sandmaxprime.co Open in urlscan Pro
209.99.16.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://sandmaxprime.co/malware-analysis-adwind-jrat/
Submission: On October 20 via api (October 20th 2021, 5:37:03 pm UTC) from US — Scanned from DE

Summary HTTP 119 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 31 IPs in 2 countries across 23 domains to perform 119 HTTP transactions. The main IP is 209.99.16.15, located in Burlington, United States and belongs to TEXASNET-ASN, US. The main domain is sandmaxprime.co.

This is the only time sandmaxprime.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
52	209.99.16.15 209.99.16.15	3900 (TEXASNET-ASN) (TEXASNET-ASN)
5	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
3	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
11	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
5	142.250.184.214 142.250.184.214	15169 (GOOGLE) (GOOGLE)
1	184.73.100.94 184.73.100.94	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
6	192.229.233.25 192.229.233.25	15133 (EDGECAST) (EDGECAST)
1 2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
1	34.204.113.242 34.204.113.242	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
1	142.250.185.65 142.250.185.65	15169 (GOOGLE) (GOOGLE)
1	107.20.147.136 107.20.147.136	14618 (AMAZON-AES) (AMAZON-AES)
4	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.26.11.39 104.26.11.39	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
1	104.16.139.31 104.16.139.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	217.20.155.208 217.20.155.208	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
1	23.47.212.208 23.47.212.208	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	192.0.77.40 192.0.77.40	2635 (AUTOMATTIC) (AUTOMATTIC)
1	87.240.190.67 87.240.190.67	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS vk.com)
1	104.18.27.71 104.18.27.71	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
8	192.229.233.50 192.229.233.50	15133 (EDGECAST) (EDGECAST)
3	152.199.21.141 152.199.21.141	15133 (EDGECAST) (EDGECAST)
119	31

52 209.99.16.15 (Burlington, United States)

ASN3900 (TEXASNET-ASN, US)

sandmaxprime.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

cdn.shareaholic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m9m6e2w5.stackpathcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.214 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f22.1e100.net

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.73.100.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-100-94.compute-1.amazonaws.com

www.shareaholic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.229.233.25 (Los Angeles, United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.204.113.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-113-242.compute-1.amazonaws.com

analytics.shareaholic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.65 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f1.1e100.net

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.20.147.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-147-136.compute-1.amazonaws.com

partner.shareaholic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.11.39 (United States)

ASN13335 (CLOUDFLARENET, US)

img.buymeacoffee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.139.31 (United States)

ASN13335 (CLOUDFLARENET, US)

api.bufferapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.20.155.208 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: ip208.155.odnoklassniki.ru

connect.ok.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.47.212.208 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-212-208.deploy.static.akamaitechnologies.com

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.40 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: assets.tumblr.com

api.tumblr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.240.190.67 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS vk.com, RU)
PTR: srv67-190-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.27.71 (United States)

ASN13335 (CLOUDFLARENET, US)

www.yummly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.229.233.50 (Los Angeles, United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 152.199.21.141 (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	sandmaxprime.co sandmaxprime.co	655 KB
11	twimg.com cdn.syndication.twimg.com abs.twimg.com pbs.twimg.com	44 KB
11	youtube.com www.youtube.com	738 KB
8	twitter.com platform.twitter.com syndication.twitter.com	213 KB
6	wp.com stats.wp.com pixel.wp.com i1.wp.com i2.wp.com	915 KB
5	ytimg.com i.ytimg.com	61 KB
4	stackpathcdn.com m9m6e2w5.stackpathcdn.com	111 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net static.doubleclick.net	1 KB
3	gravatar.com secure.gravatar.com	10 KB
2	shareaholic.com analytics.shareaholic.com partner.shareaholic.com	644 B
2	gstatic.com fonts.gstatic.com www.gstatic.com	18 KB
2	shareaholic.net cdn.shareaholic.net www.shareaholic.net	6 KB
1	yummly.com www.yummly.com	699 B
1	vk.com vk.com	482 B
1	tumblr.com api.tumblr.com	379 B
1	reddit.com www.reddit.com	1 KB
1	pinterest.com api.pinterest.com	377 B
1	ok.ru connect.ok.ru	2 KB
1	bufferapp.com api.bufferapp.com	412 B
1	buymeacoffee.com img.buymeacoffee.com	29 KB
1	ggpht.com yt3.ggpht.com	3 KB
1	google.com www.google.com	14 KB
1	googleapis.com fonts.googleapis.com	2 KB
119	23

	Domain	Requested by
52	sandmaxprime.co	sandmaxprime.co
11	www.youtube.com	sandmaxprime.co www.youtube.com
7	pbs.twimg.com	sandmaxprime.co platform.twitter.com
6	platform.twitter.com	sandmaxprime.co platform.twitter.com
5	i.ytimg.com	sandmaxprime.co www.youtube.com
4	m9m6e2w5.stackpathcdn.com	cdn.shareaholic.net sandmaxprime.co
3	abs.twimg.com	sandmaxprime.co
3	i1.wp.com	sandmaxprime.co
3	secure.gravatar.com	sandmaxprime.co secure.gravatar.com
2	syndication.twitter.com	platform.twitter.com
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	www.yummly.com	m9m6e2w5.stackpathcdn.com
1	vk.com	m9m6e2w5.stackpathcdn.com
1	api.tumblr.com	m9m6e2w5.stackpathcdn.com
1	www.reddit.com	m9m6e2w5.stackpathcdn.com
1	api.pinterest.com	m9m6e2w5.stackpathcdn.com
1	connect.ok.ru	m9m6e2w5.stackpathcdn.com
1	api.bufferapp.com	m9m6e2w5.stackpathcdn.com
1	www.gstatic.com	www.youtube.com
1	i2.wp.com	sandmaxprime.co
1	img.buymeacoffee.com	sandmaxprime.co
1	pixel.wp.com	sandmaxprime.co
1	partner.shareaholic.com	m9m6e2w5.stackpathcdn.com
1	yt3.ggpht.com	www.youtube.com
1	www.google.com	www.youtube.com
1	analytics.shareaholic.com	m9m6e2w5.stackpathcdn.com
1	static.doubleclick.net	www.youtube.com
1	fonts.gstatic.com	www.youtube.com
1	www.shareaholic.net	cdn.shareaholic.net
1	stats.wp.com	sandmaxprime.co
1	fonts.googleapis.com	sandmaxprime.co
1	cdn.shareaholic.net	sandmaxprime.co
119	33

This site contains links to these domains. Also see Links.

Domain
www.sandmaxprime.co
medium.com
github.com
instagram.com
twitter.com
www.facebook.com
www.twitter.com
www.instagram.com
plus.google.com
www.pinterest.com
www.flickr.com
www.buymeacoffee.com
www.youtube.com
wordpress.org
presscustomizr.com

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.stackpathcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-31` - `2022-05-31`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.shareaholic.net R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
shareaholic.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.shareaholic.com R3	`2021-10-01` - `2021-12-30`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
buymeacoffee.com Cloudflare Inc ECC CA-3	`2021-06-05` - `2022-06-04`	a year	crt.sh
api.bufferapp.com DigiCert SHA2 Secure Server CA	`2020-06-24` - `2022-08-16`	2 years	crt.sh
*.ok.ru GeoTrust RSA CA 2018	`2021-02-18` - `2022-03-21`	a year	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-05` - `2022-04-02`	6 months	crt.sh
tumblr.com DigiCert SHA2 Extended Validation Server CA	`2020-07-09` - `2022-04-14`	2 years	crt.sh
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-06-09` - `2022-06-10`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-06` - `2022-07-05`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 5 frames:

Primary Page: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Frame ID: EA8723A84F400D3A3F6A8A5B168850CF
Requests: 93 HTTP requests in this frame

Frame: data://truncated
Frame ID: D2E8D14F7E9A0567A75D5B5FF0DDC62A
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
Frame ID: FE37E90F0BA3BA191969473D92EEF748
Requests: 17 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=http%3A%2F%2Fsandmaxprime.co
Frame ID: 6A4CD5A32EFD79E75EBF4C0AA4027AA6
Requests: 2 HTTP requests in this frame

Frame: http://abs.twimg.com/emoji/v2/72x72/1f3f3-fe0f-200d-1f308.png
Frame ID: 6C8F8ED22B6524D056AE78152377DC84
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware Analysis - Adwind JRat - SandmaxPrime

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Lightbox (JavaScript Libraries) Expand

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

mailchimp-for-wp/assets/js/forms\.min\.js(?:\?ver=([\d.]+))?

