www.rewterz.com Open in urlscan Pro
198.199.112.140  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80

• https://region1.analytics.google.com/g/collect?v=2&tid=G-2H1K10XHV5&gtm=45je46j0v889293908za200&_p=1719302190351&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1270737913.1719302192&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1719302191&sct=1&seg=0&dl=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&dt=Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20-%20Rewterz&en=page_view&_fv=2&_ss=1&_c=1&tfd=23607&_z=fetch HTTP 302
• https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1270737913.1719302192&dbk=14776856315434563347&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&tid=G-2H1K10XHV5&dl=https%3A%2F%2Fwww.rewterz.com%3F

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Show response www.rewterz.com/threat-advisory/	240 KB 37 KB	22248ms 21927ms	Document text/html	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 16a2f11c2d7dce219241ee460265a080270117370d983ab9d8846eeba3008174 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 37128 Content-Type text/html; charset=UTF-8 Date Tue, 25 Jun 2024 07:56:08 GMT Keep-Alive timeout=5, max=100 Link <https://www.rewterz.com/wp-json/>; rel="https://api.w.org/" <https://www.rewterz.com/wp-json/wp/v2/posts/33441>; rel="alternate"; type="application/json" <https://www.rewterz.com/?p=33441>; rel=shortlink Server Apache Vary Accept-Encoding
GET H2	200	js Show response www.googletagmanager.com/gtag/	209 KB 75 KB	70ms 40ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-2844962-1 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 0b04bdf3dc6e6a04a47c697c03a2603271d187f3cc939173c251b78cff999a4c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:30 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 76839 x-xss-protection 0 last-modified Tue, 25 Jun 2024 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 25 Jun 2024 07:56:30 GMT
GET H/1.1	200 OK	style.min.css www.rewterz.com/wp-includes/css/dist/block-library/	111 KB 15 KB	411ms 258ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Wed, 03 Apr 2024 02:17:47 GMT Server Apache ETag "1bae5-61527d4217ed7-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 14991
GET H/1.1	200 OK	general.min.css www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/	38 KB 7 KB	480ms 165ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/general.min.css?ver=3.4.6 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 144ee8fd3d8997d932fe2b5497979e7cde8fda86b41b0c6e32e47faa8e1157e7 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Mon, 15 Apr 2024 08:18:41 GMT Server Apache ETag "96c7-6161e44ebd013-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6453
GET H/1.1	200 OK	style.min.css www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/	18 KB 4 KB	481ms 159ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/style.min.css?ver=3.4.6 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 36b74f0c72674951730e13d210bf20cbab196d2b93b00871195e03116dffc9d8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Mon, 15 Apr 2024 08:18:41 GMT Server Apache ETag "4985-6161e44ebd013-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4087
GET H/1.1	200 OK	be.css www.rewterz.com/wp-content/themes/betheme/css/	467 KB 78 KB	741ms 418ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/css/be.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 87a7e0925a64f451f9c972b340b3f8949f5f7d48c321998260f0d3ed2a684b29 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "74b2d-6196eb0a205b1-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	animations.min.css www.rewterz.com/wp-content/themes/betheme/assets/animations/	58 KB 6 KB	534ms 176ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/animations/animations.min.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 622a07604bb0030ba7094f0f1dcb5d1e9080164fd6ba4071a73452802378b55b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "e83d-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5588
GET H/1.1	200 OK	fontawesome.css www.rewterz.com/wp-content/themes/betheme/fonts/fontawesome/	59 KB 13 KB	575ms 163ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/fonts/fontawesome/fontawesome.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 6a8f55d140604ca7fed7724ee5d45c06d445673636211543d30959c317a98a4b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "ed1d-6196eb0a43837-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 12852
GET H/1.1	200 OK	jplayer.blue.monday.min.css www.rewterz.com/wp-content/themes/betheme/assets/jplayer/css/	9 KB 2 KB	644ms 163ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.min.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 10f8e5f272c9ae8c8271ab51d7310aaf9c9bed694104dbe6ff10d99849d19ab8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "25ef-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2056
GET H/1.1	200 OK	responsive.css www.rewterz.com/wp-content/themes/betheme/css/	67 KB 12 KB	646ms 164ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/css/responsive.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 910348154b70d3e7c29d12550136c24ef013edb5838f12f6525400b939c04b87 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "10b52-6196eb0a205b1-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 12363
GET H2	200	css fonts.googleapis.com/	14 KB 1 KB	47ms 17ms	Stylesheet text/css	2a00:1450:4001:803::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2ac498757970d47e51cf8f3b5f884190997c2588f30fe0f6c550b1afce8470f4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Tue, 25 Jun 2024 07:56:30 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 25 Jun 2024 07:56:30 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 25 Jun 2024 07:56:30 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 579 B	63ms 34ms	Stylesheet text/css	2a00:1450:4001:803::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Barlow%3A400%2C700&display=swap&ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 71814105001732d3edb373504d80dee3c6d155d3feb52deb297d886452ed9c5c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Tue, 25 Jun 2024 07:56:30 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 25 Jun 2024 07:52:54 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 25 Jun 2024 07:56:30 GMT
GET BLOB	200 OK	ff62df87-1daf-4608-839c-df1884ffb977 https://www.rewterz.com/	1 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.rewterz.com/ff62df87-1daf-4608-839c-df1884ffb977 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Length 1185 Content-Type text/javascript
