Thu, 03 Dec 2020 10:43:17 GMT
server
Microsoft-IIS/10.0
etag
"8090d51b61c9d61:0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=976
accept-ranges
bytes
content-length
17189
expires
Thu, 10 Dec 2020 03:56:25 GMT
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MP55636&l=dataLayer
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
3019
date
Thu, 10 Dec 2020 02:49:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Thu, 10 Dec 2020 04:49:50 GMT
collect
www.google-analytics.com/
35 B
71 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j87&aip=1&a=1315848527&t=pageview&_s=1&dl=https%3A%2F%2Fwww.avira.com%2Fen%2Fblog%2Fa-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218%3Futm_campaign%3Dresearch_30%26utm_content%3D148540088%26utm_medium%3Dsocial%26utm_source%3Dtwitter%26hss_channel%3Dtw-19101225&ul=en-us&de=UTF-8&dt=A%20Gafgyt%20variant%20that%20exploits%20Pulse%20Secure%20CVE-2020-8218%20%7C%20Avira%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEALQ~&cid=109097436.1607571609&tid=UA-105241380-1&_gid=1626090271.1607571609&gtm=2wgbu0MP55636&cd2=1&z=314005918
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 10 Dec 2020 01:19:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
8426
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
bc.min.html
consentcdn.cookiebot.com/sdk/ Frame 524D
0
0
Document
General
Full URL
https://consentcdn.cookiebot.com/sdk/bc.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=5b6b1891-ba80-43e2-82ec-cd787eb689f9&culture=en
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:281::f09 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

:method
GET
:authority
consentcdn.cookiebot.com
:scheme
https
:path
/sdk/bc.min.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225

Response headers

accept-ranges
bytes
content-type
text/html
etag
"050e4adb822a6bf552eb219e8945446d:1599652698.304056"
last-modified
Wed, 09 Sep 2020 11:58:18 GMT
server
AkamaiNetStorage
content-length
779
cache-control
max-age=345
expires
Thu, 10 Dec 2020 03:45:54 GMT
date
Thu, 10 Dec 2020 03:40:09 GMT
server-timing
cdn-cache; desc=HIT edge; dur=1
cc.js
consent.cookiebot.com/5b6b1891-ba80-43e2-82ec-cd787eb689f9/
191 KB
51 KB
Script
General
Full URL
https://consent.cookiebot.com/5b6b1891-ba80-43e2-82ec-cd787eb689f9/cc.js?renew=false&referer=www.avira.com&culture=en&dnt=false&forceshow=false&cbid=5b6b1891-ba80-43e2-82ec-cd787eb689f9&whitelabel=false&brandid=Cookiebot&framework=
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=5b6b1891-ba80-43e2-82ec-cd787eb689f9&culture=en
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
23952ead120967da47ee356bf34d8fd955d12bc0765049b2fb484efd2a292aa1

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
content-encoding
gzip
last-modified
Thu, 10 Dec 2020 03:40:09 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1200
access-control-allow-headers
cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
51482
cookies.png
www.avira.com/static/avira/images/
14 KB
14 KB
Image
General
Full URL
https://www.avira.com/static/avira/images/cookies.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba4b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
akamai /
Resource Hash
3772d3de1cbc3490c2a9d606dfbce2c8701227b83248629b3cdb52eb029e8d65

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Tue, 25 Aug 2020 08:54:40 GMT
server
akamai
etag
"5f44d1d0-368f"
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control
public, max-age=276689
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length
13967
expires
Sun, 13 Dec 2020 08:31:38 GMT
checkmark-1-optimized.png
www.avira.com/images/content/v3/
451 B
649 B
Image
General
Full URL
https://www.avira.com/images/content/v3/checkmark-1-optimized.png
Requested by
Host: www.avira.com
URL: https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba4b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
akamai /
Resource Hash
c06451745942d503aa200ddc936f479acca2b505ef010ea7ff7fc8fb9c1247e8

