urlscan.io logo urlscan.io
SecurityTrails logo

cs.beta.fletch.ai Open in urlscan Pro
34.102.249.32  Public Scan

Go To Rescan Add Verdict Report
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Submission: On November 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 15 domains to perform 61 HTTP transactions. The main IP is 34.102.249.32, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is cs.beta.fletch.ai.
TLS certificate: Issued by R3 on October 14th 2021. Valid for: 3 months.
This is the only time cs.beta.fletch.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

36    34.102.249.32 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 32.249.102.34.bc.googleusercontent.com
cs.beta.fletch.ai
app.beta.fletch.ai
3    142.250.185.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f10.1e100.net
fonts.googleapis.com
3    142.250.186.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f8.1e100.net
www.googletagmanager.com
2    2606:4700::6811:b749 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsforms.net
1    75.2.60.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: acd89244c803f7181.awsglobalaccelerator.com
fullstory.com
1    2a05:d014:275:cb00:60f:54cb:281a:9d22 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
www.fullstory.com
2    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a02:26f0:6c00::210:ba11 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    2620:119:50e5:101::9002:c05 (San Francisco, United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
3    142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net
www.google-analytics.com
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
www.googleadservices.com
1    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
googleads.g.doubleclick.net
1    2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
2    172.217.16.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f3.1e100.net
www.google.de
1    2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net
fonts.gstatic.com
Domain Requested by
35 cs.beta.fletch.ai cs.beta.fletch.ai
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
cs.beta.fletch.ai
3 www.googletagmanager.com cs.beta.fletch.ai
www.googletagmanager.com
3 fonts.googleapis.com cs.beta.fletch.ai
js.hsforms.net
2 www.google.de cs.beta.fletch.ai
2 px.ads.linkedin.com 2 redirects
2 connect.facebook.net cs.beta.fletch.ai
connect.facebook.net
2 js.hsforms.net cs.beta.fletch.ai
js.hsforms.net
1 fonts.gstatic.com fonts.googleapis.com
1 stats.g.doubleclick.net www.google-analytics.com
1 forms.hsforms.com js.hsforms.net
1 googleads.g.doubleclick.net www.googleadservices.com
1 app.beta.fletch.ai cs.beta.fletch.ai
1 www.googleadservices.com www.googletagmanager.com
1 px4.ads.linkedin.com cs.beta.fletch.ai
1 www.linkedin.com 1 redirects
1 snap.licdn.com cs.beta.fletch.ai
1 www.fullstory.com cs.beta.fletch.ai
1 fullstory.com 1 redirects
0 www.google.com Failed cs.beta.fletch.ai
61 20

This site contains links to these domains. Also see Links.

Domain
app.beta.fletch.ai
www.trendmicro.com
Subject Issuer Validity Valid
*.beta.fletch.ai
R3		 2021-10-14 -
2022-01-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-02 -
2021-12-01		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Frame ID: 6A3B67F1762E6ABAF3C694B9767E1592
Requests: 59 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/shell.js
Frame ID: 2566AA8F75802E309F4E59EB7E4F21DE
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

FletchClearShare

Page Statistics

61
Requests

93 %
HTTPS

44 %
IPv6

15
Domains

20
Subdomains

16
IPs

3
Countries

5061 kB
Transfer

6596 kB
Size

15
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://fullstory.com/s/fs.js HTTP 301
  • https://www.fullstory.com/s/fs.js
Request Chain 19
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2977852%26time%3D1637753288729%26url%3Dhttps%253A%252F%252Fcs.beta.fletch.ai%252Fp%252Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&liSync=true&e_ipv6=AQIiKhqGAmdE7AAAAX1Rs_o2mI7vfQb8dynWIrKqy-MakwDCZch_hzWonTSti2vRgAsBVywR

61 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
cs.beta.fletch.ai/p/ 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e1617e475ad74e69f98c4faba987b188113d53e44329b724bda0c8ed8dfd0f79

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-guploader-uploadid
ADPycducLGk6IqYi2_qvcsAVfgxUfCZcq0owLLgrKGPbIt4UKhrp_19TZ1b5w3eAQUJ0xuRQyNP0K0RYE3J5x09D6MGhoziL_Q
date
Wed, 24 Nov 2021 11:21:08 GMT
last-modified
Wed, 24 Nov 2021 07:51:03 GMT
etag
"a0bc50f83f113264886275896a0ba000"
x-goog-generation
1637740263736663
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
5703
content-type
text/html
content-encoding
gzip
content-disposition
inline
x-goog-hash
crc32c=vu4bXQ== md5=oLxQ+D8RMmSIYnWJagugAA==
x-goog-storage-class
STANDARD
accept-ranges
bytes
vary
Accept-Encoding
content-length
5703
server
UploadServer
age
420
cache-control
max-age=300,public
alt-svc
clear
11.b7cec96e.chunk.css
cs.beta.fletch.ai/static/css/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/css/11.b7cec96e.chunk.css
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3dc3dd9c188828ef890e6c5b4c84c56c1500fc7a9ddc61f46652fb18578540e0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:02:57 GMT
age
30311
x-guploader-uploadid
ADPycdsugw_5R41AiDPSBiUwsGHRU5HBo77kFH-LdT7RXqm5MQcIM9AE449a3cAoOI_NEzfo68LWS85JpMz3UPJnvvk
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
10998
last-modified
Tue, 23 Nov 2021 00:06:10 GMT
server
UploadServer
etag
"c80c0cc10bf4147c05e1cfca6f1f4e24"
x-goog-hash
crc32c=3neDCA==, md5=yAwMwQv0FHwF4c/Kbx9OJA==
x-goog-generation
1637625970941622
cache-control
public,max-age=3600
x-goog-stored-content-length
10998
accept-ranges
bytes
content-type
text/css
main.36106644.chunk.css
cs.beta.fletch.ai/static/css/ 		74 KB
75 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
642e2f439490aeb35ac0ee85c8ea29884c19066750e4a0a9b639813fde78df00