GET H2	200	js Show response www.googletagmanager.com/gtag/	301 KB 102 KB	42ms 40ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-2H1K10XHV5&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-2844962-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2c320c4cc10fcffc8324b397c63d8901506025834b0d56bba6e2feda3f8d7bc9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 104358 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 25 Jun 2024 07:56:31 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	34ms 7ms	Script text/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-2844962-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 25 Jun 2024 06:29:07 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 5244 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Tue, 25 Jun 2024 08:29:07 GMT
GET H/1.1	200 OK	jquery.min.js Show response www.rewterz.com/wp-includes/js/jquery/	86 KB 30 KB	748ms 396ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Wed, 08 Nov 2023 02:17:40 GMT Server Apache ETag "15601-6099ab10f7ffe-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 30368
GET H/1.1	200 OK	jquery-migrate.min.js Show response www.rewterz.com/wp-includes/js/jquery/	13 KB 5 KB	541ms 161ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:30 GMT Content-Encoding gzip Last-Modified Wed, 09 Aug 2023 02:17:44 GMT Server Apache ETag "3509-6027415c207df-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 4872
GET H/1.1	200 OK	logo_SVG-01.svg www.rewterz.com/wp-content/uploads/2022/11/	698 B 970 B	158ms 158ms	Image image/svg+xml	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2022/11/logo_SVG-01.svg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69840f2a0ed40b27bc7e919cc3c2c68be1dc3e1343c60bd21a4741af9abb8011 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Tue, 01 Nov 2022 09:38:43 GMT Server Apache ETag "2ba-5ec657d6fc196" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 698
GET H/1.1	200 OK	xdrLogo.png www.rewterz.com/wp-content/uploads/2023/01/	22 KB 22 KB	580ms 158ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/xdrLogo.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash d7eb51bb7aabba4a0d85a021d286e20bc61936489cb99799df6fcb9cca869222 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Thu, 05 Jan 2023 09:23:34 GMT Server Apache ETag "5671-5f180daefe39c" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 22129
GET H/1.1	200 OK	center_new.png www.rewterz.com/wp-content/uploads/2023/01/	139 KB 139 KB	168ms 167ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/center_new.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69669e774c4670c09ac0ece7710be2e33fedcb9d09b3a1c8d0eee21ec34a0818 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Fri, 06 Jan 2023 12:13:11 GMT Server Apache ETag "22b14-5f1975757bf86" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 142100
GET H/1.1	200 OK	studio_01_Mascot_New.png www.rewterz.com/wp-content/uploads/2023/03/	747 KB 747 KB	164ms 164ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/studio_01_Mascot_New.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 0d73eb7b3d25c799af7030f4a09d2f3e72a34363c2138394ba64ab1949e0715c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Tue, 07 Mar 2023 11:04:37 GMT Server Apache ETag "baaf9-5f64d60a1ddb8" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 764665
GET H/1.1	200 OK	News.jpg www.rewterz.com/wp-content/uploads/2023/01/	39 KB 39 KB	200ms 200ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash eeeb610a66540dad1c431b5b5c26bbf158e4bced839b8dff70c19da14c13854d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache ETag "9a04-5f1711067d368" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 39428
GET H/1.1	200 OK	16.jpg www.rewterz.com/wp-content/uploads/2023/01/	564 KB 564 KB	813ms 813ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/16.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 012e41bd55f857e7c536648c35aec07874e675ce185f8cbeec60321033216ff3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 10:09:41 GMT Server Apache ETag "8cee8-5f145264d5423" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 577256
GET H/1.1	200 OK	pdf-file-1.png www.rewterz.com/wp-content/uploads/2023/01/	2 KB 2 KB	163ms 162ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/pdf-file-1.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 5bfe5d69340acac94e1b747712544d0159bee54813320aabe93d515627fa491f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 10:28:27 GMT Server Apache ETag "842-5f145696c5f02" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 2114
GET H/1.1	200 OK	play_btn_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 20 KB	334ms 334ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash dd13bf8404f7b89c916472f108c02bc5ff01c4e2b0a7b69e25fc6866167b7f2a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:48:02 GMT Server Apache ETag "4e60-5f1483333c4e4" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 20064
GET H/1.1	200 OK	play_btn_hover_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 20 KB	587ms 587ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_hover_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 33b724f0a45fe4e11d070c9b03014746021873af3f8c59e00219d41a63d93158 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:48:03 GMT Server Apache ETag "4f1d-5f148333f4e19" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 20253
GET H/1.1	200 OK	leadership.png www.rewterz.com/wp-content/uploads/2023/01/	50 KB 50 KB	707ms 707ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/leadership.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ea89b577a7f8970538905ed7405dd6bf3c37ff5a36e311cecb9442efd7c75ad8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:20:21 GMT Server Apache ETag "c8cd-5f147d02fc1d4" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=90 Content-Length 51405
GET H/1.1	200 OK	help.png www.rewterz.com/wp-content/uploads/2023/01/	26 KB 26 KB	406ms 406ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/help.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash a27e221b35f35950178fbc5afe974015a5f485b5ae91ca8ffe5847e768a3c1ee Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:24:37 GMT Server Apache ETag "689c-5f147df77eabf" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 26780
GET H/1.1	200 OK	News-167x146.jpg www.rewterz.com/wp-content/uploads/2023/01/	2 KB 2 KB	530ms 530ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News-167x146.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash fb1638da998fdcaf1b3ad55c3e07fa85a4dd668c6d52b1e38423ef35edc7dd7c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache ETag "868-5f171106d9033" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 2152
GET H/1.1	200 OK	logo_SVG-01-svg.svg www.rewterz.com/wp-content/uploads/2023/03/	702 B 974 B	399ms 399ms	Image image/svg+xml	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/logo_SVG-01-svg.svg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 253aac5658624549e30b156b64476a924aca040cb36538cfdf46dcdac5579923 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:34 GMT Last-Modified Fri, 10 Mar 2023 23:23:22 GMT Server Apache ETag "2be-5f6940c18b4bb" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 702