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

119
Requests

50 %
HTTPS

0 %
IPv6

23
Domains

33
Subdomains

31
IPs

2
Countries

2827 kB
Transfer

6403 kB
Size

4
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: http://www.sandmaxprime.co/
Title: Home

Search URL Search Domain Scan URL

URL: https://medium.com/@sandmaxprime/malware-analysis-adwind-jrat-8f58c66ff7bb
Title: https://medium.com/@sandmaxprime/malware-analysis-adwind-jrat-8f58c66ff7bb

Search URL Search Domain Scan URL

URL: https://github.com/sandmaxprime

Search URL Search Domain Scan URL

URL: https://instagram.com/sandmaxprime

Search URL Search Domain Scan URL

URL: https://twitter.com/sandmaxprime

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sandmaxprime

Search URL Search Domain Scan URL

URL: http://www.twitter.com/sandmaxprime

Search URL Search Domain Scan URL

URL: http://www.instagram.com/sandmaxprime

Search URL Search Domain Scan URL

URL: http://plus.google.com/+LionelFaleiro

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/sandmaxprime

Search URL Search Domain Scan URL

URL: http://www.flickr.com/photos/sandmaxprime

Search URL Search Domain Scan URL

URL: https://www.buymeacoffee.com/sandmaxprime
Title: <img src="https://img.buymeacoffee.com/button-api/?text=Buy me a coffee&emoji=&slug=sandmaxprime&button_colour=FF5F5F&font_colour=ffffff&font_family=Lato&outline_colour=000000&coffee_colour=FFDD00">

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/LionelFaleiro?sub_confirmation=1
Title: <img alt="subscribe" src="http://sandmaxprime.co/wp-content/plugins/youtube-embed-plus/images/play-subscribe.png" />Subscribe to my channel

Search URL Search Domain Scan URL

URL: https://wordpress.org/

Search URL Search Domain Scan URL

URL: https://presscustomizr.com/hueman/
Title: Hueman theme

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

119 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
sandmaxprime.co/malware-analysis-adwind-jrat/ 165 KB
48 KB 3516ms
2393ms Document
text/html 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 8f0bb15c22229a9894ac383d8e8ef23dbe9a1e4dc3aa583748ebad0e19e132b3

Request headers

Host: sandmaxprime.co
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Wed, 20 Oct 2021 17:36:55 GMT
Server: nginx/1.19.10
Content-Type: text/html; charset=UTF-8
X-Pingback: http://sandmaxprime.co/xmlrpc.php
Link: <http://sandmaxprime.co/wp-json/>; rel="https://api.w.org/", <http://sandmaxprime.co/wp-json/wp/v2/posts/620>; rel="alternate"; type="application/json", <https://wp.me/p5uFLY-a0>; rel=shortlink
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: false
Transfer-Encoding: chunked

GET
H/1.1 200
OK shareaholic.js Show response
cdn.shareaholic.net/assets/pub/ 9 KB
4 KB 37ms
9ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.shareaholic.net/assets/pub/shareaholic.js
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 679901193bec155d1919e74ea8191861eebf56293c9283a1081490ecedef0f57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Sep 2021 19:53:45 GMT
Server: nginx
x-amz-request-id: XA1DNNE5SRXV4NWT
ETag: "a3f496c7cfed372a6cd67eba41be4c69"
X-HW: 1634751415.cds165.fr8.h2,1634751415.cds250.fr8.c
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=1200, public
Connection: keep-alive
Accept-Ranges: bytes
X-Hello-Human: Join the fun! Apply at www.shareaholic.com/jobs
Content-Length: 3707
x-amz-id-2: WDseyr7cXDrWMOctUijK3hinqcAhuMIL/UlLmyCZihDuMJwOPZCjF+l72yOk5iLZnm++PFeYda0=

GET
H/1.1 200
OK fa-brands-400.woff2
sandmaxprime.co/wp-content/themes/hueman/assets/front/webfonts/ 77 KB
77 KB 137ms
137ms Font
font/woff2 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:55 GMT
Last-Modified: Tue, 02 Feb 2021 20:57:54 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: font/woff2
Content-Length: 78472

GET
H/1.1 200
OK fa-regular-400.woff2
sandmaxprime.co/wp-content/themes/hueman/assets/front/webfonts/ 13 KB
13 KB 713ms
137ms Font
font/woff2 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Last-Modified: Tue, 02 Feb 2021 20:57:54 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 13588
Content-Type: font/woff2

GET
H/1.1 200
OK fa-solid-900.woff2
sandmaxprime.co/wp-content/themes/hueman/assets/front/webfonts/ 78 KB
79 KB 757ms
140ms Font
font/woff2 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Last-Modified: Tue, 02 Feb 2021 20:57:54 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 80252
Content-Type: font/woff2

GET
H/1.1 200
OK titillium-light-webfont.woff
sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/ 24 KB
24 KB 815ms
145ms Font
font/woff 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/titillium-light-webfont.woff
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 5758d1ad3c6f35962da2c4d2e162cf59ef64dc0954c54171eaa73babbb2af9e2

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Last-Modified: Mon, 30 Nov 2020 18:22:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 24712
Content-Type: font/woff

GET
H/1.1 200
OK titillium-lightitalic-webfont.woff
sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/ 26 KB
26 KB 830ms
135ms Font
font/woff 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/titillium-lightitalic-webfont.woff
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 97363b6ced0c1ca6d76ebcc6782512959cc8c5d6c8f40cb4976b4179bb685e53

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Last-Modified: Mon, 30 Nov 2020 18:22:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 26760
Content-Type: font/woff

GET
H/1.1 200
OK titillium-regular-webfont.woff
sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/ 24 KB
24 KB 843ms
142ms Font
font/woff 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/titillium-regular-webfont.woff
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 8daaa4ed16297478af007774febefe6ca3674fda47ed73e913b1b583d34883fb

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Last-Modified: Mon, 30 Nov 2020 18:22:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 24696
Content-Type: font/woff

GET
H/1.1 200
OK titillium-regularitalic-webfont.woff
sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/ 26 KB
26 KB 872ms
169ms Font
font/woff 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/titillium-regularitalic-webfont.woff
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 8dbe8457cc41e254cb7fcd4dfa77c52c16413c18f35a370b77c5f07b4895562a

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Last-Modified: Mon, 30 Nov 2020 18:22:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 26588
Content-Type: font/woff

GET
H/1.1 200
OK titillium-semibold-webfont.woff
sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/ 24 KB
24 KB 852ms
139ms Font
font/woff 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/fonts/titillium-semibold-webfont.woff
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 62ff09a8013f9dfc0f7cbefc6feb180c258818e151aff470902f29ef44342f0d

Request headers

Pragma: no-cache
Origin: http://sandmaxprime.co
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Last-Modified: Mon, 30 Nov 2020 18:22:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 24732
Content-Type: font/woff

GET
H/1.1 200
OK style.min.css
sandmaxprime.co/wp-includes/css/dist/block-library/ 79 KB
14 KB 269ms
142ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Jul 2021 06:26:58 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 14560

GET
H/1.1 200
OK coblocks-style.css
sandmaxprime.co/wp-content/plugins/coblocks/dist/ 177 KB
33 KB 290ms
163ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/coblocks/dist/coblocks-style.css?ver=ce605861d24d7a5f6f52d21c36043759
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 802bccf54651cb427028d0d739c62658483c4839acb86e9720e04fc31f5c65ee

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Apr 2021 15:35:13 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Transfer-Encoding: chunked
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css

GET
H/1.1 200
OK blocks.style.build.css
sandmaxprime.co/wp-content/plugins/ultimate-blocks/dist/ 47 KB
14 KB 294ms
165ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/ultimate-blocks/dist/blocks.style.build.css?ver=2.4.5
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: b4cc77ce94dd90437fec9ae62d4a49ac58d05e8bf1a2322d4607b15ffca04ba9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 10:02:28 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 13711

GET
H/1.1 200
OK font-awesome.min.css
sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/css/font-awesome/css/ 28 KB
7 KB 272ms
144ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/css/font-awesome/css/font-awesome.min.css?ver=1.3.3
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 6f005368978df37b680de2dc8a22007a600378ba5568a573432a3fdeb8bdb674

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 10:02:23 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 6711

GET
H/1.1 200
OK simple-line-icons.css
sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/css/simple-line/ 11 KB
3 KB 331ms
146ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/css/simple-line/simple-line-icons.css?ver=1.3.3
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: f293486948d4cba26c6b835bdd574b4085e62da749b86019f5f6fab3535b0e39

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 10:02:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 2648

GET
H/1.1 200
OK style.css
sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/css/ 15 KB
4 KB 410ms
137ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/css/style.css?ver=1.3.3
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 4bc4b508bb0ccc41052f6a18eb23441543da2d209c152f62577e954367b4d62d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 10:02:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 3458

GET
H/1.1 200
OK form-basic.min.css
sandmaxprime.co/wp-content/plugins/mailchimp-for-wp/assets/css/ 3 KB
963 B 472ms
141ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.min.css?ver=4.8.3
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 2a8c2e0fd09605162cb7823dfa4ef28779072b2c3f5b6fbc23be0d47f518d9d2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Apr 2021 03:55:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 731

GET
H/1.1 200
OK main.min.css
sandmaxprime.co/wp-content/themes/hueman/assets/front/css/ 92 KB
28 KB 538ms
139ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.16
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 05890acda3ebac27f3b1865819469ec25d80cd632bb1033ea8f7148973503d8f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Jul 2021 10:50:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK font-awesome.min.css
sandmaxprime.co/wp-content/themes/hueman/assets/front/css/ 58 KB
13 KB 541ms
140ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/css/font-awesome.min.css?ver=3.7.16
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c76cae4aabc1d4236da2fecf8fcae818a2cf95406446774ccf9db5ca14d4b59

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 20:57:54 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 12884

GET
H/1.1 200
OK style.css
sandmaxprime.co/wp-content/plugins/meks-easy-ads-widget/css/ 705 B
525 B 557ms
146ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-easy-ads-widget/css/style.css?ver=2.0.5
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 4b0e2c1c8e6d92b9083cd952cea6a065485827df78fae548752352da136c3540

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Mar 2021 16:16:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 293

GET
H/1.1 200
OK style.css
sandmaxprime.co/wp-content/plugins/meks-simple-flickr-widget/css/ 293 B
415 B 557ms
138ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-simple-flickr-widget/css/style.css?ver=1.1.4
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 69d66fbe4d45c714b473395005d335b051f8f6ac039e8f292374a8210138e0f0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Mar 2021 16:16:38 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 183

GET
H/1.1 200
OK style.css
sandmaxprime.co/wp-content/plugins/meks-smart-author-widget/css/ 245 B
392 B 572ms
144ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-smart-author-widget/css/style.css?ver=1.1.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 80acad322ff6c23eac449f481573dd13c508975ef73dfedadc03ae3d9b282b1c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Mar 2021 16:16:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 160