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:02:57 GMT
age
30311
x-guploader-uploadid
ADPycdtYL-3PpWzwEQRqHQMb2AgMXiGEHXKzGHGIrG7EU0czDMuYRecOkbQy4Ckm81FLyt0y5-zU4qQt2bdqNsmKZCX7oUDt5w
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
76011
last-modified
Tue, 23 Nov 2021 00:06:11 GMT
server
UploadServer
etag
"23437f2623a3a04cf68807d708e151ed"
x-goog-hash
crc32c=o2695w==, md5=I0N/JiOjoEz2iAfXCOFR7Q==
x-goog-generation
1637625971300673
cache-control
public,max-age=3600
x-goog-stored-content-length
76011
accept-ranges
bytes
content-type
text/css
css
fonts.googleapis.com/ 		3 KB
933 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,700,900
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f10.1e100.net
Software
ESF /
Resource Hash
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 10:36:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 24 Nov 2021 11:28:08 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Nov 2021 11:28:08 GMT
css
fonts.googleapis.com/ 		10 KB
731 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700&display=swap
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f10.1e100.net
Software
ESF /
Resource Hash
22be54768ea412635eb9e7f33ee7e2cdbda2b0bc9c413edc57f2256add63ebfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 10:45:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 24 Nov 2021 11:28:08 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Nov 2021 11:28:08 GMT
js
www.googletagmanager.com/gtag/ 		90 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-84061015-7
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
7b3c3579a507ee552163a6cf0bdb46ae585cc9ab998d7054d093e358d5b6814f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:08 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36180
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Nov 2021 11:28:08 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-433039094
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
4a159be322669182463a52c33e76758bc454b7304ce490890106b2c76f0db2e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:08 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39542
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Nov 2021 11:28:08 GMT
shell.js
js.hsforms.net/forms/ 		565 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/shell.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:08 GMT
via
1.1 ea3bfccd683c652cb849f6ec1b5606a4.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
588
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 22 Nov 2021 03:35:42 UTC
server
cloudflare
etag
W/"81d36b7b25dcbaadd300923b7cd32d2c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PUGdfYYuFmIObodaEuk1tfPFkDsVtnLJ1OisfaO%2BTF1g2auZb9BlkBdANBjTDl%2FVqtW5lWrslmPQUtCu%2FsQkPbuilL3Z59GfOnpUu0kMS7TnGd9GSkii2DHOule5pn9wesurc1UGC%2B%2FvCERG"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
DbFNkSWAQliTMR.LcB9YoOy1wsVfAP3h
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-P1
cf-ray
6b324ac3f9f5dfd7-FRA
x-amz-cf-id
pD4OM4iX4ob36wmqgKfRwTLh7hwLpyzWRtKkFLe32NaknhXKP28ngQ==
x-hs-target-asset
FormsNext/static-5.415/bundles/project_with_deps.js
11.920e23b5.chunk.js
cs.beta.fletch.ai/static/js/ 		746 KB
747 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9c187bd1e054b6450fa6e9fc7cd8130ea7c2da5d50825e8f9abd80c010bd49af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:02:57 GMT
age
30311
x-guploader-uploadid
ADPycduNGW1NeofHoK7NnrIqG-Hnn1q9mTozKrcdp5PNaVgBYa9sCg4sG7ADYYU4zkmB5-VBzOMkuEhx9rRxqa9l6TYy-E7pbg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
764016
last-modified
Tue, 23 Nov 2021 00:06:10 GMT
server
UploadServer
etag
"77c4cf958848bc5451a18a6499c2c8bf"
x-goog-hash
crc32c=cct6kw==, md5=d8TPlYhIvFRRoYpkmcLIvw==
x-goog-generation
1637625970098479
cache-control
public,max-age=3600
x-goog-stored-content-length
764016
accept-ranges
bytes
content-type
application/javascript
main.8a34627d.chunk.js
cs.beta.fletch.ai/static/js/ 		913 KB
913 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/main.8a34627d.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
13afab5a3fbef1e85b123abfb9158df6e0b79e73ad676fe98968090359dd1c63

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:02:57 GMT
age
30311
x-guploader-uploadid
ADPycds9CKfzURrYRuf3Pbh2OFOfT_DbKqOO1F3lE-vbr9zREEm4tGtX9CvSttaOkSppS-JjS3_NuED52sK3TPGva-E
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
934568
last-modified
Tue, 23 Nov 2021 00:06:08 GMT
server
UploadServer
etag
"1644952d835336ab3f8875280bccf86e"
x-goog-hash
crc32c=nRX6bw==, md5=FkSVLYNTNqs/iHUoC8z4bg==
x-goog-generation
1637625968371776
cache-control
public,max-age=3600
x-goog-stored-content-length
934568
accept-ranges
bytes
content-type
application/javascript
mp-2-latest.min.js
cs.beta.fletch.ai/ 		80 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/mp-2-latest.min.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
860db316dab7ba4947d9d82a085cdae25947737cd5fdcbc4aa55310cb5d74035

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:02:59 GMT
age
30309
x-guploader-uploadid
ADPycdsCPx5gzw0xt4622fjVAGU_48yrCNjTqNZutcgmMOzkmGz0ViPAHvYFrGNG1kotFG4DKKKXbfmAl-B0B4rPbQNhOzkeBw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
82429
last-modified
Tue, 23 Nov 2021 00:06:11 GMT
server
UploadServer
etag
"2a51ad1c7504618c995b8c1a88c79e50"
x-goog-hash
crc32c=6kSIRg==, md5=KlGtHHUEYYyZW4waiMeeUA==
x-goog-generation
1637625971460362
cache-control
public,max-age=3600
x-goog-stored-content-length
82429
accept-ranges
bytes
content-type
application/javascript
fs.js
www.fullstory.com/s/
Redirect Chain
  • https://fullstory.com/s/fs.js
  • https://www.fullstory.com/s/fs.js
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fullstory.com/s/fs.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Server
2a05:d014:275:cb00:60f:54cb:281a:9d22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

x-nf-request-id
01FN8V7YDBCHWPC2DA3GK09J96
date
Wed, 24 Nov 2021 00:37:03 GMT
server
Netlify
age
39066
strict-transport-security
max-age=31536000
content-type
text/plain
location
https://www.fullstory.com/s/fs.js
cache-control
public, max-age=0, must-revalidate
content-length
49
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
ajBBvWdE5y6MmPh4BDmWyBtWSyCTulqYkEUvy5jFwHyYC+sZtJT3EcSBY33Xsm7Y+6KkBSSfYgLwZ+B+oDwzkg==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 24 Nov 2021 11:28:08 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 24 Nov 2021 11:28:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 19:17:49 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=13064
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
0.4567fee5.chunk.js
cs.beta.fletch.ai/static/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/0.4567fee5.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
29997e548c243d96a5a2c9bd4aca2b9cb899ed59819bb3f3b77abfc7d15ecb3a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:05 GMT
age
30303
x-guploader-uploadid
ADPycdvDJIwGyLebYdWVIRKYGyM_zIkOPg-3-zkZ89WA-X2B1jiNn9I0ZHa1wTncz11HYWXwnv5ikoaCtGGG0JYEj54
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
10913
last-modified
Tue, 23 Nov 2021 00:06:08 GMT
server
UploadServer
etag
"a6e7e188aed6b135e6c34d5b5751f436"
x-goog-hash
crc32c=T/Flxg==, md5=pufhiK7WsTXmw01bV1H0Ng==
x-goog-generation
1637625968710574
cache-control
public,max-age=3600
x-goog-stored-content-length
10913
accept-ranges
bytes
content-type
application/javascript
1.05402ce7.chunk.js
cs.beta.fletch.ai/static/js/ 		152 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/1.05402ce7.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
893e252e6cbff40bd095beafc2bb4b52fb4f68683345bebeed6d70244efc299f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:05 GMT
age
30303
x-guploader-uploadid
ADPycdufOeeCzq9ZdOa174WrVAoKwIy24g6wszklM53ExPZw__ZOQB0rBi6XDlse301AM8vOrao_BmGt5pcIpmW_U-s
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
155769
last-modified
Tue, 23 Nov 2021 00:06:10 GMT
server
UploadServer
etag
"85b3d5d38025d32bc483c2bbeeb16efa"
x-goog-hash
crc32c=m/mhKA==, md5=hbPV04Al0yvEg8K77rFu+g==
x-goog-generation
1637625970731346
cache-control
public,max-age=3600
x-goog-stored-content-length
155769
accept-ranges
bytes
content-type
application/javascript
2.a7f8825b.chunk.js
cs.beta.fletch.ai/static/js/ 		43 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/2.a7f8825b.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
53de1be32dccbff21320260c0c67670a4a97fc5e65cd4b1e6693e68e3206e112