GET H3	200	widget.js Show response widget.clutch.co/static/js/	17 KB 7 KB	57ms 38ms	Script text/javascript	104.18.68.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://widget.clutch.co/static/js/widget.js Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.68.32 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 994da3408a56728cd11a29c1f7fd9d3b7d41d5e94eb6dcc98a585c6832f7435c Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:31 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 07 Mar 2024 08:44:04 GMT server cloudflare strict-transport-security max-age=2592000 age 4938562 vary Accept-Encoding content-type text/javascript; charset=utf-8 cache-control max-age=2592000000000000 cf-ray 899366c98aaf36dd-FRA alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	divider-2.css www.rewterz.com/wp-content/themes/betheme/css/elements/	138 KB 49 KB	862ms 861ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/css/elements/divider-2.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash d96ae3f9718f46225174532e9c446f4a1979b2bda1d7822fb92ee7a18cb6d5ef Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "2269b-6196eb0a205b1-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 49658
GET H/1.1	200 OK	post-15053.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1012 B	166ms 165ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15053.css?ver=1719302182 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash f12c0ebc91ff90bd7d8b20d0c724e0fb32021a933a6b0ff9ca656213172f89c1 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Fri, 10 Mar 2023 22:20:41 GMT Server Apache ETag "d7f-5f6932bf94a8e-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 693
GET H/1.1	200 OK	post-14912.css www.rewterz.com/wp-content/uploads/betheme/css/	9 KB 1 KB	164ms 162ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-14912.css?ver=1719302182 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 4e8a9350b17a5c92c5c33ae67cfbc575c50bb24e063ae6c67de39f434e268504 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 12:33:32 GMT Server Apache ETag "258b-5f197a028f6f5-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 947
GET H/1.1	200 OK	post-15034.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 810 B	163ms 161ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15034.css?ver=1719302184 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 2ac04cbc489f6c69a5bed5993816ca5a983e6c10dd14cab2092596964f74beeb Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Mon, 13 Mar 2023 16:52:33 GMT Server Apache ETag "a8c-5f6caeffd50ef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 491
GET H/1.1	200 OK	post-15056.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1020 B	159ms 159ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15056.css?ver=1719302184 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 7d271fad56254d6d2b53764d13141e2e7e6027a58bac4022d0517e5c62c52e22 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Fri, 03 May 2024 09:10:36 GMT Server Apache ETag "bcc-6178917c39fe4-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 701
GET H/1.1	200 OK	post-15053.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1012 B	197ms 197ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15053.css?ver=1719302185 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash f12c0ebc91ff90bd7d8b20d0c724e0fb32021a933a6b0ff9ca656213172f89c1 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Fri, 10 Mar 2023 22:20:41 GMT Server Apache ETag "d7f-5f6932bf94a8e-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 693
GET H/1.1	200 OK	post-14912.css www.rewterz.com/wp-content/uploads/betheme/css/	9 KB 1 KB	171ms 170ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-14912.css?ver=1719302185 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 4e8a9350b17a5c92c5c33ae67cfbc575c50bb24e063ae6c67de39f434e268504 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 12:33:32 GMT Server Apache ETag "258b-5f197a028f6f5-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 947
GET H/1.1	200 OK	post-15034.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 810 B	163ms 163ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15034.css?ver=1719302186 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 2ac04cbc489f6c69a5bed5993816ca5a983e6c10dd14cab2092596964f74beeb Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 13 Mar 2023 16:52:33 GMT Server Apache ETag "a8c-5f6caeffd50ef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 491
GET H/1.1	200 OK	post-15056.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1020 B	165ms 164ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15056.css?ver=1719302186 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 7d271fad56254d6d2b53764d13141e2e7e6027a58bac4022d0517e5c62c52e22 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Fri, 03 May 2024 09:10:36 GMT Server Apache ETag "bcc-6178917c39fe4-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 701
GET H/1.1	200 OK	post-33441.css www.rewterz.com/wp-content/uploads/betheme/css/	269 B 470 B	163ms 163ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-33441.css?ver=1719302187 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash da1d49283cabce89750e4a32587b994f05e347bc463c96b9c2eed9d4e828007c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 24 Jun 2024 05:02:34 GMT Server Apache ETag "10d-61b9bb07a3c8c-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 151
GET H/1.1	200 OK	rs6.css www.rewterz.com/wp-content/plugins/revslider/public/assets/css/	57 KB 12 KB	161ms 160ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 95f59f9a4a19697496edc01bb55011ea4056f90625cc816a7f18256f056a6258 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Tue, 01 Nov 2022 08:24:40 GMT Server Apache ETag "e394-5ec647490eac1-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 12467
GET H2	200	6553015.js Show response js.hs-scripts.com/	2 KB 1 KB	58ms 34ms	Script application/javascript	2606:4700::6810:8cd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f82f870095710cf99315268f8d1cfd84df2c3bd01884fb08c310ba2cf0fa886f Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:31 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT x-hubspot-correlation-id b9a00ea3-8457-4213-9f0b-25e65135532b x-evy-trace-route-service-name envoyset-translator cf-polished origSize=2007 age 11 x-envoy-upstream-service-time 5 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b9a00ea3-8457-4213-9f0b-25e65135532b cf-bgj minify last-modified Tue, 25 Jun 2024 07:56:20 GMT server cloudflare access-control-max-age 3600 vary origin, Accept-Encoding content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-h6cjl x-evy-trace-virtual-host all access-control-allow-credentials true cache-control public, max-age=90 cf-ray 899366c98f1703ec-FRA expires Tue, 25 Jun 2024 07:58:01 GMT