GET
H/1.1 200
OK style.css
sandmaxprime.co/wp-content/plugins/meks-smart-social-widget/css/ 41 KB
6 KB 612ms
141ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-smart-social-widget/css/style.css?ver=1.5
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: e24928d7d73d973842a21a3f630f4b4ef2eb8c139130820ca0f6f7c2d7a15245

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Mar 2021 16:16:46 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 5645

GET
H2 200 css
fonts.googleapis.com/ 17 KB
2 KB 47ms
17ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&display=fallback&ver=5.8.1

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

291dac5916509afa7af72579a5c65771da77ab6c48e05b859c511139dca27d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 20 Oct 2021 15:41:56 GMT
server: ESF
date: Wed, 20 Oct 2021 17:36:55 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Wed, 20 Oct 2021 17:36:55 GMT

GET
H/1.1 200
OK enlighterjs.min.css
sandmaxprime.co/wp-content/plugins/enlighter/cache/ 78 KB
15 KB 691ms
149ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=wektvP5Jv1TPoNF
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 598838ea58a769e0547a8abf84953df1420f2efff65c546c0f189c8f5442ade3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 12:48:52 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 14892

GET
H/1.1 200
OK ytprefs.min.css
sandmaxprime.co/wp-content/plugins/youtube-embed-plus/styles/ 6 KB
2 KB 697ms
140ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=13.4.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Apr 2021 10:48:53 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 1680

GET
H/1.1 200
OK jetpack.css
sandmaxprime.co/wp-content/plugins/jetpack/css/ 75 KB
20 KB 697ms
140ms Stylesheet
text/css 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/css/jetpack.css?ver=9.6.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: b17a1dde76cbfa8f7e19a7121ecde1ad3d2cc9fca6bbd795042d3f484b53d2a3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery.min.js Show response
sandmaxprime.co/wp-includes/js/jquery/ 87 KB
38 KB 960ms
146ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Mar 2021 20:37:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery-migrate.min.js Show response
sandmaxprime.co/wp-includes/js/jquery/ 11 KB
5 KB 968ms
139ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Wed, 18 Nov 2020 14:36:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 4618

GET
H/1.1 200
OK ytprefs.min.js Show response
sandmaxprime.co/wp-content/plugins/youtube-embed-plus/scripts/ 10 KB
4 KB 985ms
134ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=13.4.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: ddda47b049ec774960fe39b5c0fca40c15abf80158daec17c8e29146d1d1c31e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Apr 2021 10:48:53 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 3915

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
sandmaxprime.co/wp-includes/js/ 18 KB
5 KB 159ms
158ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Jun 2021 03:45:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 5243

GET
H/1.1 200
OK photon.min.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/photon/ 758 B
667 B 825ms
137ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 421

GET
H/1.1 200
OK coblocks-animation.js Show response
sandmaxprime.co/wp-content/plugins/coblocks/dist/js/ 1 KB
873 B 848ms
140ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/coblocks/dist/js/coblocks-animation.js?ver=2.10.1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 6be7095fc7b4ccf33a454343009429cda6343ba3c32bb05f1c33a0f242ee2888

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Apr 2021 15:35:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 627

GET
H/1.1 200
OK coblocks-lightbox.js Show response
sandmaxprime.co/wp-content/plugins/coblocks/dist/js/ 4 KB
2 KB 969ms
185ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/coblocks/dist/js/coblocks-lightbox.js?ver=2.10.1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 26b67e7ce334b7504ce575df220ff54b2915677d1dbcb0a468117f7164a7a9c6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Apr 2021 15:35:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1481

GET
H/1.1 200
OK main.js Show response
sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/js/ 7 KB
2 KB 949ms
163ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/meks-flexible-shortcodes/js/main.js?ver=1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 02007cb9ea5401983a0a4a34d08c1a57c75484d0852194291e124c94b848d474

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 10:02:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1794

GET
H/1.1 200
OK front.build.js Show response
sandmaxprime.co/wp-content/plugins/ultimate-blocks/src/blocks/table-of-contents/ 7 KB
2 KB 925ms
139ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/ultimate-blocks/src/blocks/table-of-contents/front.build.js?ver=2.4.5
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 75e2b001534fd5059f8201995e26564a6c24ccd5a0dd0e31c7df91a09082338f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 10:02:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 2267

GET
H/1.1 200
OK scrollby-polyfill.js Show response
sandmaxprime.co/wp-content/plugins/ultimate-blocks/src/blocks/ 11 KB
4 KB 958ms
155ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/ultimate-blocks/src/blocks/scrollby-polyfill.js?ver=2.4.5
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 82792dd2bb6b493c2aa5000dcbb067b18f06121d03f454e16a188a3e6e67276c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 10:02:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 4339

GET
H/1.1 200
OK smush-lazy-load.min.js Show response
sandmaxprime.co/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 962ms
137ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.8.4
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: a4f367d720fec23438ef17e4a32c05129ed2e6dd5163167c9dd0787ea1f62de5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Apr 2021 15:01:03 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 3977

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 23 KB
7 KB 28ms
6ms Script
application/javascript 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js?ver=202142
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:56 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 15:50:36 GMT
server: nginx
etag: W/"5e8609cc-5dea"
content-type: application/javascript
cache-control: max-age=604800
expires: Wed, 27 Oct 2021 17:36:56 GMT

GET
H/1.1 200
OK wpgroho.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/modules/ 2 KB
1 KB 987ms
139ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/modules/wpgroho.js?ver=9.6.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 797

GET
H/1.1 200
OK underscore.min.js Show response
sandmaxprime.co/wp-includes/js/ 19 KB
8 KB 1085ms
158ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-includes/js/underscore.min.js?ver=1.13.1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 01:03:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 8329

GET
H/1.1 200
OK scripts.min.js Show response
sandmaxprime.co/wp-content/themes/hueman/assets/front/js/ 76 KB
29 KB 144ms
144ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/js/scripts.min.js?ver=3.7.16
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 32786d444e9857efb3f20c41c2b06bb1c814b0ccf3de31d83bec30c8b3fa96d3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Jul 2021 13:20:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK comment-reply.min.js Show response
sandmaxprime.co/wp-includes/js/ 3 KB
2 KB 1140ms
191ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-includes/js/comment-reply.min.js?ver=5.8.1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 Mar 2021 23:18:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1472

GET
H/1.1 200
OK twitter-timeline.min.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/ 331 B
507 B 1155ms
197ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 261

GET
H/1.1 200
OK intersectionobserver-polyfill.min.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 8 KB
3 KB 1137ms
174ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/intersectionobserver-polyfill.min.js?ver=1.1.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 3092

GET
H/1.1 200
OK lazy-images.min.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 3 KB
2 KB 1149ms
181ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/lazy-images.min.js?ver=1.1.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1441

GET
H/1.1 200
OK postmessage.min.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/ 6 KB
3 KB 1146ms
159ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/postmessage.min.js?ver=9.6.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 672e29b030b9b17c9cc70beb24af4c41eaf8ce9a0491c655ab9a1c88ab287021

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 2968

GET
H/1.1 200
OK jquery.jetpack-resize.min.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/ 3 KB
1 KB 1278ms
193ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/jquery.jetpack-resize.min.js?ver=9.6.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1166

GET
H/1.1 200
OK queuehandler.js Show response
sandmaxprime.co/wp-content/plugins/jetpack/modules/likes/ 11 KB
4 KB 1325ms
187ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/jetpack/modules/likes/queuehandler.js?ver=9.6.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 662d1c6d95e756bcf34dd1d42e596ab85b541d1ce3cab70d9964ac3f6090bb7a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 09:25:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 4132

GET
H/1.1 200
OK enlighterjs.min.js Show response
sandmaxprime.co/wp-content/plugins/enlighter/cache/ 57 KB
24 KB 1320ms
180ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=wektvP5Jv1TPoNF
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Apr 2021 12:48:52 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK fitvids.min.js Show response
sandmaxprime.co/wp-content/plugins/youtube-embed-plus/scripts/ 3 KB
1 KB 1330ms
184ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=13.4.2
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Apr 2021 10:48:53 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1050

GET
H/1.1 200
OK wp-embed.min.js Show response
sandmaxprime.co/wp-includes/js/ 1 KB
1023 B 1339ms
191ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-includes/js/wp-embed.min.js?ver=5.8.1
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Jan 2021 20:59:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 777

GET
H/1.1 200
OK form.js Show response
sandmaxprime.co/wp-content/plugins/akismet/_inc/ 700 B
564 B 149ms
148ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/akismet/_inc/form.js?ver=4.1.10
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jul 2014 02:44:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 318

GET
H/1.1 200
OK forms.min.js Show response
sandmaxprime.co/wp-content/plugins/mailchimp-for-wp/assets/js/ 7 KB
3 KB 1337ms
183ms Script
application/javascript 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://sandmaxprime.co/wp-content/plugins/mailchimp-for-wp/assets/js/forms.min.js?ver=4.8.3
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/malware-analysis-adwind-jrat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Apr 2021 03:55:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 3054

GET
H2 200 e-202142.js Show response
stats.wp.com/ 9 KB
3 KB 129ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202142.js
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn
date: Wed, 20 Oct 2021 17:36:56 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 09 Oct 2022 22:34:09 GMT

GET
DATA 200
OK truncated Show response
/ Frame D2E8 37 B
37 B Document
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Upgrade-Insecure-Requests: 1
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer: http://sandmaxprime.co/

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK pre.png
sandmaxprime.co/wp-content/themes/hueman/assets/front/img/ 72 B
257 B 144ms
143ms Image
image/png 209.99.16.15
TEXASNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/img/pre.png
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.16
Protocol: HTTP/1.1
Server: 209.99.16.15 Burlington, United States, ASN3900 (TEXASNET-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: de54d20ec67beddd1b5050d80ea032494652596617c6d31f297028a7efdab7bc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.16
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.16
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Last-Modified: Mon, 30 Nov 2020 18:22:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 72
Content-Type: image/png