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:05 GMT
age
30303
x-guploader-uploadid
ADPycds_u81Jp2I9VNhLbr4RSBg43AGvZCCiKkP8R8xgZ58Dj-rKN0HBaj2dSOxvts7aqMrhONrlQtAaWkJbCVaOgeM
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
43654
last-modified
Tue, 23 Nov 2021 00:06:08 GMT
server
UploadServer
etag
"03c95a939e6a620623db31f6c22275ca"
x-goog-hash
crc32c=gA9dUA==, md5=A8lak55qYgYj2zH2wiJ1yg==
x-goog-generation
1637625968205501
cache-control
public,max-age=3600
x-goog-stored-content-length
43654
accept-ranges
bytes
content-type
application/javascript
3.e29cb5f7.chunk.js
cs.beta.fletch.ai/static/js/ 		902 KB
903 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/3.e29cb5f7.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
60ad8e7c27dcccadf29e2a78e1ad90217ac83fe90c23cd5ad6557fcba7ebd3fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:05 GMT
age
30303
x-guploader-uploadid
ADPycduB6Dcv4jkxcUDV6b9bCCZ-dzu3YUegvKX0AO1Lh3Fim9hXYNZsg8QSBqOQdCQpcz_JlrLTvPFyH26KtpuL1noeGF7DoQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
923530
last-modified
Tue, 23 Nov 2021 00:06:09 GMT
server
UploadServer
etag
"cef0495feec33c03aea32c1c790ace18"
x-goog-hash
crc32c=PSmd/w==, md5=zvBJX+7DPAOuoywceQrOGA==
x-goog-generation
1637625969636000
cache-control
public,max-age=3600
x-goog-stored-content-length
923530
accept-ranges
bytes
content-type
application/javascript
15.1fd2b905.chunk.css
cs.beta.fletch.ai/static/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/css/15.1fd2b905.chunk.css
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
dc335d65ba390ea6e1dab9ed15666899d58fac8d3694b63a3258c259bc313587

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:05 GMT
age
30303
x-guploader-uploadid
ADPycdsnU6sYN9b4kr5j-HGuUpXqiIdpyzxnpaVZ217GbWkf73Hc7nx8TXyj4goNF-eyewJ9LOFtEQf07onFWKpde-v_hpBr_g
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
2835
last-modified
Tue, 23 Nov 2021 00:06:11 GMT
server
UploadServer
etag
"94491789ab1e010d1cee489c62b632e6"
x-goog-hash
crc32c=ewgC1A==, md5=lEkXiaseAQ0c7kicYrYy5g==
x-goog-generation
1637625971121365
cache-control
public,max-age=3600
x-goog-stored-content-length
2835
accept-ranges
bytes
content-type
text/css
15.9042e8b0.chunk.js
cs.beta.fletch.ai/static/js/ 		717 KB
718 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/15.9042e8b0.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4e67e5b3b61e1f8869b80390a960d4acf809fcdf7825a9d93e15f3829694bde7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:05 GMT
age
30303
x-guploader-uploadid
ADPycdvTPz5UZrblO3W5ta178psJ-nZW6-gCt11KOVtGVS0l7pL3mh6mhqE73LAYY1JSrJSanNTPMj8x4TmgCOYDPGE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
734594
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"0f180f4fb4576c61c8463fadabbc2d36"
x-goog-hash
crc32c=Z69Bqg==, md5=DxgPT7RXbGHIRj+tq7wtNg==
x-goog-generation
1637625967832211
cache-control
public,max-age=3600
x-goog-stored-content-length
734594
accept-ranges
bytes
content-type
application/javascript
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2977852%26time%3D1637753288729%26url%3Dhttps%253A%252F%252Fcs.beta.fletch.ai%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&l...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&...
0
156 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&liSync=true&e_ipv6=AQIiKhqGAmdE7AAAAX1Rs_o2mI7vfQb8dynWIrKqy-MakwDCZch_hzWonTSti2vRgAsBVywR
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:09 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
x-li-proto
http/2
x-li-pop
prod-lva1
content-type
application/javascript
content-length
0
x-li-uuid
JUPzjfB3uhZwMIs+qyoAAA==

Redirect headers

date
Wed, 24 Nov 2021 11:28:09 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637753288729&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&liSync=true&e_ipv6=AQIiKhqGAmdE7AAAAX1Rs_o2mI7vfQb8dynWIrKqy-MakwDCZch_hzWonTSti2vRgAsBVywR
x-li-proto
http/2
x-li-pop
prod-lva1
content-length
0
x-li-uuid
3/vve/B3uhYAgkybHisAAA==
/
cs.beta.fletch.ai/api/v1/app/mp/decide/ 		12 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/api/v1/app/mp/decide/?verbose=1&version=1&lib=web&token=115e279999d130115d9f861b632c4eb5&ip=0&_=1637753288739
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/mp-2-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a38144f11c5b73a3fec085ac0cd40caacf4bc0c64e2efdc5a8d8c20a8d5c239a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:08 GMT
x-guploader-uploadid
ADPycdu59c7YKoEkT0J8GJ-0cagnQcYVbPxd_tLVBB4Mdk_eT4lgP2rWawYlRxODgO_ybLWB4JzuhdZv_A3fr2dVrhY
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
12311
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"e495ba186e296dc6c63b3ada739cf9a9"
x-goog-hash
crc32c=y66ZEw==, md5=5JW6GG4pbcbGOzrac5z5qQ==
x-goog-generation
1637625967329801
cache-control
no-store
x-goog-stored-content-length
12311
accept-ranges
bytes
content-type
text/html
expires
Thu, 24 Nov 2022 11:28:08 GMT
845692003047415
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/845692003047415?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6eb09ea090731cd6537290b4bb46a8b8607b9338a017a0a073b83146fd7eb970
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
zkI0z9iCHk6oxylADBm/nwlTsvJvBkhi+KSrkpQzLtRP5Z9Sb3OgDwZefmBdug6QIJ41c30iL3ot6agVu/PsZA==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 24 Nov 2021 11:28:08 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		90 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-84061015-7&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-433039094
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
c98b5ce8a8c04643c35948c9e93692c1f72077ebbc232983c6590d8064136c97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:09 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36206
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Nov 2021 11:28:09 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-84061015-7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1622
date
Wed, 24 Nov 2021 11:01:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 24 Nov 2021 13:01:07 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-433039094
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14378
x-xss-protection
0
server
cafe
etag
684346926396516684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 24 Nov 2021 11:28:08 GMT
bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
cs.beta.fletch.ai/p/slug/ 		76 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/p/slug/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d4a88a3f473ee5b22eb6eec3bc87edaa56f11afed1e5779d7a0db66e150ff077