GET H/1.1	200 OK	rbtools.min.js Show response www.rewterz.com/wp-content/plugins/revslider/public/assets/js/	161 KB 61 KB	1022ms 1021ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:34 GMT Content-Encoding gzip Last-Modified Tue, 01 Nov 2022 08:24:40 GMT Server Apache ETag "285db-5ec647490eac1-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=90
GET H/1.1	200 OK	rs6.min.js www.rewterz.com/wp-content/plugins/revslider/public/assets/js/	178 KB 0	2431ms 2431ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:34 GMT Content-Encoding gzip Last-Modified Tue, 01 Nov 2022 08:24:40 GMT Server Apache ETag "63433-5ec647490eac1-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92
GET H/1.1	200 OK	script.min.js Show response www.rewterz.com/wp-content/plugins/wp-job-openings/assets/js/	48 KB 15 KB	161ms 161ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/wp-job-openings/assets/js/script.min.js?ver=3.4.6 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash f5c4ba1964e745443a0c654fc82f22e7e540e84da7c72d20ea85451cc79a035a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 15 Apr 2024 08:18:41 GMT Server Apache ETag "be7c-6161e44ec0e94-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 15206
GET H/1.1	200 OK	core.min.js Show response www.rewterz.com/wp-includes/js/jquery/ui/	21 KB 7 KB	260ms 260ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Thu, 30 Mar 2023 02:17:41 GMT Server Apache ETag "53be-5f814b283f089-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 7099
GET H/1.1	200 OK	tabs.min.js Show response www.rewterz.com/wp-includes/js/jquery/ui/	12 KB 4 KB	290ms 290ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 6a0d53f68e013dac42a52a5264c5d28a12a06b6bc7cc1d63bc2d385558bd2dd7 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Wed, 02 Nov 2022 02:21:52 GMT Server Apache ETag "2ea1-5ec7380f14fe2-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 3915
GET H/1.1	200 OK	debouncedresize.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	472 B 630 B	214ms 214ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/debouncedresize.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 7c5a0e187e68ccbf13dafd079e2c46c7917cc60b6959e5a881da324958f34d92 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "1d8-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 297
GET H/1.1	200 OK	magnificpopup.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	20 KB 7 KB	207ms 207ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/magnificpopup.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 82705acbecdd84306ce33e08f576eca6a688896895e6e48d1c36a4071fcba14e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "4f10-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 7323
GET H/1.1	200 OK	menu.js Show response www.rewterz.com/wp-content/themes/betheme/js/	3 KB 1 KB	183ms 183ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/menu.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash e31562bbd4b9f377eec9662b440b0c1262ff73f7e85c3a6e3639635e4516013f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "b2b-6196eb0a3ab95-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 1015
GET H/1.1	200 OK	visible.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	608 B 711 B	160ms 160ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/visible.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 8ecf312a51fd23a6d2258191745ab900d7f393a4633515e0df6305cde42b1a3a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "260-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 378
GET H/1.1	200 OK	animations.min.js Show response www.rewterz.com/wp-content/themes/betheme/assets/animations/	2 KB 960 B	176ms 176ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/animations/animations.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash aeae8ba7d9c8ee997a8ddb5f5ec82381ed7851b750e4d1f466a1f19fad7a8462 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "726-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 627
GET H/1.1	200 OK	jplayer.min.js Show response www.rewterz.com/wp-content/themes/betheme/assets/jplayer/	51 KB 13 KB	168ms 167ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 6e6c69ba30da65996fe5cfd06a9248ad71966d7f05781b646d87358a7e202511 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "cd61-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 12708
GET H/1.1	200 OK	enllax.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	2 KB 862 B	518ms 518ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/enllax.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash c24a7908e8bccfb36947de91ab342f33f1c966b31f50ed1fb83d9d8b3d579a1f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "604-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 529
GET H/1.1	200 OK	translate3d.js Show response www.rewterz.com/wp-content/themes/betheme/js/parallax/	4 KB 2 KB	668ms 668ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/parallax/translate3d.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 19906e9585e0f90c005878ee2c63fcd8d1ed933a0ef6bea16bb1a2226b075b40 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "fd1-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 1318
GET H/1.1	200 OK	scripts.js Show response www.rewterz.com/wp-content/themes/betheme/js/	148 KB 30 KB	1131ms 1131ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/scripts.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 1ef9b3a9a62d4ecac0a9b50252a5fb54936773d6a9cf21c50433c8a9b0f27d5b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "25168-6196eb0a3cad6-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 30507
GET H/1.1	200 OK	isotope.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	34 KB 10 KB	477ms 477ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/isotope.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ee61cd1f7ca665a583657d1dee5250e253e8e05327557e4de1d1e8b6450804e0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:32 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "89eb-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 9763
GET H2	200	m41k4nifgy Show response www.clarity.ms/tag/	655 B 1020 B	188ms 160ms	Script application/x-javascript	2620:1ec:bdf::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/m41k4nifgy?ref=wordpress Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 2fdbfdf645cee739277c803535fdb470ca91d34a283541efecc16bc55957a4f0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires -1 date Tue, 25 Jun 2024 07:56:31 GMT x-azure-ref 20240625T075631Z-17d856f5577494phz51n9ke92400000001cg000000007t9x x-cache CONFIG_NOCACHE content-type application/x-javascript cache-control no-cache, no-store accept-ranges bytes content-length 655 request-context appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
GET H/1.1	200 OK	logo_SVG-01.svg www.rewterz.com/wp-content/uploads/2022/11/	698 B 0	0ms 0ms	Image image/svg+xml	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2022/11/logo_SVG-01.svg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69840f2a0ed40b27bc7e919cc3c2c68be1dc3e1343c60bd21a4741af9abb8011 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Tue, 01 Nov 2022 09:38:43 GMT Server Apache Accept-Ranges bytes ETag "2ba-5ec657d6fc196" Content-Length 698 Content-Type image/svg+xml