GET
H2 200 main.js Show response
m9m6e2w5.stackpathcdn.com/v2/7016fae1/ 147 KB
41 KB 100ms
12ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/main.js
Requested by: Host: cdn.shareaholic.net
URL: http://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 943447536924ef690ecbfcd8b5651fdcb2002a6d6d397d8adb5b916226179427

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:56 GMT
content-encoding: gzip
last-modified: Fri, 17 Sep 2021 19:53:42 GMT
server: nginx
x-amz-request-id: XA12XQAV8EEVD0Z3
etag: "b2f00638b5535fc8bd662c6a4bceb661"
x-hw: 1634751416.cds005.fr8.hn,1634751416.cds154.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 41738
x-amz-id-2: hKhGhpa6pOAdzjJ2+Cee/a/9d/IPe5ldO+E5cayJQ9gcrVFsEjBHTSMcMwBG9w6TC7OyFHwhpRA=

GET
H2 200 4ZGTisHPFic Show response
www.youtube.com/embed/ Frame FE37 58 KB
25 KB 105ms
76ms Document
text/html 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

0e9fad3a78c0674d5d8595b5ed58c2a33d33f4fc72fb1c18ae3e9244aa913c19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://sandmaxprime.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Oct 2021 17:36:57 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
report-to: {"group":"AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=aap-_EZSDwc; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=O3uUZjQw0n4; Domain=.youtube.com; Expires=Mon, 18-Apr-2022 17:36:57 GMT; Path=/; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/4ZGTisHPFic/ 11 KB
11 KB 111ms
32ms Image
image/jpeg 142.250.184.214
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/4ZGTisHPFic/hqdefault.jpg

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.214 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f22.1e100.net

Software

sffe /

Resource Hash

f02ff988977ab4955a29ea2886ec9e24917e7b21e04e3712759ef2d3c6417210

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:56 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 11260
x-xss-protection: 0
server: sffe
etag: "1621468141"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 20 Oct 2021 19:36:56 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/JD8sY51FSxM/ 8 KB
8 KB 102ms
24ms Image
image/jpeg 142.250.184.214
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/JD8sY51FSxM/hqdefault.jpg

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.214 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f22.1e100.net

Software

sffe /

Resource Hash

a9ba37a2b168f68908a32994924b4f5a07a0c71590a091f5b7e1b7b32314222a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:56 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7717
x-xss-protection: 0
server: sffe
etag: "1488020044"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 20 Oct 2021 19:36:56 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/bgntXO9egmQ/ 22 KB
23 KB 200ms
121ms Image
image/jpeg 142.250.184.214
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/bgntXO9egmQ/hqdefault.jpg

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.214 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f22.1e100.net

Software

sffe /

Resource Hash

88824165f3a7f1193288964a393f163d9c2b7b4888514455a80bd83b0e057eaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 22934
x-xss-protection: 0
server: sffe
etag: "1450573870"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 20 Oct 2021 19:36:57 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/W--FVwLNi_8/ 17 KB
18 KB 104ms
26ms Image
image/jpeg 142.250.184.214
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/W--FVwLNi_8/hqdefault.jpg

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.214 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f22.1e100.net

Software

sffe /

Resource Hash

52ecae51c3253b95eaa405d324857a87d4025c847a4b5d88155d98d0cc45f018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:56 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17888
x-xss-protection: 0
server: sffe
etag: "1450531155"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 20 Oct 2021 19:36:56 GMT

GET
H2 200 1425b5c41828b1599db2095319d13b39.json Show response
www.shareaholic.net/config/ 5 KB
2 KB 328ms
120ms XHR
application/json 184.73.100.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.shareaholic.net/config/1425b5c41828b1599db2095319d13b39.json
Requested by: Host: cdn.shareaholic.net
URL: http://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.73.100.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-100-94.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 149520c6b59fd1024fb70d581f77d4d56f61213e4e4a38f248fcbe7c408437f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-client-geo-country: US,USA
date: Tue, 19 Oct 2021 22:09:39 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
content-length: 1428
server: nginx
x-client-geo-region
x-client-geo-metrocode
etag: W/"149520c6b59fd1024fb70d581f77d4d5"
access-control-max-age: 2000
x-client-geo-city
x-varnish: 65558835 47488159
via: 1.1 varnish (Varnish/6.0)
access-control-expose-headers: Etag, Access-Control-Allow-Origin, x-client-geo-latlong, x-client-geo-country, x-client-geo-city, x-client-geo-zip, x-client-geo-region, x-client-geo-metrocode
cache-control: max-age=3, public, must-revalidate
x-client-geo-zip
accept-ranges: bytes
content-type: application/json
access-control-allow-headers: *
x-client-geo-latlong: 37.751000,-97.822000

GET
H2 200 www-player-webp.css
www.youtube.com/s/player/9e457a67/ Frame FE37 335 KB
46 KB 16ms
15ms Stylesheet
text/css 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9e457a67/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

sffe /

Resource Hash

35501bfd5f2a8d2d8fb04695bc80793b9aa7160ded872a9f89cc094b140f8702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 13:59:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13049
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 46953
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 00:14:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 20 Oct 2022 13:59:28 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/9e457a67/www-embed-player.vflset/ Frame FE37 209 KB
69 KB 33ms
32ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9e457a67/www-embed-player.vflset/www-embed-player.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

sffe /

Resource Hash

a94e60203c4a1d8371c22e4410baf6dbec30875599730d8ca8a22adaf23518d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 15:52:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 179060
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 70183
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 00:14:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 18 Oct 2022 15:52:37 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/ Frame FE37 2 MB
512 KB 39ms
39ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/base.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

sffe /

Resource Hash

a728f23ae512668f87d868b76ec44f5117c840fc4ac3809fa66ecf2ccb54d97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 15:52:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 179050
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 524366
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 00:14:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 18 Oct 2022 15:52:47 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/9e457a67/fetch-polyfill.vflset/ Frame FE37 8 KB
3 KB 46ms
45ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9e457a67/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 07:59:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2830
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 00:14:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 20 Oct 2022 07:59:44 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FE37 15 KB
15 KB 73ms
23ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 19:58:13 GMT
x-content-type-options: nosniff
age: 164324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Oct 2022 19:58:13 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 81ms
46ms Script
application/javascript 192.229.233.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.twitter.com/widgets.js
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Protocol: HTTP/1.1
Server: 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash: 00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 484
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 29104
x-tw-cdn: VZ
Last-Modified: Mon, 18 Oct 2021 18:33:56 GMT
Server: ECS (frb/668A)
Etag: "a709ab1b2c0d5d5e7c19895f6e1dcbfd+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame FE37
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
161 B

56ms
39ms

XHR
application/json

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

ecb89d058ca496af33ddfc42a62595b7b75f82fac07f63e1f697978ad794aa93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 20 Oct 2021 17:36:57 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame FE37 29 B
559 B 48ms
7ms Script
text/javascript 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9e457a67/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:28:00 GMT
x-content-type-options: nosniff
age: 537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Oct 2021 17:43:00 GMT

POST
H2 200 e
analytics.shareaholic.com/ 43 B
379 B 313ms
99ms Ping
image/gif 34.204.113.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.shareaholic.com/e

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.204.113.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-204-113-242.compute-1.amazonaws.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Content-Security-Policy	referrer always

Request headers

Referer: http://sandmaxprime.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 17:36:57 GMT
vary: Origin
p3p: CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC"
access-control-allow-origin: http://sandmaxprime.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
referer-policy: unsafe-url
content-security-policy: referrer always
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/ Frame FE37 93 KB
29 KB 9ms
9ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

sffe /

Resource Hash

29b93a0c7ce944834a9841b7ed98b20f1c19e871ff4f3361db76a026f46d6a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 15:52:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 179049
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29594
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 00:14:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 18 Oct 2022 15:52:48 GMT

GET
H2 200 LOmHOoAv0oJwm2BB9so6lRy8TBRhtyNZy_JhYGjOIrE.js Show response
www.google.com/js/th/ Frame FE37 35 KB
14 KB 39ms
10ms Script
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/LOmHOoAv0oJwm2BB9so6lRy8TBRhtyNZy_JhYGjOIrE.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

sffe /

Resource Hash

2ce9873a802fd282709b6041f6ca3a951cbc4c1461b72359cbf2616068ce22b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 05:10:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44815
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13444
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 20 Oct 2022 05:10:02 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/ Frame FE37 25 KB
7 KB 8ms
8ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

sffe /

Resource Hash

5086b34a1e9d368fcf3c5ef99cddc58a9ca924649f90bccde0ac0a20f327f9bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 15:52:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 179044
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7355
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 00:14:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 18 Oct 2022 15:52:53 GMT

GET
DATA 200
OK truncated
/ Frame FE37 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLS7J_KFNMyggxaAFuO8VW0RB8ewM_WBeQcEF1PlW1c=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame FE37 3 KB
3 KB 55ms
28ms Image
image/jpeg 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLS7J_KFNMyggxaAFuO8VW0RB8ewM_WBeQcEF1PlW1c=s68-c-k-c0x00ffffff-no-rj

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f1.1e100.net

Software

fife /

Resource Hash

091a99c6211f82d9bec2257eb12f5b9c510cf0d8ea75372c58eeaa37d46b0463

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3145
x-xss-protection: 0
server: fife
etag: "vc0e5"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 16 Oct 2021 07:16:48 GMT