Request headers

Accept
application/json, text/plain, */*
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:21:09 GMT
content-encoding
gzip
age
419
x-guploader-uploadid
ADPycdtyqpIQrBiHe8EMseEuA0xy8MQTKUd-0z8y2Q5S1CExdJ8wxhoGYjG6Rjkf1TuKqW41wAo_HAV32ovDTF3E7jd0IgOSog
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
content-disposition
inline
alt-svc
clear
content-length
12849
last-modified
Wed, 24 Nov 2021 07:51:04 GMT
server
UploadServer
etag
"41a2c3a2da46794154952442321cbc9a"
vary
Accept-Encoding
x-goog-hash
crc32c=MbDs0w==, md5=QaLDotpGeUFUlSRCMhy8mg==
x-goog-generation
1637740264130253
cache-control
max-age=300,public
x-goog-stored-content-length
12849
accept-ranges
bytes
content-type
application/json
config
cs.beta.fletch.ai/app/ 		77 B
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/app/config
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c52e519daac8d05fb80bf435e222532fed9bc1f4ad7668bf96bf3d8d668ca67c

Request headers

Accept
application/json, text/plain, */*
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:21:09 GMT
age
419
x-guploader-uploadid
ADPycdvsbP_G_QGoEeQPnpYZqA7YUEfizp3ZqonWxUGLzymGJZpreJSOU9pqtZ2q80bUTViTqhT1pak-tFe9Kz6eigBebodSxw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
77
last-modified
Tue, 23 Nov 2021 00:05:52 GMT
server
UploadServer
etag
"55f26df230fb1e049407c505fa47b78b"
x-goog-hash
crc32c=vOtx2Q==, md5=VfJt8jD7HgSUB8UF+ke3iw==
x-goog-generation
1637625952047910
cache-control
public,max-age=3600
x-goog-stored-content-length
77
accept-ranges
bytes
content-type
application/json
board_header_bg_crop_lighter.jpg
cs.beta.fletch.ai/images/ 		118 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/board_header_bg_crop_lighter.jpg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6a2c8c40484ecda4f895aad7d99cf828c93c3dab8f46d1f6f886ad89cafc3973

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:08 GMT
age
30300
x-guploader-uploadid
ADPycdsoI7PLKTGRymEo-b2uu_4BRZQuTVW07FjhiJWui5j7Str6ErCupGZ9cQPU4umjqZBZXs1jJ9xZ3OdpR0BywC0
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
120458
last-modified
Tue, 23 Nov 2021 00:06:12 GMT
server
UploadServer
etag
"e64162663674aa94ad79ae1ef4dc9e0d"
x-goog-hash
crc32c=pJPMuw==, md5=5kFiZjZ0qpStea4e9NyeDQ==
x-goog-generation
1637625972055758
cache-control
public,max-age=3600
x-goog-stored-content-length
120458
accept-ranges
bytes
content-type
image/jpeg
soehne-web-kraftig.8c846bed.woff
cs.beta.fletch.ai/static/media/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/media/soehne-web-kraftig.8c846bed.woff
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
acc376ac6d9938d6106d8741b45b171eda2ad20c7e417c1c43a17f7d012fefab

Request headers

Referer
https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Origin
https://cs.beta.fletch.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:13 GMT
age
30295
x-guploader-uploadid
ADPycduTUtX1XrBWp4-1bmAunk_T7gQi1QPSkOQiKtYbVmcgD6qUiDRyQaHzQWY2Hce981GZdHEEHTD4cnRCmQQ-7mU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
44825
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"8c846bed7b3e05c6f83d2cad385805d0"
x-goog-hash
crc32c=tSth5g==, md5=jIRr7Xs+Bcb4PSytOFgF0A==
x-goog-generation
1637625967586238
cache-control
public,max-age=3600
x-goog-stored-content-length
44825
accept-ranges
bytes
content-type
font/woff
Soehne-Buch.30939827.woff
cs.beta.fletch.ai/static/media/ 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/media/Soehne-Buch.30939827.woff
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f5aa7931c602a706f8cfc3565bfd49025592f62f48c3d1a19d7f31e20aab9de2

Request headers

Referer
https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Origin
https://cs.beta.fletch.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:13 GMT
age
30295
x-guploader-uploadid
ADPycdu2-LEpRxhFt1drUXwnRJbUKqZeZWwuHy28NM4TTdnZLCgzOnR35rQBxmju-Hj6S4oN4G82ijhLRQmmaXy3ulo
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
53461
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"309398270bd789b3d19c1584b4f8a69e"
x-goog-hash
crc32c=j8bQYA==, md5=MJOYJwvXibPRnBWEtPimng==
x-goog-generation
1637625967455761
cache-control
public,max-age=3600
x-goog-stored-content-length
53461
accept-ranges
bytes
content-type
font/woff
Soehne-Halbfett.432dd679.otf
cs.beta.fletch.ai/static/media/ 		295 KB
296 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/media/Soehne-Halbfett.432dd679.otf
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
0f354bb20dcc43d1d766f94a9358eaf79c2d62f2f3989d8d02233f1a2e78465e

Request headers

Referer
https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Origin
https://cs.beta.fletch.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:13 GMT
age
30296
x-guploader-uploadid
ADPycdv8ySkU8yewmSPJTK4m6uW1gBOUD7hElCr6xKeB5sD9C33hwNDQCKMXPOxQUS1qI5AGyjbP9FYS0-8I2egKeZo
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
302224
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"432dd679ce2bfad0a2f17f18b5057bb1"
x-goog-hash
crc32c=q/vs/w==, md5=Qy3Wec4r+tCi8X8YtQV7sQ==
x-goog-generation
1637625967588477
cache-control
public,max-age=3600
x-goog-stored-content-length
302224
accept-ranges
bytes
content-type
font/ttf
soehne-web-leicht.14f21be2.woff
cs.beta.fletch.ai/static/media/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/media/soehne-web-leicht.14f21be2.woff
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
be2211ac94119a1aa8dbe28622bb34ff30d9a3da2e1bbbc938bc21a02ddef142

Request headers

Referer
https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Origin
https://cs.beta.fletch.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:13 GMT
age
30295
x-guploader-uploadid
ADPycdsN13sICQFSEhzCueJfGWcKF7Co2oobeTnSMDeB7PAVgvyMIzkvyDRVvcsCnO98uHQAHSIFZqExD3CAEvXyJYU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
45609
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"14f21be29b1e423522c77a410041e908"
x-goog-hash
crc32c=tsrioQ==, md5=FPIb4pseQjUix3pBAEHpCA==
x-goog-generation
1637625967482113
cache-control
public,max-age=3600
x-goog-stored-content-length
45609
accept-ranges
bytes
content-type
font/woff
Soehne-Schmal-Halbfett.27c3cd20.woff
cs.beta.fletch.ai/static/media/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/media/Soehne-Schmal-Halbfett.27c3cd20.woff
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fd9d35514f30878774ee01ac88840ccb7fc343c08c9edb0eff39efa9723deb29