GET H/1.1	200 OK	News.jpg www.rewterz.com/wp-content/uploads/2023/01/	39 KB 0	0ms 0ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash eeeb610a66540dad1c431b5b5c26bbf158e4bced839b8dff70c19da14c13854d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache Accept-Ranges bytes ETag "9a04-5f1711067d368" Content-Length 39428 Content-Type image/jpeg
GET H/1.1	200 OK	xdrLogo.png www.rewterz.com/wp-content/uploads/2023/01/	22 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/xdrLogo.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash d7eb51bb7aabba4a0d85a021d286e20bc61936489cb99799df6fcb9cca869222 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Thu, 05 Jan 2023 09:23:34 GMT Server Apache Accept-Ranges bytes ETag "5671-5f180daefe39c" Content-Length 22129 Content-Type image/png
GET H/1.1	200 OK	center_new.png www.rewterz.com/wp-content/uploads/2023/01/	139 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/center_new.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69669e774c4670c09ac0ece7710be2e33fedcb9d09b3a1c8d0eee21ec34a0818 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Fri, 06 Jan 2023 12:13:11 GMT Server Apache Accept-Ranges bytes ETag "22b14-5f1975757bf86" Content-Length 142100 Content-Type image/png
GET H/1.1	200 OK	studio_01_Mascot_New.png www.rewterz.com/wp-content/uploads/2023/03/	747 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/studio_01_Mascot_New.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 0d73eb7b3d25c799af7030f4a09d2f3e72a34363c2138394ba64ab1949e0715c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Tue, 07 Mar 2023 11:04:37 GMT Server Apache Accept-Ranges bytes ETag "baaf9-5f64d60a1ddb8" Content-Length 764665 Content-Type image/png
GET H/1.1	200 OK	16.jpg www.rewterz.com/wp-content/uploads/2023/01/	564 KB 0	0ms 0ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/16.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 012e41bd55f857e7c536648c35aec07874e675ce185f8cbeec60321033216ff3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 10:09:41 GMT Server Apache Accept-Ranges bytes ETag "8cee8-5f145264d5423" Content-Length 577256 Content-Type image/jpeg
GET H/1.1	200 OK	pdf-file-1.png www.rewterz.com/wp-content/uploads/2023/01/	2 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/pdf-file-1.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 5bfe5d69340acac94e1b747712544d0159bee54813320aabe93d515627fa491f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 10:28:27 GMT Server Apache Accept-Ranges bytes ETag "842-5f145696c5f02" Content-Length 2114 Content-Type image/png
GET H/1.1	200 OK	play_btn_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash dd13bf8404f7b89c916472f108c02bc5ff01c4e2b0a7b69e25fc6866167b7f2a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:48:02 GMT Server Apache Accept-Ranges bytes ETag "4e60-5f1483333c4e4" Content-Length 20064 Content-Type image/png
GET H/1.1	200 OK	play_btn_hover_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_hover_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 33b724f0a45fe4e11d070c9b03014746021873af3f8c59e00219d41a63d93158 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:48:03 GMT Server Apache Accept-Ranges bytes ETag "4f1d-5f148333f4e19" Content-Length 20253 Content-Type image/png
GET H/1.1	200 OK	leadership.png www.rewterz.com/wp-content/uploads/2023/01/	50 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/leadership.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ea89b577a7f8970538905ed7405dd6bf3c37ff5a36e311cecb9442efd7c75ad8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:20:21 GMT Server Apache Accept-Ranges bytes ETag "c8cd-5f147d02fc1d4" Content-Length 51405 Content-Type image/png
GET H/1.1	200 OK	help.png www.rewterz.com/wp-content/uploads/2023/01/	26 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/help.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash a27e221b35f35950178fbc5afe974015a5f485b5ae91ca8ffe5847e768a3c1ee Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Mon, 02 Jan 2023 13:24:37 GMT Server Apache Accept-Ranges bytes ETag "689c-5f147df77eabf" Content-Length 26780 Content-Type image/png
GET H/1.1	200 OK	News-167x146.jpg www.rewterz.com/wp-content/uploads/2023/01/	2 KB 0	47ms 47ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News-167x146.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash fb1638da998fdcaf1b3ad55c3e07fa85a4dd668c6d52b1e38423ef35edc7dd7c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache Accept-Ranges bytes ETag "868-5f171106d9033" Content-Length 2152 Content-Type image/jpeg
GET H/1.1	200 OK	BG_RED.jpg www.rewterz.com/wp-content/uploads/2023/03/	159 KB 159 KB	299ms 159ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/BG_RED.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ead896ede9c5838d91a0158c1f561fb5387133080c96be126310889390ea33b8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Tue, 07 Mar 2023 10:50:11 GMT Server Apache ETag "27a28-5f64d2d014e63" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 162344
GET H2	200	7cHqv4kjgoGqM7E3_-gs51os.woff2 fonts.gstatic.com/s/barlow/v12/	20 KB 21 KB	40ms 17ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:59:44 GMT x-content-type-options nosniff age 579407 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20960 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:18:28 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:59:44 GMT
GET H2	200	7cHqv4kjgoGqM7E3t-4s51os.woff2 fonts.gstatic.com/s/barlow/v12/	21 KB 21 KB	44ms 22ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:42:05 GMT x-content-type-options nosniff age 580466 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21724 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:29:44 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:42:05 GMT
GET H2	200	HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2 fonts.gstatic.com/s/barlowcondensed/v12/	21 KB 21 KB	42ms 19ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 15:20:40 GMT x-content-type-options nosniff age 578151 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21440 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:46:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 15:20:40 GMT
GET H/1.1	200 OK	icons.woff2 www.rewterz.com/wp-content/themes/betheme/fonts/mfn/	70 KB 71 KB	300ms 162ms	Font application/octet-stream	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/fonts/mfn/icons.woff2?11083851 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/wp-content/themes/betheme/css/be.css?ver=27.4.4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash c0fa90ca6e7303bfcf6bfa7d412e8fc370c8c9b5188a6700a902be3ecc9e9456 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/wp-content/themes/betheme/css/be.css?ver=27.4.4 Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:31 GMT Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "119c8-6196eb0a3da76" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 72136