GET
H3 200 default.webp
i.ytimg.com/vi_webp/4ZGTisHPFic/ Frame FE37 2 KB
2 KB 78ms
61ms Image
image/webp 142.250.184.214
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/4ZGTisHPFic/default.webp

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.214 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f22.1e100.net

Software

sffe /

Resource Hash

02c2b68deb54eaf261bdebc9cecbb6178c6f105d29bc60212eeb4200e8f97df1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
x-content-type-options: nosniff
server: sffe
etag: "1621468141"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2370
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 20 Oct 2021 19:36:57 GMT

GET
H2 200 sharebuttons.js Show response
m9m6e2w5.stackpathcdn.com/v2/7016fae1/ 161 KB
36 KB 13ms
13ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/sharebuttons.js
Requested by: Host: cdn.shareaholic.net
URL: http://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: f9afa7a2739e8a58cf2ace84b26ede1b2a162dada8620777e431698087536ddd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: gzip
last-modified: Fri, 17 Sep 2021 19:53:42 GMT
server: nginx
x-amz-request-id: XA1929EF37NHCTH9
etag: "4def0ddd8c81302850992d862c0df4f8"
x-hw: 1634751417.cds005.fr8.hn,1634751417.cds103.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 36977
x-amz-id-2: EYOiLLsEbQwlCLgY6DOEmPmxdYbNEIvm45ym1bEstkxhd8w+zO+nRbbGkotgmut/co2RkmSitj8=

GET
H2 200 recommendations.js Show response
m9m6e2w5.stackpathcdn.com/v2/7016fae1/ 91 KB
13 KB 15ms
15ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/recommendations.js
Requested by: Host: cdn.shareaholic.net
URL: http://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: a4bdc08d0d0a32154561d927887eba42cc1489e59118a0ce53e5f893f349bb70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: gzip
last-modified: Fri, 17 Sep 2021 19:53:42 GMT
server: nginx
x-amz-request-id: XA11E70D3SKSW3HN
etag: "129b833e45873611b3391d18d2a7aea9"
x-hw: 1634751417.cds005.fr8.hn,1634751417.cds103.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 13078
x-amz-id-2: Eno44uhRhyJiFienYv543Wk3TpSB7GPvODm2wwmygUrrcuTk/vHZUU8n+TxpR9L2N1GrSenuIEM=

GET
H2 200 partners.js Show response
partner.shareaholic.com/ 0
265 B 325ms
123ms Script
application/javascript 107.20.147.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F&cl=en-US&id_sync=fc850513-dc42-4b45-987c-e907964181ac&minify=1&pvs=1&site=1425b5c41828b1599db2095319d13b39
Requested by: Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.20.147.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-20-147-136.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 17:36:57 GMT
vary: Accept-Encoding, User-Agent
p3p: CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
cache-control: no-cache, no-store, must-revalidate
content-type: application/javascript;charset=utf-8
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK g.gif
pixel.wp.com/ 50 B
215 B 11ms
5ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pixel.wp.com/g.gif?v=ext&j=1%3A9.6.2&blog=81192098&post=620&tz=5.5&srv=sandmaxprime.co&host=sandmaxprime.co&ref=&fcp=4646&rand=0.08418642628718565
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Cache-Control: no-cache
Server: nginx
Connection: keep-alive
Content-Length: 50
Content-Type: image/gif

GET
H/1.1 200
OK hovercard.min.css
secure.gravatar.com/dist/css/ 8 KB
2 KB 14ms
7ms Stylesheet
text/css 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: http://secure.gravatar.com/dist/css/hovercard.min.css?ver=202142
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202142
Protocol: HTTP/1.1
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Nov 2020 15:57:10 GMT
Server: nginx
ETag: W/"5fac09d6-1e86"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 27 Oct 2021 17:36:57 GMT

GET
H/1.1 200
OK services.min.css
secure.gravatar.com/dist/css/ 3 KB
847 B 14ms
7ms Stylesheet
text/css 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: http://secure.gravatar.com/dist/css/services.min.css?ver=202142
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202142
Protocol: HTTP/1.1
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Mar 2018 09:46:04 GMT
Server: nginx
ETag: W/"5ab37b5c-a54"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 27 Oct 2021 17:36:57 GMT

GET
H/1.1 200
OK widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html Show response
platform.twitter.com/widgets/ Frame 6A4C 319 KB
103 KB 31ms
7ms Document
text/html 192.229.233.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=http%3A%2F%2Fsandmaxprime.co
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://sandmaxprime.co/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 74124
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 20 Oct 2021 17:36:57 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 18 Oct 2021 18:32:00 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6725)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H3 200 iframe_api Show response
www.youtube.com/ 980 B
512 B 33ms
33ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=13.4.2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

272d71624a8d4634901f0260580882a059268ff037cc12302b283a9710756c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"
expires: Wed, 20 Oct 2021 17:36:57 GMT

GET
H2 200 Malware-Analysis%E2%80%93Adwind-JRat.png
i1.wp.com/sandmaxprime.co/wp-content/uploads/2020/04/ 842 KB
843 KB 339ms
320ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/sandmaxprime.co/wp-content/uploads/2020/04/Malware-Analysis%E2%80%93Adwind-JRat.png?resize=1024%2C500

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

0d5e186bcc5ebc1ce5f3677a2f088c8588fd7557ca50136b40300fb442727702

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: MISS hhn 2
date: Wed, 20 Oct 2021 17:36:57 GMT
x-content-type-options: nosniff
last-modified: Wed, 20 Oct 2021 17:36:57 GMT
server: nginx
etag: "0228585c6f4b8256"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://sandmaxprime.co/wp-content/uploads/2020/04/Malware-Analysis%E2%80%93Adwind-JRat.png>; rel="canonical"
content-length: 862294
expires: Sat, 21 Oct 2023 05:36:57 GMT

GET
H2 200 /
img.buymeacoffee.com/button-api/ 41 KB
29 KB 712ms
650ms Image
image/svg+xml 104.26.11.39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20coffee&emoji=&slug=sandmaxprime&button_colour=FF5F5F&font_colour=ffffff&font_family=Lato&outline_colour=000000&coffee_colour=FFDD00

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.11.39 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ba4984bbff4fd5e91e157d3669ce7177820e6070cf5f6761130def724ced656

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: public
last-modified: Wed, 20 Oct 2021 17:36:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FlgBqC0WL8d1diduQTMIMiLRSMAAb2E%2FY7g4u7u45v9yko4T3YUfZUy5x2HKH1nAlm1YpLYcIWuws8jyyjG0BsG6KBrycCAdNrmnPRZEwILdSSea5knY2K9eEQVKqIyxL3BCIn%2Fh"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a1402e8ac774107-PRG
access-control-allow-headers: Content-Type, Accept, X-Requested-With, remember-me

GET
H2 200 stalkerware-is-somebody-watching-you.png
i1.wp.com/sandmaxprime.co/wp-content/uploads/2021/04/ 7 KB
7 KB 27ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/sandmaxprime.co/wp-content/uploads/2021/04/stalkerware-is-somebody-watching-you.png?resize=80%2C80

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

57ff1c0659234ed6f685295ea8dbec5956f9dbd992517de85415d04bf5b37e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 20 Oct 2021 17:36:57 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Oct 2021 11:17:13 GMT
server: nginx
etag: "2d61790e3ba72811"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://sandmaxprime.co/wp-content/uploads/2021/04/stalkerware-is-somebody-watching-you.png>; rel="canonical"
content-length: 6834
expires: Sun, 15 Oct 2023 23:17:13 GMT

GET
H2 200 completion.png
i2.wp.com/sandmaxprime.co/wp-content/uploads/2021/04/ 5 KB
5 KB 26ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/sandmaxprime.co/wp-content/uploads/2021/04/completion.png?resize=80%2C80

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c7ef82554e6b48c7eb971cc50c063c834d36d262b4c0f9b79d8d07cd58f22407

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Wed, 20 Oct 2021 17:36:57 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Oct 2021 11:17:13 GMT
server: nginx
etag: "e92b83a77797cd82"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://sandmaxprime.co/wp-content/uploads/2021/04/completion.png>; rel="canonical"
content-length: 4904
expires: Sun, 15 Oct 2023 23:17:13 GMT

GET
DATA 200
OK truncated
/ 492 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shareaholic-icons.woff
m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/ 20 KB
20 KB 28ms
9ms Font
font/woff 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c

Request headers

Referer: http://sandmaxprime.co/
Origin: http://sandmaxprime.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
last-modified: Fri, 17 Sep 2021 19:53:43 GMT
server: nginx
x-amz-request-id: DPE6YSYCCCYM7HE2
etag: "0e26e8e2b7a79ff2a9e9fe9ef5382e6d"
x-hw: 1634751417.cds109.fr8.hn,1634751417.cds254.fr8.c
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 20556
x-amz-id-2: Tgm+lNvoNhPhyefY8ZDjPq4K9KPsd74zDc84ccNeptSn89l64PsvVScQZw+kl1dQ+YiWRYVqRuI=

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/9e457a67/www-widgetapi.vflset/ 143 KB
46 KB 8ms
8ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9e457a67/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

sffe /

Resource Hash

007ae39c614f532fd0efffce182882893814be75637bd67a6eaeed98ab364402

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47516
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 00:14:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 20 Oct 2022 17:36:43 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame FE37 4 KB
3 KB 49ms
21ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 20 Oct 2021 17:36:57 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame FE37 0
9 B 7ms
7ms Image
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?uh2mUg
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f14.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0

GET
H2 200 shares.json Show response
api.bufferapp.com/1/links/ 66 B
412 B 588ms
538ms Script
text/javascript 104.16.139.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.bufferapp.com/1/links/shares.json?url=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F&callback=JSONP_1706