Request headers

Referer
https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Origin
https://cs.beta.fletch.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:13 GMT
age
30295
x-guploader-uploadid
ADPycdtr0pUgQErUL8wh80VV0x4Bc9gwMqRF7L3FOSbYnAKu6JFQoApcv2yvpFD1XpX_QbeP9W2-JJw6ciDpcYM7zAc
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
48983
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"27c3cd20d61015ffbe32f0c245e0c7b6"
x-goog-hash
crc32c=vGQS0w==, md5=J8PNINYQFf++MvDCReDHtg==
x-goog-generation
1637625967418768
cache-control
public,max-age=3600
x-goog-stored-content-length
48983
accept-ranges
bytes
content-type
font/woff
e4f238b0-cd92-4304-823d-73b3db2eeca9
cs.beta.fletch.ai/p/items/translate/ 		45 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/p/items/translate/e4f238b0-cd92-4304-823d-73b3db2eeca9
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
951b25ba62995fd0eae78f59971f9a4e96631aaccad9dd977821c443f030427f

Request headers

Accept
application/json, text/plain, */*
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:21:10 GMT
content-encoding
gzip
age
419
x-guploader-uploadid
ADPycduEKD2hWMwZk6C85-9uGUmmtk9pKep6vrgjvjZzSrv8Wz3pydtB60cfICW_Y_3dBCHjKVl3fVBFjxv-MHl2Zh8lmwWf2Q
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
content-disposition
inline
alt-svc
clear
content-length
13756
last-modified
Wed, 24 Nov 2021 07:51:04 GMT
server
UploadServer
etag
"5962369f522a9fb52437519a048f68bc"
vary
Accept-Encoding
x-goog-hash
crc32c=fzvIog==, md5=WWI2n1Iqn7UkN1GaBI9ovA==
x-goog-generation
1637740264469325
cache-control
max-age=300,public
x-goog-stored-content-length
13756
accept-ranges
bytes
content-type
application/json
a14fc96e-1c1b-4cd9-a3e6-5a3e87b8c252
cs.beta.fletch.ai/p/items/translate/ 		45 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/p/items/translate/a14fc96e-1c1b-4cd9-a3e6-5a3e87b8c252
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ea685396944b60da25bb34a2eefe51f13a0c026ddda53ae4a81948b7a3a8bda1

Request headers

Accept
application/json, text/plain, */*
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:21:10 GMT
content-encoding
gzip
age
419
x-guploader-uploadid
ADPycdtlCdh285KzSUjF-70OdkLUywNGaooIZy4v8zZJ_K9wyJCsRriPYbL5UHwlaGE3gfBTIdEFX9Ax3oHuio7D1o3LP499PA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
content-disposition
inline
alt-svc
clear
content-length
13723
last-modified
Wed, 24 Nov 2021 07:51:04 GMT
server
UploadServer
etag
"f9ba7521b6b623e7642a8773d1858829"
vary
Accept-Encoding
x-goog-hash
crc32c=/aEtOg==, md5=+bp1Iba2I+dkKodz0YWIKQ==
x-goog-generation
1637740264824108
cache-control
max-age=300,public
x-goog-stored-content-length
13723
accept-ranges
bytes
content-type
application/json
fletch_logo_bw.svg
cs.beta.fletch.ai/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/fletch_logo_bw.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1e891071b6b1543ee6477a67806131346eec099d4a1929c2baf9c7c30030b9b8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:08 GMT
age
30301
x-guploader-uploadid
ADPycduelaKI_P5gTtxjKWTAtDX35CbmRofELmatI721VmTYMpGrGYPPCdte0IBNAYTkpwPTXrAUVu6VqdZei28IM3g
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
1509
last-modified
Tue, 23 Nov 2021 00:06:12 GMT
server
UploadServer
etag
"605dcfe960fd0f9b097cb34a64ba7028"
x-goog-hash
crc32c=HkqaCA==, md5=YF3P6WD9D5sJfLNKZLpwKA==
x-goog-generation
1637625972669667
cache-control
public,max-age=3600
x-goog-stored-content-length
1509
accept-ranges
bytes
content-type
image/svg+xml
fb48746e-087a-47c4-9329-ddccdba8c205
app.beta.fletch.ai/api/v1/solutions/ 		77 KB
78 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.beta.fletch.ai/api/v1/solutions/fb48746e-087a-47c4-9329-ddccdba8c205
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
944741036cd82f4ee89d4c348b0da11e48bb248633be601b5616f1c07d70acd6

Request headers

Accept
application/json, text/plain, */*
Referer
https://cs.beta.fletch.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:09 GMT
via
1.1 google
server
istio-envoy
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
92
alt-svc
clear
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/433039094/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/433039094/?random=1637753289046&cv=9&fst=1637753289046&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&tiba=Fletch&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
405593686e097c0f192288fad5db0e243e990b9b286522529f5ea681da40b906
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:28:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1074
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1298844497&t=pageview&_s=1&dl=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&ul=en-us&de=UTF-8&dt=Fletch&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&an=fletch&_u=YEBAAUABAAAAAC~&jid=82417246&gjid=1552799017&cid=128544305.1637753289&tid=UA-84061015-7&_gid=1649799237.1637753289&_r=1&gtm=2ouba1&z=1969010697
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cs.beta.fletch.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:28:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cs.beta.fletch.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1298844497&t=pageview&_s=2&dl=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&dp=%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&ul=en-us&de=UTF-8&dt=Fletch&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=&gjid=&cid=128544305.1637753289&tid=UA-84061015-7&_gid=1649799237.1637753289&gtm=2ouba1&z=1917486981
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Nov 2021 23:34:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
42837
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
64e41225-9113-45ab-a062-8700710c1152
forms.hsforms.com/embed/v3/form/2580948/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/2580948/64e41225-9113-45ab-a062-8700710c1152?callback=hs_reqwest_0&hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/shell.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02732b305d18e8866ca06723c42ff0cddcef6bc855508f36e799ce41507b645b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
ba8c41a3-30e6-4751-817d-d25d501d817a
cf-ray
6b324acace655b74-FRA
content-disposition
attachment; filename=no-rfd.txt
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server
cloudflare
x-trace
2B414D80A376C15365E407671AE1A4535E9DB9CB55000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
truncated
/ 		765 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ad8e61cb6c034629c611c3f6990a94a64609d57ab34dba9b78f9bcfdd942eb34

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
cblk.svg
cs.beta.fletch.ai/images/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/logos/cblk.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d16463f3a423374d6ab4b5d16edbdd0e4e2f20c2ea40a6483f9504f4cdb1bb58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdueJTLy9ALcAq4AU3a0mw2Wfgl9mENYP_XqDe-PDMce2XkPQlt4stGoWHfJU-YLM1flSPM6akGbA2WXRnTO_3Y
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
1909
last-modified
Tue, 23 Nov 2021 00:06:16 GMT
server
UploadServer
etag
"7495c2144e5ff9da958098016254c677"
x-goog-hash
crc32c=CpLXiA==, md5=dJXCFE5f+dqVgJgBYlTGdw==
x-goog-generation
1637625976734404
cache-control
public,max-age=3600
x-goog-stored-content-length
1909
accept-ranges
bytes
content-type
image/svg+xml
cstk.svg
cs.beta.fletch.ai/images/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/logos/cstk.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9726248e2e3af5332851f1bfc54fde3c572dab0efbb9560967b4528b4fe67d09