GET H2	200	7cHpv4kjgoGqM7E_DMs5.woff2 fonts.gstatic.com/s/barlow/v12/	21 KB 21 KB	37ms 15ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:53:47 GMT x-content-type-options nosniff age 579764 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21144 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:43:23 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:53:47 GMT
GET H2	200	HTxwL3I-JCGChYJ8VI-L6OO_au7B47rxz3bWuQ.woff2 fonts.gstatic.com/s/barlowcondensed/v12/	20 KB 20 KB	31ms 8ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B47rxz3bWuQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash aa1895205efb0ef0fa4232b6289c46a12bf07b9493598c2d50d3afe6d9ce9d9d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:54:19 GMT x-content-type-options nosniff age 579732 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20180 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:34:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:54:19 GMT
GET H2	200	7cHrv4kjgoGqM7E_Cfs7wH8.woff2 fonts.gstatic.com/s/barlow/v12/	23 KB 23 KB	45ms 23ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHrv4kjgoGqM7E_Cfs7wH8.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 51d0115090b2cfd0cb581cbf62ee79bb94fdcb3f9c2432d39d3adacd8888ccef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:47:45 GMT x-content-type-options nosniff age 580126 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23564 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:09:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:47:45 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 207 B	14ms 14ms	XHR text/plain	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=775635843&t=pageview&_s=1&dl=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&ul=de-de&de=UTF-8&dt=Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20-%20Rewterz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1930641389&gjid=306035870&cid=1270737913.1719302192&tid=UA-2844962-1&_gid=608475873.1719302192&_r=1&gtm=457e46j0za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&jsscut=1&npa=1&z=281645443 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:31 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.rewterz.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 349 B	57ms 19ms	XHR text/plain	2a00:1450:400c:c06::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2844962-1&cid=1270737913.1719302192&jid=1930641389&gjid=306035870&_gid=608475873.1719302192&npa=1&_u=YEBAAUAAAAAAACAAI~&z=1137329989 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Tue, 25 Jun 2024 07:56:31 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.rewterz.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	204	register-conversion region1.google-analytics.com/privacy-sandbox/ Redirect Chain https://region1.analytics.google.com/g/collect?v=2&tid=G-2H1K10XHV5&gtm=45je46j0v889293908za200&_p=1719302190351&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1270737913.1719302192... https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1270737913.1719302192&dbk=14776856315434563347&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&...	0 0	58ms 52ms	Fetch text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1270737913.1719302192&dbk=14776856315434563347&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&tid=G-2H1K10XHV5&dl=https%3A%2F%2Fwww.rewterz.com%3F Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.rewterz.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache attribution-reporting-register-trigger {"aggregatable_trigger_data":[{"key_piece":"0xddfde1745f7b646c","source_keys":["1"]},{"key_piece":"0x328f6f59f2b44a7e","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"debug_key":"14776856315434563347","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["1025116166"],"5":["06-25","06-24","06-23"]}} date Tue, 25 Jun 2024 07:56:31 GMT server Golfe2 content-type text/plain cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 25 Jun 2024 07:56:31 GMT server Golfe2 content-type text/html; charset=UTF-8 location https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1270737913.1719302192&dbk=14776856315434563347&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&tid=G-2H1K10XHV5&dl=https%3A%2F%2Fwww.rewterz.com%3F access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 482 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 56 B	20ms 20ms	Ping text/plain	2a00:1450:400c:c06::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2H1K10XHV5&cid=1270737913.1719302192&gtm=45je46j0v889293908za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-2H1K10XHV5&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:31 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.rewterz.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	48ms 31ms	Image image/gif	142.250.185.99 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2H1K10XHV5&cid=1270737913.1719302192&gtm=45je46j0v889293908za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1459544398 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:31 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	51ms 33ms	Image image/gif	172.217.16.196 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2844962-1&cid=1270737913.1719302192&jid=1930641389&npa=1&_u=YEBAAUAAAAAAACAAI~&z=1279995195 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.16.196 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s08-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:31 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	49ms 36ms	Image image/gif	142.250.185.99 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2844962-1&cid=1270737913.1719302192&jid=1930641389&npa=1&_u=YEBAAUAAAAAAACAAI~&z=1279995195 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:31 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.32/	61 KB 26 KB	14ms 14ms	Script application/javascript	2620:1ec:bdf::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.32/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/m41k4nifgy?ref=wordpress Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:31 GMT content-encoding br last-modified Fri, 10 May 2024 17:30:20 GMT etag W/"0x8DC7116DE09E645" vary Accept-Encoding x-azure-ref 20240625T075631Z-17d856f5577494phz51n9ke92400000001cg000000007ta8 content-type application/javascript;charset=utf-8 access-control-allow-origin * x-ms-request-id 949203f2-601e-0050-0434-c2ec8b000000 cache-control public, max-age=86400 x-cache TCP_HIT x-ms-version 2018-03-28 x-fd-int-roxy-purgeid 51562430
POST H/1.1	204 No Content	collect Show response w.clarity.ms/	0 279 B	494ms 304ms	XHR text/plain	23.96.124.156 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://w.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:32 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