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/sharebuttons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.139.31 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e58faa3b2373eb17f95f050ec57b0999f10a7d5b500641039dc6d9799fa5a39a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=43200
cf-ray: 6a1402e9d9d127b4-PRG
etag: W/"42-LGNr5qLhRD+LEZLUe8w6xxvO1UM"
expires: Thu, 21 Oct 2021 05:36:58 GMT

GET
H2 200 dk Show response
connect.ok.ru/ 11 B
2 KB 268ms
99ms Fetch
application/json 217.20.155.208
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.ok.ru/dk?url=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F&tp=json&ref=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F&st.cmd=extLike

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

217.20.155.208 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

ip208.155.odnoklassniki.ru

Software

apache /

Resource Hash

618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c

Security Headers

Name	Value
Content-Security-Policy	default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru .ok.ru odnoklassniki.ru .odnoklassniki.ru mycdn.me http://.mycdn.me https://.mycdn.me wss://ad.mail.ru .mail.ru .imgsmail.ru .mradx.net .serving-sys.com .googleapis.com .gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st .doubleverify.com .adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru .google.ru .google.com .googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' .mail.ru https://.mail.ru .imgsmail.ru .mradx.net ok.ru .ok.ru odnoklassniki.ru .odnoklassniki.ru mycdn.me http://.mycdn.me https://.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st .google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru .googleapis.com .gstatic.com www.google.com www.youtube.com https://www.youtube.com .ytimg.com https://.ytimg.com .doubleverify.com .dvtps.com .doubleclick.net .googletagservices.com .googlesyndication.com .googleadservices.com .goodgame.ru https://.goodgame.ru https://.moatads.com .adlooxtracking.com .adsafeprotected.com .serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru .googletagmanager.com connect.facebook.net .google.ru .google.com .googlesyndication.com; worker-src blob: 'self'; connect-src wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
Strict-Transport-Security	max-age=63072000;includeSubdomains;preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
content-encoding: br
vary: Accept-Encoding
rendered-blocks: WidgetExtLike
content-security-policy-report-only: default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
x-xss-protection: 1; mode=block
pragma: no-cache
server: apache
strict-transport-security: max-age=63072000;includeSubdomains;preload
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-security-policy: default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
x-content-type-options: nosniff
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 84 B
377 B 239ms
158ms Script
application/javascript 23.47.212.208
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F&callback=JSONP_1723

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/sharebuttons.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.212.208 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-47-212-208.deploy.static.akamaitechnologies.com

Software

Resource Hash

9a992a5bbd0b2d00b48a5b5324ac3d215ef13270ee23a653e47cbc2e2ef85d9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
x-cdn: akamai
akamai-grn: 0.3f730617.1634751417.f912d8e
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
x-pinterest-rid: 2231938233142580
content-length: 84
expires: Wed, 20 Oct 2021 17:51:57 GMT

GET
H2 200 button_info.json Show response
www.reddit.com/ 120 B
1 KB 186ms
161ms Fetch
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/button_info.json?url=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.140 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ratelimit-used: 1
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 120
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
x-clacks-overhead: GNU Terry Pratchett
server: snooserv
x-frame-options: SAMEORIGIN
date: Wed, 20 Oct 2021 17:36:58 GMT
x-ratelimit-remaining: 299
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset: 183
accept-ranges: bytes
expires: -1

GET
H2 200 stats Show response
api.tumblr.com/v2/share/ 123 B
379 B 179ms
146ms Fetch
application/json 192.0.77.40
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.tumblr.com/v2/share/stats?url=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

assets.tumblr.com

Software

nginx /

Resource Hash

64dddf845cacd47169d077e716b9d60af6a93e2d798a90c675ba96f4b32c0289

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
p3p: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
access-control-allow-origin: http://sandmaxprime.co
x-rid: 63a388319590d0fde51d907abd071c8a
strict-transport-security: max-age=31536000; preload
accept-ranges: bytes
content-type: application/json; charset=utf-8
content-length: 125

GET
H2 200 share.php Show response
vk.com/ 24 B
482 B 137ms
55ms Script
text/html 87.240.190.67
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://vk.com/share.php?url=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F&act=count&index=5936&callback=JSONP_2859

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/sharebuttons.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.67 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),

Reverse DNS

srv67-190-240-87.vk.com

Software

kittenx / KPHP/7.4.108989

Resource Hash

86ac88d77f7964aa5a3d45b6990b21da36d2b4d671d9df7efcb1b901f7d59772

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: gzip
x-frontend: front224006
server: kittenx
x-powered-by: KPHP/7.4.108989
strict-transport-security: max-age=15768000
content-type: text/html; charset=windows-1251
access-control-expose-headers: X-Frontend
cache-control: no-store
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 44

GET
H2 200 yum-count Show response
www.yummly.com/services/ 11 B
699 B 618ms
558ms Fetch
application/json 104.18.27.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yummly.com/services/yum-count?url=http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F
Requested by: Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/7016fae1/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.27.71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
vary: Accept-Encoding
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 11
server: cloudflare
x-yummly-req-id: 17702675-b5ab-446a-9236-85b66e33f72a
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: http://sandmaxprime.co
cache-control: private
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 6a1402e9ee8cf9e2-PRG
access-control-allow-headers: DNT,User-Agent,Cache-Control,Content-Type,X-Yummly-Auth-Token,Accept,Authorization,If-Match,If-None-Match,If-Modified-Since,If-Unmodified-Since,X-Yummly-App-Id,X-Yummly-App-Key,X-Visitor,X-Yummly-Type,X-Forwarded-For,X-Yummly-Locale,X-Yummly-Domain,X-Yummly-Timeout-Millis

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 6A4C 232 B
431 B 149ms
134ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=3be0bae52fed139bf9a4778c06b451c6b6b06922

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=http%3A%2F%2Fsandmaxprime.co

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:57 GMT
content-encoding: gzip
last-modified: Wed, 20 Oct 2021 17:36:57 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: b081a62cbab4e17a2c9eddf197f756a9673cb5a02bd3ee0167100bd0e72d2279
content-length: 166

GET
H/1.1 200
OK moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js Show response
platform.twitter.com/js/ 25 KB
8 KB 37ms
36ms Script
application/javascript 192.229.233.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: de8383d06a56f08749ed99ad3d43911fe88072a79e9148e2d1dead390f64893f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:31:52 GMT
Server: ECS (frb/67BC)
Age: 74125
Etag: "643f975645cfdfec2ae02aad7fbc9eea+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 8013

GET
H/1.1 200
OK timeline.55167c7072ca7f4363bf18820295ba93.js Show response
platform.twitter.com/js/ 20 KB
7 KB 90ms
53ms Script
application/javascript 192.229.233.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.55167c7072ca7f4363bf18820295ba93.js
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: 888bc5618973079f4a157c8c94b0afe382e7e957306429c5880e032c83fb8e0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:31:52 GMT
Server: ECS (frb/6738)
Age: 74125
Etag: "9539ec9d4bc5c1e5b1953004a6456c51+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 6441

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 31 KB
5 KB 414ms
239ms Script
application/javascript 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_sandmaxprime_old&dnt=false&domain=sandmaxprime.co&lang=en&screen_name=sandmaxprime&suppress_response_codes=true&t=1816390&tweet_limit=4&tz=GMT%2B0000&with_replies=false

Requested by

Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

02d62e03769ed65f828d145e08b7e0a68c8360363ca86caf15f8fdcabcc5331b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: attachment; filename=jsonp.jsonp
access-control-allow-methods: GET
content-length: 4579
x-xss-protection: 0
access-contol-allow-origin: platform.twitter.com
last-modified: Wed, 20 Oct 2021 17:36:58 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=300
x-connection-hash: a3795e90feae72bfa069bef905e44da18046853f9bdcac2f9c63d797d5903f92
timing-allow-origin: *
x-transaction: 42d94844ca129524
expires: Wed, 20 Oct 2021 17:41:58 GMT

GET
H2 200 1_Sc3cNRi4k__F5irsKhCGzg.png
i1.wp.com/sandmaxprime.co/wp-content/uploads/2021/04/ 56 KB
57 KB 43ms
43ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/sandmaxprime.co/wp-content/uploads/2021/04/1_Sc3cNRi4k__F5irsKhCGzg.png?w=602

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

de9b12d4ed4e8a27dbe385a1c9b16a870dcb47d3216c23f41a64d523d9bb557c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: MISS hhn 1
date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
last-modified: Wed, 20 Oct 2021 17:36:58 GMT
server: nginx
etag: "a229e627e0034d6c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://sandmaxprime.co/wp-content/uploads/2021/04/1_Sc3cNRi4k__F5irsKhCGzg.png>; rel="canonical"
content-length: 57740
expires: Sat, 21 Oct 2023 05:36:58 GMT

GET
H/1.1 404
Not Found 1f3f3-fe0f-200d-1f308.png
abs.twimg.com/emoji/v2/72x72/ Frame 6C8F 345 B
345 B 57ms
31ms Image
text/html 152.199.21.141
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://abs.twimg.com/emoji/v2/72x72/1f3f3-fe0f-200d-1f308.png
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 152.199.21.141 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F23) /
Resource Hash: 17b3914195ad4aae3f4486a351fe9172aada062dad7fcc78bca5894221a6c019

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:58 GMT
Server: ECAcc (frc/8F23)
Content-Length: 345
Content-Type: text/html

GET
H/1.1 404
Not Found 1f984.png
abs.twimg.com/emoji/v2/72x72/ Frame 6C8F 345 B
345 B 57ms
31ms Image
text/html 152.199.21.141
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://abs.twimg.com/emoji/v2/72x72/1f984.png
Requested by: Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/
Protocol: HTTP/1.1
Server: 152.199.21.141 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8E8D) /
Resource Hash: 17b3914195ad4aae3f4486a351fe9172aada062dad7fcc78bca5894221a6c019