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdtxCDTsYfBqTynJQsBMaINigmw_Ns-w9GJ9-4vvRbMDMBJQawUuKLTSXggpu-sNNXoKXyle63jVN3WjXzuI8Vg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
2149
last-modified
Tue, 23 Nov 2021 00:06:17 GMT
server
UploadServer
etag
"cddcf7bde93681bd798bbed7b347ffb0"
x-goog-hash
crc32c=jV+Daw==, md5=zdz3vek2gb15i77Xs0f/sA==
x-goog-generation
1637625977013604
cache-control
public,max-age=3600
x-goog-stored-content-length
2149
accept-ranges
bytes
content-type
image/svg+xml
qualys.svg
cs.beta.fletch.ai/images/logos/ 		998 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/logos/qualys.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
29cbba8d5191b793629778029fc15368bc890a11f21d2e55182d1e9eee4b82f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycduEYfA_6_9MWMuqgxfeRghRYGOWAgQKGhPNbvXhkG93mRdOBQBNf5DR_crg4mYYvq0Ll9eRWooClCXFmuR5NVM
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
998
last-modified
Tue, 23 Nov 2021 00:06:17 GMT
server
UploadServer
etag
"97b23854a98badffb41ac189121bc9cd"
x-goog-hash
crc32c=LooiVQ==, md5=l7I4VKmLrf+0GsGJEhvJzQ==
x-goog-generation
1637625977274609
cache-control
public,max-age=3600
x-goog-stored-content-length
998
accept-ranges
bytes
content-type
image/svg+xml
sntl.svg
cs.beta.fletch.ai/images/logos/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/logos/sntl.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ad8961a0d41b91ee44aa01834dc72ddf04235da353b88db48b71919989831da8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdsrpYl-EEcNSQKgNdO9CkGc5K0f8rw4ubcDC55ftTytepu4UPNU-xkoFFs0bDXzIGE_ZhfWFv7xSBQ5IPZUwcI
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
2559
last-modified
Tue, 23 Nov 2021 00:06:17 GMT
server
UploadServer
etag
"351447a13bf603170c9384c4e3eba8f4"
x-goog-hash
crc32c=GKf0mA==, md5=NRRHoTv2AxcMk4TE4+uo9A==
x-goog-generation
1637625977776400
cache-control
public,max-age=3600
x-goog-stored-content-length
2559
accept-ranges
bytes
content-type
image/svg+xml
tenable.svg
cs.beta.fletch.ai/images/logos/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/logos/tenable.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7c3cb12f461b8a3b43ff05c68324caf34a1abbf77c8635b48cbbe09f71558a0b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdvUXCjYLBDHlyWkt3da34IWIMQf_IjHlyQDJXTAabBPshLLSPd5w94XutPqz5hBysbQxnve_0L6JSR8ahcbKkbyO3zbww
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
12347
last-modified
Tue, 23 Nov 2021 00:06:17 GMT
server
UploadServer
etag
"83fd488134d1a906245804ad4be20711"
x-goog-hash
crc32c=ABtl2Q==, md5=g/1IgTTRqQYkWAStS+IHEQ==
x-goog-generation
1637625977698024
cache-control
public,max-age=3600
x-goog-stored-content-length
12347
accept-ranges
bytes
content-type
image/svg+xml
cblk.svg
cs.beta.fletch.ai/images/marketing/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/marketing/cblk.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7c19703373d6b8c077d4c357178a6220c66d66d626b377465fc2fba8ffa5449b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdsRbv8CC4aM-aaZw0nYOwmG9ZvSAqZx3KdPXdZw_R1As34-W2Pry8RxRaHkK6zwYc_p9G2wcJZ_V9YEqiqn1cE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
7326
last-modified
Tue, 23 Nov 2021 00:06:13 GMT
server
UploadServer
etag
"0cd0d2ee034786391f9edef7832738fd"
x-goog-hash
crc32c=WOe6vg==, md5=DNDS7gNHhjkfnt73gyc4/Q==
x-goog-generation
1637625972987096
cache-control
public,max-age=3600
x-goog-stored-content-length
7326
accept-ranges
bytes
content-type
image/svg+xml
cstk.svg
cs.beta.fletch.ai/images/marketing/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/marketing/cstk.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9d8d09eff3e153d4057abddf72d410f0d5dec35c18bf11ad9db9926cfeea8c25

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdvq6re5Qd7BvSwKycQ_ZqwxXmrPoIqILyoR-vcP8b5_PIv1fYrZiOa5c2EiZsE5woJUecC43AmUB7WjXGvmGUYKmDLlSQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
33927
last-modified
Tue, 23 Nov 2021 00:06:13 GMT
server
UploadServer
etag
"ee2bffc7b29570da46c4a171c2e29fd2"
x-goog-hash
crc32c=re+jjw==, md5=7iv/x7KVcNpGxKFxwuKf0g==
x-goog-generation
1637625973076557
cache-control
public,max-age=3600
x-goog-stored-content-length
33927
accept-ranges
bytes
content-type
image/svg+xml
qualys.svg
cs.beta.fletch.ai/images/marketing/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/marketing/qualys.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f4a610f666014be1e08c4a8179428c14920e3af6c987f24c7a89a1aa809bbfc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdvI7oDIqXpwZC-iIF11kedFlZqvlSkkLm4mWKLJvJRb-N0D8bo13dhZLcabXMBPThlf4ur5rat1iBknGamOmQEVW2rN4Q
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
5130
last-modified
Tue, 23 Nov 2021 00:06:13 GMT
server
UploadServer
etag
"63e25875b42dd9458bedb1a4aa9071ff"
x-goog-hash
crc32c=okx5zw==, md5=Y+JYdbQt2UWL7bGkqpBx/w==
x-goog-generation
1637625973101345
cache-control
public,max-age=3600
x-goog-stored-content-length
5130
accept-ranges
bytes
content-type
image/svg+xml
sntl.svg
cs.beta.fletch.ai/images/marketing/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/marketing/sntl.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
bcc9fc33849d7541b04de29c2fb4b34661fb650882d0d8e4917fc01628f3d656