Request headers

Referer
https://www.avira.com/en/blog/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218?utm_campaign=research_30&utm_content=148540088&utm_medium=social&utm_source=twitter&hss_channel=tw-19101225
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 10 Dec 2020 03:40:09 GMT
last-modified
Fri, 29 Nov 2019 11:44:31 GMT
server
akamai
etag
"1c83cce294339c5590f87a93cc373431"
content-type
image/png
cache-control
public, max-age=412581, s-maxage=31557600
accept-ranges
bytes
content-length
451
expires
Mon, 14 Dec 2020 22:16:30 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Domain/Path Name / Value
.avira.com/ Name: passthrough
Value: %5B%5D
www.avira.com/ Name: pimcore_sdsat_visitorId
Value: 5fd1989976813
www.avira.com/ Name: AWSALBCORS
Value: bDlbLq9AuRXFRosvEoO4ogmx3+/e0sUQYNj4mANiDMgBhafiGStNCyuK25LN5k2vE31x+tY3gOyCWQxs6IvmSvraUqmJE4pdy6cmWImmURkyjclini38O7JZ+HSe
www.avira.com/ Name: AWSALB
Value: bDlbLq9AuRXFRosvEoO4ogmx3+/e0sUQYNj4mANiDMgBhafiGStNCyuK25LN5k2vE31x+tY3gOyCWQxs6IvmSvraUqmJE4pdy6cmWImmURkyjclini38O7JZ+HSe
.avira.com/ Name: permpassthrough
Value: %5B%5D
.avira.com/ Name: _ga
Value: GA1.2.109097436.1607571609
www.avira.com/ Name: GTM_check
Value: 1
.avira.com/ Name: country
Value: DE
.avira.com/ Name: language
Value: en
.avira.com/ Name: _gid
Value: GA1.2.1626090271.1607571609
.avira.com/ Name: ckbid
Value: 5b6b1891-ba80-43e2-82ec-cd787eb689f9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.prod-blog.avira.com
consent.cookiebot.com
consentcdn.cookiebot.com
hubs.li
www.avira.com
www.google-analytics.com
www.googletagmanager.com
2606:4700::6812:b34
2a00:1450:4001:806::2008
2a00:1450:4001:818::2008
2a00:1450:4001:824::200e
2a02:26f0:1700:16::b856:fbcf
2a02:26f0:6c00:281::f09
2a02:26f0:6c00::210:ba4b
2a02:26f0:6c00::210:ba83
01fba482f08656e11cbf03333b07048a33b574dc7024d5651f94b0b3cff89c3a
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
166cd58210d4142ff3465af4ed044eaf2b2bbaaddb46d7917db1937700206b4a
16b555282ea8c779478cb1d8674dae40f689dcdeb4664cd762cbdfe47c476d8b
1cd1a7a2b2fc32002bc8355f91cf71e610281c62861e02de423528601acb71b8
20d131129aed0fbcbe7410d7b1945f72ced394e1148df8447df80cae79efd4ba
21444e5a9a209e4aa1fa6d293764bbb831616ef37e3bcc097b072f3068da11d8
214ebc013907c02c11e033e16676675a019161d4c75921bd923a43bf37109f4c
23952ead120967da47ee356bf34d8fd955d12bc0765049b2fb484efd2a292aa1
2b952d77cdd25e96c4103b104daf93c7ff76cd5152fcfc80634b918c42ba5c5b
2e74c7d60ca78e0bb4ea877b74bba12f4fd21c5d2be97f0186d35cce593cc6a9
3199043f616f378bd0a4fe51c0dd6f0a5c699c970bcda23db2ff46c910a6bacd
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
3772d3de1cbc3490c2a9d606dfbce2c8701227b83248629b3cdb52eb029e8d65
44321d15b5a4c24d1d4326bf1978096b20a8b5cb3d4cbe2acc950d2dca4039e0
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
6d7922d4a1b48257dffaefa8c56b43de6db2daff8e975187732a1777d4e74931
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
866205b9f981614167c368bf072c210fa06221f0b6eec4a9257990d3d3993449
8e0d2ab4f0a4a7e5a6c1755abf9d48ac795a9ab41c35802bbda956e4338ff50f
9778ce5b9781dada3bfa1189d6d959a4de532702727c28cc5f52626e23a1c2a9
a5fa055815d562b63a5822cd36eaf67c19e801c108dc7fa490deb1edad26fe83
a791aba3842d3766494ad0aa2a1b9cdbd2bb8aa8b2235aedea82e993c851a1ab
aaede122ef10bf5e5606a1e7f1a0a49080351a69bf817b51c4d3b013e0018b8d
b06a086772e41e5c71e268946669ad339dd475cd64aa09c2cdcf0c0ad9cb1b49
b560f4b355f71bf3d9c4c92124294a15c7451c5a0abff85afcbe878b1a4be573
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
c06451745942d503aa200ddc936f479acca2b505ef010ea7ff7fc8fb9c1247e8
c2d2b547494547ad06758536375f09103ff10501fcfbbdf789e0b2347f2cecc2
cd9c04ea881fffc9bf2f86f6199c51a87ac0e278a474ce05607e6ca74ae28bc1
cf9f86bf931a1d4c04f518b40118aa8403e1e7a69dde7a22e65fe1a14cc782aa
d52b0315b60e233a13b8dd5018fb23c19175c4063ea9ae403534918f92f73358
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
f321858f0606be2b0228fc7b849fcf5e72885bdf736b2dabf54a3a7781d92153