GET H2	200	collectedforms.js Show response js.hscollectedforms.net/	69 KB 24 KB	44ms 20ms	Script application/javascript	2606:4700::6810:6dfe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hscollectedforms.net/collectedforms.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 341 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=89935e7d3dc29944-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"7d377a186677c174f204d466b8fa5fdb" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset collected-forms-embed-js/static-1.503/bundles/project.js date Tue, 25 Jun 2024 07:56:32 GMT x-amz-version-id WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W x-content-type-options nosniff cf-cache-status HIT via 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront) x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 029ff749-cc1f-4f7e-bfcf-1729d9d18b5b x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-request-id 029ff749-cc1f-4f7e-bfcf-1729d9d18b5b last-modified Wed, 15 May 2024 14:34:44 UTC server cloudflare x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-kt4hg cf-ray 899366d0fc509a0b-FRA x-amz-cf-id 4nALZsQ-dGqwfwBN9f9l2SEWj4_96BCKwncMrjyauj8QoXVchYRbYA==
GET H2	200	6553015.js Show response js.hs-analytics.net/analytics/1719302100000/	68 KB 24 KB	42ms 19ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1719302100000/6553015.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0cd4bbda617e0cfd9794051cef2f48b3e29682e3458445844e9eeca79042b16a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:32 GMT x-amz-version-id null content-encoding gzip cf-cache-status HIT x-amz-request-id NZGJSE2K93VZT3E0 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id f1cfd131-84de-43a3-ad73-419224a8d24c age 16 x-envoy-upstream-service-time 24 x-amz-id-2 iFgpsoQrMuY70D6Cvvhf8ByG1VKG3IVYeO0ECfaMaBAjLK7gDNnHtO4gTddmU0mFw/CarwmmmZQxbqHQJ1wtuyhUfuZYFOYM x-evy-trace-listener listener_https x-request-id f1cfd131-84de-43a3-ad73-419224a8d24c x-evy-trace-route-configuration listener_https/all last-modified Fri, 21 Jun 2024 21:10:15 GMT server cloudflare etag W/"741c4a7b428b1eb2722a9c46bb3a9afd" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-zmwrp cache-control max-age=300,public access-control-allow-credentials false cf-ray 899366d0ff79371b-FRA expires Tue, 25 Jun 2024 08:01:16 GMT
GET H2	200	banner.js Show response js.hs-banner.com/v2/6553015/	71 KB 26 KB	48ms 25ms	Script text/javascript	2606:4700:4400::6812:22e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/6553015/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a2df9eb98d154638cc144a4723faa17106133e7a1b3b47f8232580c293af5ed3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:32 GMT x-amz-version-id 2mnTL3jXxQ_H2lGd1GAs6rIe51NPKk2g content-encoding gzip cf-cache-status HIT x-amz-request-id NNJ40DZAG00ZM038 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 8df3617c-9296-4410-9e0e-48199e24ee39 age 16 x-envoy-upstream-service-time 165 x-amz-id-2 jQQZ0kqLzjJDULOYQ+7mnS72Wc5Jk2iabhvsOcuij6QZjZG73zfldqGNrEi+gQwEbmnycf65sgY= x-evy-trace-listener listener_https x-request-id 8df3617c-9296-4410-9e0e-48199e24ee39 x-evy-trace-route-configuration listener_https/all last-modified Mon, 15 Apr 2024 14:48:08 GMT server cloudflare etag W/"ddbeb0d8841c3d36a74c07861eb62a27" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 899366d0fd013631-FRA expires Tue, 25 Jun 2024 08:01:16 GMT
GET H2	200	conversations-embed.js Show response js.usemessages.com/	85 KB 24 KB	51ms 29ms	Script application/javascript	2606:4700::6810:4d8e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:4d8e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 753b5d77684b20581dddd43b3a944bca93a44da9e6dee0c8232ca6ed8a40ead5 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:32 GMT x-amz-version-id yFTRQFC1g6ZpuTIoktepwBCyrzt6F_8h content-encoding gzip x-content-type-options nosniff via 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 154 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16706/bundles/project.js&cfRay=8993630a9feb65d4-FRA x-cache Hit from cloudfront x-hubspot-correlation-id a5b3a036-02d4-4ba5-a97c-b85cf3bb46b4 cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a5b3a036-02d4-4ba5-a97c-b85cf3bb46b4 last-modified Fri, 21 Jun 2024 14:34:54 UTC server cloudflare etag W/"d5ed42fdc505d7812288ee600abec355" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-2hwf8 cf-ray 899366d0f94f9024-FRA x-amz-cf-id kr3nJRcWs5dgGsEOA-7s7SgRZvSkRRRiU3pMMSkwevAnjQ45-6enOQ== x-hs-target-asset conversations-embed/static-1.16706/bundles/project.js
GET H2	200	json Show response forms.hscollectedforms.net/collected-forms/v1/config/	133 B 451 B	119ms 118ms	XHR application/json	2606:4700::6810:6dfe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6553015&utk= Requested by Host: js.hscollectedforms.net URL: https://js.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dae324f47a82406107372ddd18ab5538d154bea84c919e9a01f7935c68008bab Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/json, text/plain, */* Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:32 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 9a3e89c8-31ee-48d9-8665-8714392fd67c x-envoy-upstream-service-time 4 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 9a3e89c8-31ee-48d9-8665-8714392fd67c server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-wf75s access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 899366d17d219a0b-FRA
POST H/1.1	204 No Content	collect Show response w.clarity.ms/	0 279 B	97ms 97ms	XHR text/plain	23.96.124.156 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://w.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:33 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
GET H3	200	1 widget.clutch.co/widgets/get/ Frame D388	0 0	63ms 50ms	Document text/html	104.18.68.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://widget.clutch.co/widgets/get/1?ref_domain=www.rewterz.com&uid=2328721&rel_nofollow=true&ref_path=/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Requested by Host: widget.clutch.co URL: https://widget.clutch.co/static/js/widget.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.68.32 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Content-Security-Policy font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; Strict-Transport-Security max-age=2592000 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.rewterz.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers age 338 alt-svc h3=":443"; ma=86400 cache-control public, max-age=3600 cf-cache-status HIT cf-ray 899366d97bb8363b-FRA content-encoding br content-security-policy font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; content-type text/html; charset=utf-8 date Tue, 25 Jun 2024 07:56:34 GMT expires Tue, 25 Jun 2024 08:56:34 GMT last-modified Tue, 25 Jun 2024 07:37:36 GMT server cloudflare strict-transport-security max-age=2592000 vary Accept-Encoding