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdubr4lraHVDap_-AWWzotCuTR9aKp0UlqF_OdqCCrJ9pU-q0vwi5z3vy90iQ-4OwLTT1BtOooVjuo-RI6baNVA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
8132
last-modified
Tue, 23 Nov 2021 00:06:13 GMT
server
UploadServer
etag
"100fae1c0f34ad531b4574172143c8a8"
x-goog-hash
crc32c=gqa1IA==, md5=EA+uHA80rVMbRXQXIUPIqA==
x-goog-generation
1637625973134298
cache-control
public,max-age=3600
x-goog-stored-content-length
8132
accept-ranges
bytes
content-type
image/svg+xml
tenable.svg
cs.beta.fletch.ai/images/marketing/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.beta.fletch.ai/images/marketing/tenable.svg
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
220305a15e5e7e8198b7e7e55e3b7928c27617b07061784684b3b21054710cc5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 03:03:56 GMT
age
30253
x-guploader-uploadid
ADPycdsQWrggY9bvGQfZ6iPeWgkSo2nAit8aCeMXdbMZixNfKyaC10QeF6wjOymkCHzKdJoagQDYtCGs5s7Q7o5n488
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
10141
last-modified
Tue, 23 Nov 2021 00:06:13 GMT
server
UploadServer
etag
"02abd22cbefab5028ef97afbafb58433"
x-goog-hash
crc32c=wvz23w==, md5=AqvSLL76tQKO+Xr7r7WEMw==
x-goog-generation
1637625973145388
cache-control
public,max-age=3600
x-goog-stored-content-length
10141
accept-ranges
bytes
content-type
image/svg+xml
/
www.google.com/pagead/1p-user-list/433039094/ 		0
0
/
www.google.de/pagead/1p-user-list/433039094/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/433039094/?random=1637753289046&cv=9&fst=1637751600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&tiba=Fletch&async=1&fmt=3&is_vtc=1&random=296228656&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:28:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
shell.js
js.hsforms.net/forms/ Frame 2566 		565 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/shell.js
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/shell.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:28:09 GMT
via
1.1 ea3bfccd683c652cb849f6ec1b5606a4.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
589
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 22 Nov 2021 03:35:42 UTC
server
cloudflare
etag
W/"81d36b7b25dcbaadd300923b7cd32d2c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFMgXvD%2Bx11hOUBK5T00BDh54o6XXSSmkem79qM4F%2FADJG1lhyjjPxOvNshTTIoeChcxvEl5z6sLZYqzKRQkyEm47V8pJWpJ0RGPPaP6HokrPb0SxSuoaQknZFrWpyApql9VXYIf%2BWjgKSni"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
DbFNkSWAQliTMR.LcB9YoOy1wsVfAP3h
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-P1
cf-ray
6b324acbdaef42fd-FRA
x-amz-cf-id
pD4OM4iX4ob36wmqgKfRwTLh7hwLpyzWRtKkFLe32NaknhXKP28ngQ==
x-hs-target-asset
FormsNext/static-5.415/bundles/project_with_deps.js
collect
stats.g.doubleclick.net/j/ 		4 B
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-84061015-7&cid=128544305.1637753289&jid=82417246&gjid=1552799017&_gid=1649799237.1637753289&_u=YEBAAUAAAAAAAC~&z=1922434901
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cs.beta.fletch.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 24 Nov 2021 11:28:09 GMT
content-type
text/plain
access-control-allow-origin
https://cs.beta.fletch.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame 2566 		54 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Gothic%20A1
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/shell.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f10.1e100.net
Software
ESF /
Resource Hash
82285f9a6bf3bb3e56df59bc6efbc6cb712a24f788e732d4d1a6110217cc2435
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 11:28:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 24 Nov 2021 11:28:09 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Nov 2021 11:28:09 GMT
ga-audiences
www.google.com/ads/ 		0
0
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-84061015-7&cid=128544305.1637753289&jid=82417246&_u=YEBAAUAAAAAAAC~&z=1264589514
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:28:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
CSR94z5ZnPydRjlCCwl6aaU4Qt0V05ZAcgT3T1VKO2vL6LbP.119.woff2
fonts.gstatic.com/s/gothica1/v8/ Frame 2566 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/gothica1/v8/CSR94z5ZnPydRjlCCwl6aaU4Qt0V05ZAcgT3T1VKO2vL6LbP.119.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Gothic%20A1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
271f49e98413a0f7f574d354837ba39b2a084b8a50421e13e8935add8dfad361
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://cs.beta.fletch.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 04:36:28 GMT
x-content-type-options
nosniff
age
456702
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9384
x-xss-protection
0
last-modified
Tue, 16 Jul 2019 02:49:40 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 19 Nov 2022 04:36:28 GMT
/
cs.beta.fletch.ai/api/v1/app/mp/track/ 		188 B
356 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/api/v1/app/mp/track/?verbose=1&ip=0&_=1637753293734
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/mp-2-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2e7b572fb8c157fa128e3ca13f7c7f904176c4f59b010a8e498af74cd5891103

Request headers

Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 24 Nov 2021 11:28:13 GMT
server
UploadServer
alt-svc
clear
content-length
188
x-guploader-uploadid
ADPycduL8OtTFMdNboaBAg3BjfXAuzb2BTelHl3sIwoPyBUPRShSWiKGwr_YPvNvGvcPPMEUyctXQxmlkFTGqoeH-3j631qArQ
content-type
application/xml; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com
URL
https://www.google.com/pagead/1p-user-list/433039094/?random=1637753289046&cv=9&fst=1637751600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors&tiba=Fletch&async=1&fmt=3&is_vtc=1&random=296228656&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Domain
www.google.com
URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-84061015-7&cid=128544305.1637753289&jid=82417246&_u=YEBAAUAAAAAAAC~&z=1264589514

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| MIXPANEL_CUSTOM_LIB_URL object| mixpanel function| fullstory boolean| _fs_debug string| _fs_host string| _fs_org string| _fs_namespace function| intercom object| intercomSettings string| host object| mixpanelConfig function| getQueryParam function| campaignParams string| mixpanelID string| intercomID function| FS function| Intercom function| gtag object| dataLayer function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| webpackJsonpshenlon-ui object| regeneratorRuntime number| __mobxInstanceCount object| __mobxGlobals object| scCGSHMRCache function| setImmediate function| clearImmediate object| FontAwesomeConfig object| ___FONT_AWESOME___ number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ object| _dsStore boolean| _already_called_lintrk object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| __core-js_shared__ function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| gaplugins object| gaGlobal object| gaData object| HSFR object| _hsq function| hs_reqwest_0

15 Cookies

Domain/Path Name / Value
cs.beta.fletch.ai/ Name: onboarding
Value: {%22adminRequests%22:{}%2C%22connectingPlatforms%22:[]%2C%22collaboratorsInvited%22:[]}
.fletch.ai/ Name: mp_115e279999d130115d9f861b632c4eb5_mixpanel
Value: %7B%22distinct_id%22%3A%20%2217d51b3f8208b8-0754b5491ac7b5-978183a-1d4c00-17d51b3f821b9a%22%2C%22%24device_id%22%3A%20%2217d51b3f8208b8-0754b5491ac7b5-978183a-1d4c00-17d51b3f821b9a%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22__mps%22%3A%20%7B%22%24os%22%3A%20%22Windows%22%2C%22%24browser%22%3A%20%22Chrome%22%2C%22%24browser_version%22%3A%2096%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%7D
.fletch.ai/ Name: _gcl_au
Value: 1.1.627632469.1637753289
.linkedin.com/ Name: UserMatchHistory
Value: AQKtgmX70eBlJAAAAX1Rs_kpz3vpu3HpowOpELSRxHORMLufmY-yq3gPzL2Us00Rw_6a9XL5d1xCRA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLb9XjBZ9YdPgAAAX1Rs_kpZgLCGAEXlJnxq8PDZdeYKWe8jUPOBaWzeFOWfZ-cLyhLOWO1scA9Vm0omfCvGg
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&ffd0ed36-4b89-4494-8f99-a1238fd5d4ed"
.linkedin.com/ Name: lidc
Value: "b=VGST05:s=V:r=V:a=V:p=V:g=2359:u=1:x=1:i=1637753289:t=1637839689:v=2:sig=AQF1pcRP-OAv31TSmcImT1dmPqKA_RhB"
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20211124112809c05cf37c-02ef-4e03-8a11-10d321475912AQFeF53MxWClAZmWwaZKpuucb1_WVe9d"
.linkedin.com/ Name: li_gc
Value: MTswOzE2Mzc3NTMyODk7MjswMjE8Gc1bvlTfNfUu0H4FwuEQmWM4dABM2gJp7BiS/utasQ==
.fletch.ai/ Name: _ga
Value: GA1.2.128544305.1637753289
.fletch.ai/ Name: _gid
Value: GA1.2.1649799237.1637753289
.fletch.ai/ Name: _gat_gtag_UA_84061015_7
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