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:58 GMT
Server: ECAcc (frc/8E8D)
Content-Length: 345
Content-Type: text/html

GET
H2 200 1f1ee-1f1f3.png
abs.twimg.com/emoji/v2/72x72/ Frame 6C8F 408 B
797 B 85ms
12ms Image
image/png 152.199.21.141
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1ee-1f1f3.png

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.21.141 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F0B) /

Resource Hash

98be4bbbc1d4628a20c0672ab637aadb2b6e0b229298ed7d7728d397ac2926f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 12634556
x-ton-expected-size: 408
x-cache: HIT
content-length: 408
x-response-time: 15
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:26 GMT
server: ECAcc (frc/8F0B)
etag: "VvmoWH7Z+6oLEu/WjKR+EQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 49e7ab45ad2771bbeb627e0c98d7ca83a834a29686c6c975a2ee10db15ca0971
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Thu, 20 Oct 2022 17:36:58 GMT

GET
H2 200 jnc8234f
pbs.twimg.com/card_img/1450862540624437251/ Frame 6C8F 5 KB
5 KB 30ms
30ms Image
image/jpeg 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1450862540624437251/jnc8234f?format=jpg&name=280x280

Requested by

Host: sandmaxprime.co
URL: http://sandmaxprime.co/malware-analysis-adwind-jrat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6763) /

Resource Hash

21b13319b24c32dc80138ed99b3074d2cde9c70815c158e3f19caac2fd675423

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 3139
x-cache: HIT
content-length: 5278
surrogate-key: card_img card_img/bucket/3 card_img/1450862540624437251
last-modified: Wed, 20 Oct 2021 16:30:40 GMT
server: ECS (frb/6763)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: fa7b694f2d84c95d68a83fd50cbceac1f01c619166fb7876f01d3357ac11b0f9
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
platform.twitter.com/css/ Frame 6C8F 53 KB
12 KB 28ms
28ms Stylesheet
text/css 192.229.233.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: 8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:31:49 GMT
Server: ECS (frb/6796)
Age: 74125
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
H/1.1 200
OK timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 31ms
30ms Image
text/css 192.229.233.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 17:36:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:31:49 GMT
Server: ECS (frb/6796)
Age: 74125
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
H2 200 jnc8234f
pbs.twimg.com/card_img/1450862540624437251/ Frame 6C8F 5 KB
5 KB 23ms
22ms Image
image/jpeg 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1450862540624437251/jnc8234f?format=jpg&name=280x280

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6763) /

Resource Hash

21b13319b24c32dc80138ed99b3074d2cde9c70815c158e3f19caac2fd675423

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 3139
x-cache: HIT
content-length: 5278
surrogate-key: card_img card_img/bucket/3 card_img/1450862540624437251
last-modified: Wed, 20 Oct 2021 16:30:40 GMT
server: ECS (frb/6763)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: fa7b694f2d84c95d68a83fd50cbceac1f01c619166fb7876f01d3357ac11b0f9
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 SePyZH5T_normal.jpg
pbs.twimg.com/profile_images/1275155568680984576/ Frame 6C8F 2 KB
2 KB 22ms
21ms Image
image/jpeg 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1275155568680984576/SePyZH5T_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/674D) /

Resource Hash

f1af42512d160e69fd05a5dfcf0713ce9d2a4e43358f015e28d502e0449504b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 162191
x-cache: HIT
content-length: 2187
surrogate-key: profile_images profile_images/bucket/0 profile_images/1275155568680984576
last-modified: Mon, 22 Jun 2020 19:53:53 GMT
server: ECS (frb/674D)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a345d474604b249c628b90458b1e95a0b80a49b290dc1c4f69178b3755b98abc
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 wCpStQxb_normal.jpg
pbs.twimg.com/profile_images/783312285301411841/ Frame 6C8F 2 KB
2 KB 22ms
22ms Image
image/jpeg 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/783312285301411841/wCpStQxb_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67BA) /

Resource Hash

64df3af682af2ee3cb0075b56e8e342e02162dae84a30009ae0769b3571a5aa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 538232
x-cache: HIT
content-length: 2035
surrogate-key: profile_images profile_images/bucket/4 profile_images/783312285301411841
last-modified: Tue, 04 Oct 2016 14:24:16 GMT
server: ECS (frb/67BA)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2be846a9ff921d0709a4467cd02fa3f9c2daa0f37eb3762480d7422cbaeb4fe5
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 FRsazOy0_normal.jpg
pbs.twimg.com/profile_images/1445378780411752461/ Frame 6C8F 2 KB
2 KB 23ms
22ms Image
image/jpeg 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1445378780411752461/FRsazOy0_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67C1) /

Resource Hash

f9507db6f345c7e6458e3591f6602b0e988e0a8e71c3997f3ef004e753b5dd71

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 100993
x-cache: HIT
content-length: 1959
surrogate-key: profile_images profile_images/bucket/4 profile_images/1445378780411752461
last-modified: Tue, 05 Oct 2021 13:20:09 GMT
server: ECS (frb/67C1)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7eaec874a2ef91b5975adf6f2eeedf7216b6c952a247ccf69fdd351ce11450f2
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 IIHS-deS_normal.png
pbs.twimg.com/profile_images/590970599977037824/ Frame 6C8F 3 KB
3 KB 23ms
22ms Image
image/png 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/590970599977037824/IIHS-deS_normal.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6795) /

Resource Hash

56ac3bbe25961fc1858de6350c363a8a3d5c16eef905cdfacb0f9a59de707782

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 483220
x-cache: HIT
content-length: 2643
surrogate-key: profile_images profile_images/bucket/6 profile_images/590970599977037824
last-modified: Wed, 22 Apr 2015 20:07:05 GMT
server: ECS (frb/6795)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b0dcc4b15f66ad682511af260fc15f8ca8ea1a0fbed097aca20ceac22c2f77b3
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 FB-mfudVEAE8BZh
pbs.twimg.com/media/ Frame 6C8F 17 KB
17 KB 23ms
23ms Image
image/jpeg 192.229.233.50
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FB-mfudVEAE8BZh?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.50 Los Angeles, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6752) /

Resource Hash

3f9d2fffd4b4d1c9d5cbe1410546f026629fa293aa0c4e9500924e5131360347

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
x-content-type-options: nosniff
age: 11439
x-cache: HIT
content-length: 17404
surrogate-key: media media/bucket/7 media/1450060669013790721
last-modified: Mon, 18 Oct 2021 11:24:18 GMT
server: ECS (frb/6752)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 817c8ccdcd96b8c47349693c32746ece15d6377b74aa67ed10519255965bc80d
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
DATA 200
OK truncated
/ Frame 6C8F 512 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 6C8F 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 6C8F 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 6C8F 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 6C8F 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 6C8F 607 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
374 B 159ms
159ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fsandmaxprime.co%2Fmalware-analysis-adwind-jrat%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_site_screen_name%22%3A%22sandmaxprime%22%2C%22widget_creator_screen_name%22%3A%22sandmaxprime%22%2C%22widget_data_source%22%3A%22profile%3Asandmaxprime%22%2C%22query%22%3Anull%2C%22profile_id%22%3Anull%2C%22item_ids%22%3A%5B%221450770733274075145%22%2C%221450061170392535040%22%2C%221450862629547872259%22%2C%221450824432256122881%22%5D%2C%22item_details%22%3A%7B%221450770733274075145%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221450868143413514245%22%7D%2C%221450061170392535040%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221450867890484400134%22%7D%2C%221450862629547872259%22%3A%7B%22item_type%22%3A0%7D%2C%221450824432256122881%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1634751418865%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22f001879%3A1634581029404%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22component%22%3A%22timeline%22%2C%22element%22%3A%22initial%22%2C%22action%22%3A%22results%22%7D%7D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://sandmaxprime.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 20 Oct 2021 17:36:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b081a62cbab4e17a2c9eddf197f756a9673cb5a02bd3ee0167100bd0e72d2279
x-transaction: 54c62c23c92d1088
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame FE37 28 B
50 B 25ms
25ms XHR
application/json 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9e457a67/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/4ZGTisHPFic?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=0&fs=1&playsinline=1&controls=1&color=red&cc_lang_pref=&rel=1&autohide=2&theme=dark&
X-YouTube-Client-Version: 1.20211017.0.0
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtPM3VVWmpRdzBuNCi4p8GLBg%3D%3D
X-YouTube-Ad-Signals: dt=1634751417397&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1322%2C744&vis=1&wgl=true&ca_type=image&bid=ANyPxKocCk-9gYdaG32i6c5S10MrXV3Qtvb7X71AxLvRCMuVbkytwVA3CaD7kUx1ZgJ2mLCrD2E5I9nMR0rF7ukMrhceQ0MxYA

Response headers

date: Wed, 20 Oct 2021 17:36:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: aap-_EZSDwc
.youtube.com/	1970-01-20 02:25:03	Name: VISITOR_INFO1_LIVE Value: O3uUZjQw0n4
.doubleclick.net/	1970-01-20 15:37:03	Name: IDE Value: AHWqTUlTNCZJFngevtG9y611AyShK5G55KAwAZWUUbbZbcuocrQgH-pKGIJI0nro
.vk.com/	1970-01-20 06:42:50	Name: remixlang Value: 6

