blog.pradeo.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLc...
Effective URL:
https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANq...
Submission: On October 13 via api (October 13th 2023, 8:55:37 am UTC) from US — Scanned from DE

Summary HTTP 70 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 22 IPs in 2 countries across 19 domains to perform 70 HTTP transactions. The main IP is 2606:2c40::c73c:671f, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.pradeo.com.
TLS certificate: Issued by GTS CA 1P5 on September 15th 2023. Valid for: 3 months.

This is the only time blog.pradeo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 30	2606:2c40::c7... 2606:2c40::c73c:671f	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:6ed1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
7	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:5ffd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6812:7d0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:f7a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e6a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4cba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:c07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:a07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:f812	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
70	22

30 2606:2c40::c73c:671f (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.pradeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:6ed1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

3067823.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:5ffd (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7d0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f7a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e6a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4cba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:a07d (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:f812 (United States)

ASN13335 (CLOUDFLARENET, US)

f.hubspotusercontent10.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	pradeo.com 1 redirects blog.pradeo.com	1 MB
7	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 13427 app.hubspot.com — Cisco Umbrella Rank: 6214 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6556 track.hubspot.com — Cisco Umbrella Rank: 2658	135 KB
5	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4956 forms-na1.hsforms.com — Cisco Umbrella Rank: 7966 perf.hsforms.com — Cisco Umbrella Rank: 14252	5 KB
5	gstatic.com fonts.gstatic.com	39 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2528	16 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1192 syndication.twitter.com — Cisco Umbrella Rank: 1427	132 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2250	290 B
2	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 6516	89 KB
1	hubspotusercontent10.net f.hubspotusercontent10.net — Cisco Umbrella Rank: 64230	72 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2519	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3531	4 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5287	22 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5142	86 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5039	2 KB
1	hubspotusercontent-na1.net 3067823.fs1.hubspotusercontent-na1.net	2 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 9766	2 KB
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 4004	160 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	89 KB
70	19

	Domain	Requested by
30	blog.pradeo.com	1 redirects blog.pradeo.com js.usemessages.com
5	fonts.gstatic.com	fonts.googleapis.com
4	track.hubspot.com
4	fonts.googleapis.com	blog.pradeo.com
3	perf.hsforms.com	blog.pradeo.com
3	js.hs-banner.com	blog.pradeo.com js.hs-banner.com
2	region1.google-analytics.com	www.googletagmanager.com
2	platform.twitter.com	blog.pradeo.com platform.twitter.com
2	static.hsappstatic.net	blog.pradeo.com
1	syndication.twitter.com	platform.twitter.com
1	f.hubspotusercontent10.net	blog.pradeo.com
1	forms-na1.hsforms.com	blog.pradeo.com
1	forms.hsforms.com	blog.pradeo.com
1	js.hs-analytics.net	blog.pradeo.com
1	js.hsadspixel.net	blog.pradeo.com
1	js.usemessages.com	blog.pradeo.com
1	js.hsleadflows.net	blog.pradeo.com
1	cta-service-cms2.hubspot.com	blog.pradeo.com
1	app.hubspot.com	blog.pradeo.com
1	ws.zoominfo.com	blog.pradeo.com
1	3067823.fs1.hubspotusercontent-na1.net	blog.pradeo.com
1	no-cache.hubspot.com	blog.pradeo.com
1	cdn2.hubspot.net	blog.pradeo.com
1	platform.linkedin.com	blog.pradeo.com
1	www.googletagmanager.com	blog.pradeo.com
70	25

This site contains links to these domains. Also see Links.