3 Console Messages

Source Level URL
Text
network error URL: https://cs.beta.fletch.ai/api/v1/app/mp/decide/?verbose=1&version=1&lib=web&token=115e279999d130115d9f861b632c4eb5&ip=0&_=1637753288739
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.fullstory.com/s/fs.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cs.beta.fletch.ai/api/v1/app/mp/track/?verbose=1&ip=0&_=1637753293734
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.beta.fletch.ai
connect.facebook.net
cs.beta.fletch.ai
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
fullstory.com
googleads.g.doubleclick.net
js.hsforms.net
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
stats.g.doubleclick.net
www.fullstory.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.google.com
108.174.10.14
142.250.184.238
142.250.185.138
142.250.185.194
142.250.185.66
142.250.186.136
142.250.186.163
172.217.16.131
2606:4700::6810:5605
2606:4700::6811:b749
2620:119:50e5:101::9002:c05
2620:1ec:21::14
2a00:1450:400c:c06::9d
2a02:26f0:6c00::210:ba11
2a03:2880:f02d:100:face:b00c:0:3
2a05:d014:275:cb00:60f:54cb:281a:9d22
34.102.249.32
75.2.60.5
02732b305d18e8866ca06723c42ff0cddcef6bc855508f36e799ce41507b645b
0f354bb20dcc43d1d766f94a9358eaf79c2d62f2f3989d8d02233f1a2e78465e
13afab5a3fbef1e85b123abfb9158df6e0b79e73ad676fe98968090359dd1c63
1e891071b6b1543ee6477a67806131346eec099d4a1929c2baf9c7c30030b9b8
220305a15e5e7e8198b7e7e55e3b7928c27617b07061784684b3b21054710cc5
22be54768ea412635eb9e7f33ee7e2cdbda2b0bc9c413edc57f2256add63ebfb
271f49e98413a0f7f574d354837ba39b2a084b8a50421e13e8935add8dfad361
29997e548c243d96a5a2c9bd4aca2b9cb899ed59819bb3f3b77abfc7d15ecb3a
29cbba8d5191b793629778029fc15368bc890a11f21d2e55182d1e9eee4b82f0
2e7b572fb8c157fa128e3ca13f7c7f904176c4f59b010a8e498af74cd5891103
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
2f4a610f666014be1e08c4a8179428c14920e3af6c987f24c7a89a1aa809bbfc
302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
3dc3dd9c188828ef890e6c5b4c84c56c1500fc7a9ddc61f46652fb18578540e0
405593686e097c0f192288fad5db0e243e990b9b286522529f5ea681da40b906
4a159be322669182463a52c33e76758bc454b7304ce490890106b2c76f0db2e8
4e67e5b3b61e1f8869b80390a960d4acf809fcdf7825a9d93e15f3829694bde7
53de1be32dccbff21320260c0c67670a4a97fc5e65cd4b1e6693e68e3206e112
60ad8e7c27dcccadf29e2a78e1ad90217ac83fe90c23cd5ad6557fcba7ebd3fb
642e2f439490aeb35ac0ee85c8ea29884c19066750e4a0a9b639813fde78df00
6a2c8c40484ecda4f895aad7d99cf828c93c3dab8f46d1f6f886ad89cafc3973
6eb09ea090731cd6537290b4bb46a8b8607b9338a017a0a073b83146fd7eb970
7b3c3579a507ee552163a6cf0bdb46ae585cc9ab998d7054d093e358d5b6814f
7c19703373d6b8c077d4c357178a6220c66d66d626b377465fc2fba8ffa5449b
7c3cb12f461b8a3b43ff05c68324caf34a1abbf77c8635b48cbbe09f71558a0b
82285f9a6bf3bb3e56df59bc6efbc6cb712a24f788e732d4d1a6110217cc2435
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
860db316dab7ba4947d9d82a085cdae25947737cd5fdcbc4aa55310cb5d74035
893e252e6cbff40bd095beafc2bb4b52fb4f68683345bebeed6d70244efc299f
944741036cd82f4ee89d4c348b0da11e48bb248633be601b5616f1c07d70acd6
951b25ba62995fd0eae78f59971f9a4e96631aaccad9dd977821c443f030427f
9726248e2e3af5332851f1bfc54fde3c572dab0efbb9560967b4528b4fe67d09
9c187bd1e054b6450fa6e9fc7cd8130ea7c2da5d50825e8f9abd80c010bd49af
9d8d09eff3e153d4057abddf72d410f0d5dec35c18bf11ad9db9926cfeea8c25
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a38144f11c5b73a3fec085ac0cd40caacf4bc0c64e2efdc5a8d8c20a8d5c239a
acc376ac6d9938d6106d8741b45b171eda2ad20c7e417c1c43a17f7d012fefab
ad8961a0d41b91ee44aa01834dc72ddf04235da353b88db48b71919989831da8
ad8e61cb6c034629c611c3f6990a94a64609d57ab34dba9b78f9bcfdd942eb34
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
bcc9fc33849d7541b04de29c2fb4b34661fb650882d0d8e4917fc01628f3d656
be2211ac94119a1aa8dbe28622bb34ff30d9a3da2e1bbbc938bc21a02ddef142
c52e519daac8d05fb80bf435e222532fed9bc1f4ad7668bf96bf3d8d668ca67c
c98b5ce8a8c04643c35948c9e93692c1f72077ebbc232983c6590d8064136c97
d16463f3a423374d6ab4b5d16edbdd0e4e2f20c2ea40a6483f9504f4cdb1bb58
d4a88a3f473ee5b22eb6eec3bc87edaa56f11afed1e5779d7a0db66e150ff077
dc335d65ba390ea6e1dab9ed15666899d58fac8d3694b63a3258c259bc313587
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1617e475ad74e69f98c4faba987b188113d53e44329b724bda0c8ed8dfd0f79
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea685396944b60da25bb34a2eefe51f13a0c026ddda53ae4a81948b7a3a8bda1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aa7931c602a706f8cfc3565bfd49025592f62f48c3d1a19d7f31e20aab9de2
fd9d35514f30878774ee01ac88840ccb7fc343c08c9edb0eff39efa9723deb29
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3