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://abs.twimg.com/emoji/v2/72x72/1f3f3-fe0f-200d-1f308.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://abs.twimg.com/emoji/v2/72x72/1f984.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs.twimg.com
analytics.shareaholic.com
api.bufferapp.com
api.pinterest.com
api.tumblr.com
cdn.shareaholic.net
cdn.syndication.twimg.com
connect.ok.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
i1.wp.com
i2.wp.com
img.buymeacoffee.com
m9m6e2w5.stackpathcdn.com
partner.shareaholic.com
pbs.twimg.com
pixel.wp.com
platform.twitter.com
sandmaxprime.co
secure.gravatar.com
static.doubleclick.net
stats.wp.com
syndication.twitter.com
vk.com
www.google.com
www.gstatic.com
www.reddit.com
www.shareaholic.net
www.youtube.com
www.yummly.com
yt3.ggpht.com
104.16.139.31
104.18.27.71
104.244.42.8
104.26.11.39
107.20.147.136
142.250.184.198
142.250.184.214
142.250.185.100
142.250.185.163
142.250.185.65
142.250.185.78
142.250.186.163
142.250.186.66
142.250.186.74
151.101.193.140
151.139.128.11
152.199.21.141
184.73.100.94
192.0.73.2
192.0.76.3
192.0.77.2
192.0.77.40
192.229.233.25
192.229.233.50
209.99.16.15
217.20.155.208
23.47.212.208
34.204.113.242
87.240.190.67
007ae39c614f532fd0efffce182882893814be75637bd67a6eaeed98ab364402
00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d
02007cb9ea5401983a0a4a34d08c1a57c75484d0852194291e124c94b848d474
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02c2b68deb54eaf261bdebc9cecbb6178c6f105d29bc60212eeb4200e8f97df1
02d62e03769ed65f828d145e08b7e0a68c8360363ca86caf15f8fdcabcc5331b
0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531
05890acda3ebac27f3b1865819469ec25d80cd632bb1033ea8f7148973503d8f
059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2
091a99c6211f82d9bec2257eb12f5b9c510cf0d8ea75372c58eeaa37d46b0463
0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03
0d5e186bcc5ebc1ce5f3677a2f088c8588fd7557ca50136b40300fb442727702
0e9fad3a78c0674d5d8595b5ed58c2a33d33f4fc72fb1c18ae3e9244aa913c19
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
149520c6b59fd1024fb70d581f77d4d56f61213e4e4a38f248fcbe7c408437f1
17b3914195ad4aae3f4486a351fe9172aada062dad7fcc78bca5894221a6c019
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1ba4984bbff4fd5e91e157d3669ce7177820e6070cf5f6761130def724ced656
21b13319b24c32dc80138ed99b3074d2cde9c70815c158e3f19caac2fd675423
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c
265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e
26b67e7ce334b7504ce575df220ff54b2915677d1dbcb0a468117f7164a7a9c6
272d71624a8d4634901f0260580882a059268ff037cc12302b283a9710756c2a
291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc
291dac5916509afa7af72579a5c65771da77ab6c48e05b859c511139dca27d30
29b93a0c7ce944834a9841b7ed98b20f1c19e871ff4f3361db76a026f46d6a06
2a8c2e0fd09605162cb7823dfa4ef28779072b2c3f5b6fbc23be0d47f518d9d2
2ce9873a802fd282709b6041f6ca3a951cbc4c1461b72359cbf2616068ce22b1
32786d444e9857efb3f20c41c2b06bb1c814b0ccf3de31d83bec30c8b3fa96d3
35501bfd5f2a8d2d8fb04695bc80793b9aa7160ded872a9f89cc094b140f8702
3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f9d2fffd4b4d1c9d5cbe1410546f026629fa293aa0c4e9500924e5131360347
4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461
4b0e2c1c8e6d92b9083cd952cea6a065485827df78fae548752352da136c3540
4bc4b508bb0ccc41052f6a18eb23441543da2d209c152f62577e954367b4d62d
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
5086b34a1e9d368fcf3c5ef99cddc58a9ca924649f90bccde0ac0a20f327f9bf
51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989
529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794
52ecae51c3253b95eaa405d324857a87d4025c847a4b5d88155d98d0cc45f018
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
56ac3bbe25961fc1858de6350c363a8a3d5c16eef905cdfacb0f9a59de707782
5758d1ad3c6f35962da2c4d2e162cf59ef64dc0954c54171eaa73babbb2af9e2
57ff1c0659234ed6f685295ea8dbec5956f9dbd992517de85415d04bf5b37e8f
598838ea58a769e0547a8abf84953df1420f2efff65c546c0f189c8f5442ade3
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c
62ff09a8013f9dfc0f7cbefc6feb180c258818e151aff470902f29ef44342f0d
64dddf845cacd47169d077e716b9d60af6a93e2d798a90c675ba96f4b32c0289
64df3af682af2ee3cb0075b56e8e342e02162dae84a30009ae0769b3571a5aa5
662d1c6d95e756bcf34dd1d42e596ab85b541d1ce3cab70d9964ac3f6090bb7a
672e29b030b9b17c9cc70beb24af4c41eaf8ce9a0491c655ab9a1c88ab287021
679901193bec155d1919e74ea8191861eebf56293c9283a1081490ecedef0f57
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
69d66fbe4d45c714b473395005d335b051f8f6ac039e8f292374a8210138e0f0
6be7095fc7b4ccf33a454343009429cda6343ba3c32bb05f1c33a0f242ee2888
6c76cae4aabc1d4236da2fecf8fcae818a2cf95406446774ccf9db5ca14d4b59
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6f005368978df37b680de2dc8a22007a600378ba5568a573432a3fdeb8bdb674
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
75e2b001534fd5059f8201995e26564a6c24ccd5a0dd0e31c7df91a09082338f
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
802bccf54651cb427028d0d739c62658483c4839acb86e9720e04fc31f5c65ee
80acad322ff6c23eac449f481573dd13c508975ef73dfedadc03ae3d9b282b1c
82792dd2bb6b493c2aa5000dcbb067b18f06121d03f454e16a188a3e6e67276c
86ac88d77f7964aa5a3d45b6990b21da36d2b4d671d9df7efcb1b901f7d59772
88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda
88824165f3a7f1193288964a393f163d9c2b7b4888514455a80bd83b0e057eaf
888bc5618973079f4a157c8c94b0afe382e7e957306429c5880e032c83fb8e0c
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
8daaa4ed16297478af007774febefe6ca3674fda47ed73e913b1b583d34883fb
8dbe8457cc41e254cb7fcd4dfa77c52c16413c18f35a370b77c5f07b4895562a
8f0bb15c22229a9894ac383d8e8ef23dbe9a1e4dc3aa583748ebad0e19e132b3
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
943447536924ef690ecbfcd8b5651fdcb2002a6d6d397d8adb5b916226179427
97363b6ced0c1ca6d76ebcc6782512959cc8c5d6c8f40cb4976b4179bb685e53
98be4bbbc1d4628a20c0672ab637aadb2b6e0b229298ed7d7728d397ac2926f5
9a992a5bbd0b2d00b48a5b5324ac3d215ef13270ee23a653e47cbc2e2ef85d9d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4bdc08d0d0a32154561d927887eba42cc1489e59118a0ce53e5f893f349bb70
a4f367d720fec23438ef17e4a32c05129ed2e6dd5163167c9dd0787ea1f62de5
a728f23ae512668f87d868b76ec44f5117c840fc4ac3809fa66ecf2ccb54d97e
a94e60203c4a1d8371c22e4410baf6dbec30875599730d8ca8a22adaf23518d0
a9ba37a2b168f68908a32994924b4f5a07a0c71590a091f5b7e1b7b32314222a
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b17a1dde76cbfa8f7e19a7121ecde1ad3d2cc9fca6bbd795042d3f484b53d2a3
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b4cc77ce94dd90437fec9ae62d4a49ac58d05e8bf1a2322d4607b15ffca04ba9
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7ef82554e6b48c7eb971cc50c063c834d36d262b4c0f9b79d8d07cd58f22407
ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
ddda47b049ec774960fe39b5c0fca40c15abf80158daec17c8e29146d1d1c31e
de54d20ec67beddd1b5050d80ea032494652596617c6d31f297028a7efdab7bc
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
de8383d06a56f08749ed99ad3d43911fe88072a79e9148e2d1dead390f64893f
de9b12d4ed4e8a27dbe385a1c9b16a870dcb47d3216c23f41a64d523d9bb557c
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e24928d7d73d973842a21a3f630f4b4ef2eb8c139130820ca0f6f7c2d7a15245
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58faa3b2373eb17f95f050ec57b0999f10a7d5b500641039dc6d9799fa5a39a
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
ecb89d058ca496af33ddfc42a62595b7b75f82fac07f63e1f697978ad794aa93
eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02ff988977ab4955a29ea2886ec9e24917e7b21e04e3712759ef2d3c6417210
f1af42512d160e69fd05a5dfcf0713ce9d2a4e43358f015e28d502e0449504b1
f293486948d4cba26c6b835bdd574b4085e62da749b86019f5f6fab3535b0e39
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f9507db6f345c7e6458e3591f6602b0e988e0a8e71c3997f3ef004e753b5dd71
f9afa7a2739e8a58cf2ace84b26ede1b2a162dada8620777e431698087536ddd

sandmaxprime.co Open in urlscan Pro 209.99.16.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

119 Requests

50 %HTTPS

0 %IPv6

23 Domains

33 Subdomains

31 IPs

2 Countries

2827 kBTransfer

6403 kBSize

4 Cookies

15 Outgoing links

Redirected requests

119 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sandmaxprime.co Open in urlscan Pro
209.99.16.15 Public Scan

Screenshot
Live screenshot

Full Image

119
Requests

50 %
HTTPS

0 %
IPv6

23
Domains

33
Subdomains

31
IPs

2
Countries

2827 kB
Transfer

6403 kB
Size

4
Cookies

119 HTTP transactions
11 data transactions