GET H/1.1	200 OK	wp-emoji-release.min.js Show response www.rewterz.com/wp-includes/js/	18 KB 5 KB	692ms 691ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:34 GMT Content-Encoding gzip Last-Modified Wed, 03 Apr 2024 02:17:47 GMT Server Apache ETag "4926-61527d420e295-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=89 Content-Length 5062
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/ Frame	0 0	165ms 137ms	Preflight text/plain	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=6553015&conversations-embed=static-1.16706&mobile=false&messagesUtk=6a306d1bf81a4a5e96ede65c038862e7&traceId=6a306d1bf81a4a5e96ede65c038862e7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers x-hubspot-messages-uri Access-Control-Request-Method GET Origin https://www.rewterz.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.rewterz.com allow HEAD,GET,OPTIONS cf-cache-status DYNAMIC cf-ray 899366d9a87e9b9b-FRA content-length 18 content-type text/plain; charset=utf-8 date Tue, 25 Jun 2024 07:56:34 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x74UXSnpWK28Pe2E5q7Rek67e7xD0iytANl76F%2Bv%2B0L12K%2FpaehF5Mc353LyhZWQr%2BvGK9bnpGCWOtH18QZkfPtLmSw63r29Y%2FzygaTaSKkacqfjq87E0eiRwQ4zR68zj3dOqlTdUeLb7q%2FFrQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding x-content-type-options nosniff x-envoy-upstream-service-time 4 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-hwgfb x-evy-trace-virtual-host all x-hubspot-correlation-id 403e16c9-1e0b-4381-bb44-6be695d75c03 x-request-id 403e16c9-1e0b-4381-bb44-6be695d75c03
GET H2	200	public Show response api.hubspot.com/livechat-public/v1/message/	3 KB 2 KB	236ms 236ms	XHR application/json	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=6553015&conversations-embed=static-1.16706&mobile=false&messagesUtk=6a306d1bf81a4a5e96ede65c038862e7&traceId=6a306d1bf81a4a5e96ede65c038862e7 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 25d5c235e6eaeb9f948fc15d463fb0ddad85a091994097f00c08cfac092a1dea Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 X-HubSpot-Messages-Uri https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:34 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id caaa964d-8cc9-4bfb-bbe5-5dcddff84afd x-envoy-upstream-service-time 107 content-length 1334 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id caaa964d-8cc9-4bfb-bbe5-5dcddff84afd server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-wlz7v cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDoErKdq0GT1b0b8b3HhHXsSiyNjAM4NDE8ssyDLG%2F1HB3vLuy4SYIZNOM9jY0fYDgfkUeyz9jRmJ347ebJXE0C8eZ36VreVXSBYfW%2BmgValf2h%2B3l2BaLJ7FQdUjDGTdbPjIpeki5%2FD1Psn9Q%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 899366da79b19b9b-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H2	200	HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2 fonts.gstatic.com/s/barlowcondensed/v12/	20 KB 20 KB	7ms 7ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlowcondensed/v12/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 22 Jun 2024 21:21:48 GMT x-content-type-options nosniff age 210886 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20200 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:28:11 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 22 Jun 2025 21:21:48 GMT
GET H/1.1	200 OK	News-167x146.jpg www.rewterz.com/wp-content/uploads/2023/01/	2 KB 0	0ms 0ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News-167x146.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash fb1638da998fdcaf1b3ad55c3e07fa85a4dd668c6d52b1e38423ef35edc7dd7c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:33 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache Accept-Ranges bytes ETag "868-5f171106d9033" Content-Length 2152 Content-Type image/jpeg
GET H2	200	6a306d1bf81a4a5e96ede65c038862e7 app.hubspot.com/conversations-visitor/6553015/threads/utk/ Frame E8B7	0 0	266ms 249ms	Document text/html	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/conversations-visitor/6553015/threads/utk/6a306d1bf81a4a5e96ede65c038862e7?uuid=b05dcbefcf5a4d65a81f030b17c3d7a6&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=rewterz.com&inApp53=false&messagesUtk=6a306d1bf81a4a5e96ede65c038862e7&url=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options no-sniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.rewterz.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-credentials false age 2047 cache-control max-age=600 cache-tag staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod cf-cache-status DYNAMIC cf-ray 899366dc1f4b9118-FRA content-encoding gzip content-security-policy-report-only script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.19158/html/index.html&cfRay=899366dc1f4b9118&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F6553015%2Fthreads%2Futk%2F6a306d1bf81a4a5e96ede65c038862e7%3Fuuid%3Db05dcbefcf5a4d65a81f030b17c3d7a6%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Drewterz.com%26inApp53%3Dfalse%26messagesUtk%3D6a306d1bf81a4a5e96ede65c038862e7%26url%3Dhttps%253A%252F%252Fwww.rewterz.com%252Fthreat-advisory%252Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse%26hideScrollToButton%3Dtrue&referrer=https%3A%2F%2Fwww.rewterz.com%2F&cfenv=prod&pdt=2024-06-25&csp=ro content-type text/html; charset=utf-8 date Tue, 25 Jun 2024 07:56:34 GMT etag W/"fb287ed2f52438a02778401b4d4b3cf2" last-modified Fri, 21 Jun 2024 14:34:54 UTC report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} reporting-endpoints default="https://send.hsbrowserreports.com/csp/reports?cfRay=899366dc1f4b9118&resource=conversations-visitor-ui/static-1.19158/html/index.html" server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding via 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront) x-amz-cf-id 4nqw5vxDuWayYcQCPOmQrFDoF8LZP-5W6KX19hMCUt1cJaxdO9vBww== x-amz-cf-pop IAD12-P3 x-amz-replication-status COMPLETED x-amz-server-side-encryption AES256 x-amz-version-id udsYh5XgdwGd9o6YhUcIX41sHGStXR7B x-cache Hit from cloudfront x-content-type-options no-sniff x-envoy-upstream-service-time 9 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-2hwf8 x-evy-trace-virtual-host all x-hs-cache-status MISS x-hs-target-asset conversations-visitor-ui/static-1.19158/html/index.html x-hs-worker-debug-mode false x-hubspot-correlation-id 543ee815-6cd9-4d0b-a18c-9c4b04cb39d5 x-request-id 543ee815-6cd9-4d0b-a18c-9c4b04cb39d5
POST H/1.1	204 No Content	collect Show response w.clarity.ms/	0 279 B	94ms 93ms	XHR text/plain	23.96.124.156 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://w.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:36 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
POST H/1.1	204 No Content	collect Show response w.clarity.ms/	0 279 B	94ms 94ms	XHR text/plain	23.96.124.156 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://w.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:39 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12