Domain
pradeo.com
www.pradeo.com
www.linkedin.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
blog.pradeo.com GTS CA 1P5	`2023-09-15` - `2023-12-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-09-30` - `2024-09-29`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-06` - `2024-05-05`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
Frame ID: 5DDB908C200DFDBFC41BCA55252C6D77
Requests: 67 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fblog.pradeo.com
Frame ID: BBB118AD4F759144EB3FD429FF0F26E8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SpyNote malware now targeting banking applications

Page URL History Show full URLs

https://blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y... Page URL
https://blog.pradeo.com/events/public/v1/encoded/track/tc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7... HTTP 307
https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=27... Page URL

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

70
Requests

100 %
HTTPS

95 %
IPv6

19
Domains

25
Subdomains

22
IPs

2
Countries

1907 kB
Transfer

4055 kB
Size

6
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://pradeo.com/

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/pradeo-security
Title: Pradeo Security Technology

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/mobile-applications-security-expertise
Title: Application Expertise

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/mobile-data-privacy-regulation
Title: Data Protection Laws

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/mobile-threat-defense
Title: Mobile Threat Defense

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/application-security-testing
Title: Mobile App Security Testing

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/in-app-protection
Title: In-App Protection

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/private-app-store
Title: Secure Private Store

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/mobile-threat-intelligence#perso-threat-intelligence
Title: Mobile Threat Intelligence

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/uem-mdm-security
Title: UEM / MDM Security

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/datasheet/white-paper-government-mobility-security
Title: Government

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/datasheet/business-case-rasp-bank
Title: Banking & Insurance

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/datasheet/business-case-mast-pharma
Title: Pharmaceutical

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/datasheet/business-case-mtd-logistic
Title: Logistic

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/datasheet/business-case-airwatch-energy
Title: Energy

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/pradeo-ressources
Title: Solution datasheets

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/pradeo-ressources#use-case
Title: Customer Case Studies

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/pradeo-ressources#emm-integrtion
Title: Integration datasheets

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/pradeo-ressources#white_papers
Title: White Papers, Reports & Studies

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/pradeo-ressources#webinars
Title: Webinars

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/pradeo-marketplace
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/about-us
Title: About us

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/about-us#our_team
Title: Our team

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/about-us#awards
Title: Awards

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/about-us#jobs
Title: Jobs

Search URL Search Domain Scan URL

URL: https://pradeo.com/en-US/contact-us
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/contact-us
Title: Contact us

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/pradeo-ressources#white_papers
Title: Resources

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/uem-mdm-security
Title: UEM security

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/pradeo-ressources#use-case
Title: Use cases

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/mobile-data-privacy-regulation
Title: Data protection

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/mobile-threat-defense
Title: Mobile Threat Defense

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/application-security-testing
Title: Mobile Application Security Testing

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/in-app-protection
Title: In-App Protection

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/private-app-store
Title: Secure Private Store

Search URL Search Domain Scan URL

URL: https://www.pradeo.com/en-US/mobile-threat-intelligence#perso-threat-intelligence
Title: Mobile Threat Intelligence

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/pradeo-security-systems

Search URL Search Domain Scan URL

URL: https://twitter.com/pradeo

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCD7hgYE8WuipxJtxsHDUdMA

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLcdzW3LhXCT24T91jW6DDFG055Yg3fVN1H7H5x6dJqW5W-Lsx5xq8sJN5bKYNXCNgZyW3nn7mD53Sf70W14LsY_7T72y0W2d6h8W45-nKPW8dZBFt3vTkVfW6R9RW75v3FyzW94N63F8DcJMgW3fwv9G9gSWRcW22CqMv3PCbjdW8xJKBL4DMLBwW2jxQVJ2DXRNXN8h05txX4smpVtV7xc4HtP3YW57PV_T7YDy7hW6qMs3k80R7NTW30xKYQ8T40-tW20Fp1X4MZ5SMW639RQT46GNM2N18XlffK_GyKVYqD2m3S0vgTW6vzgmb8pyqX8f3gx-mg04 Page URL
https://blog.pradeo.com/events/public/v1/encoded/track/tc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLcdzW3LhXCT24T91jW6DDFG055Yg3fVN1H7H5x6dJqW5W-Lsx5xq8sJN5bKYNXCNgZyW3nn7mD53Sf70W14LsY_7T72y0W2d6h8W45-nKPW8dZBFt3vTkVfW6R9RW75v3FyzW94N63F8DcJMgW3fwv9G9gSWRcW22CqMv3PCbjdW8xJKBL4DMLBwW2jxQVJ2DXRNXN8h05txX4smpVtV7xc4HtP3YW57PV_T7YDy7hW6qMs3k80R7NTW30xKYQ8T40-tW20Fp1X4MZ5SMW639RQT46GNM2N18XlffK_GyKVYqD2m3S0vgTW6vzgmb8pyqX8f3gx-mg04?_ud=a27df469-f7fc-4927-8e9e-5938fe2d3185&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

70 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLcdzW3LhXCT24T91jW6DDFG055Yg3fVN1H7H5x6dJqW5W-Lsx5xq8sJN5bKYNXCNgZyW3nn7mD53Sf70W14LsY_7T72y0W2d6h8W45-nKPW8dZBFt3vTkVfW6R9RW7...
blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/ 8 KB
4 KB 345ms
236ms Document
text/html 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLcdzW3LhXCT24T91jW6DDFG055Yg3fVN1H7H5x6dJqW5W-Lsx5xq8sJN5bKYNXCNgZyW3nn7mD53Sf70W14LsY_7T72y0W2d6h8W45-nKPW8dZBFt3vTkVfW6R9RW75v3FyzW94N63F8DcJMgW3fwv9G9gSWRcW22CqMv3PCbjdW8xJKBL4DMLBwW2jxQVJ2DXRNXN8h05txX4smpVtV7xc4HtP3YW57PV_T7YDy7hW6qMs3k80R7NTW30xKYQ8T40-tW20Fp1X4MZ5SMW639RQT46GNM2N18XlffK_GyKVYqD2m3S0vgTW6vzgmb8pyqX8f3gx-mg04

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 81565d2d8e5f4d2b-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Fri, 13 Oct 2023 08:55:30 GMT
last-modified: Fri, 13 Oct 2023 08:55:30 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPSI%2F7pWdlHz9uCbjvqhnTtN5vuZN0z8GV6eYAYPCXyw1YLkEqCa4NZmMxcNkEtJ4rPRDdmwZCKHOukDA92mouhtkcwaemVQ4%2BDAp0W442SZXtreLZEncLhMXpKKIZflGyqGJvsrcge%2FhAMNLA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 18
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-7d997f8c5-m9vdf
x-evy-trace-virtual-host: all
x-hs-https-only: worker
x-hubspot-correlation-id: 6bfcf1dd-b92c-4ddb-a8de-2013027c7016
x-request-id: 6bfcf1dd-b92c-4ddb-a8de-2013027c7016
x-robots-tag: none

GET
H3

200

Primary Request spynote-malware-now-targeting-banking-applications Show response
blog.pradeo.com/
Redirect Chain

https://blog.pradeo.com/events/public/v1/encoded/track/tc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLcdzW3LhXCT24T91jW6DDFG055Yg3fVN1H7H5x6dJqW5W-Lsx5xq8...
https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM...

89 KB
19 KB

500ms
500ms

Document
text/html

2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLcdzW3LhXCT24T91jW6DDFG055Yg3fVN1H7H5x6dJqW5W-Lsx5xq8sJN5bKYNXCNgZyW3nn7mD53Sf70W14LsY_7T72y0W2d6h8W45-nKPW8dZBFt3vTkVfW6R9RW75v3FyzW94N63F8DcJMgW3fwv9G9gSWRcW22CqMv3PCbjdW8xJKBL4DMLBwW2jxQVJ2DXRNXN8h05txX4smpVtV7xc4HtP3YW57PV_T7YDy7hW6qMs3k80R7NTW30xKYQ8T40-tW20Fp1X4MZ5SMW639RQT46GNM2N18XlffK_GyKVYqD2m3S0vgTW6vzgmb8pyqX8f3gx-mg04

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b139ebddb534ba35b61120ee306076d3467a0f96d3994fefdaf345afe287ceb6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLcdzW3LhXCT24T91jW6DDFG055Yg3fVN1H7H5x6dJqW5W-Lsx5xq8sJN5bKYNXCNgZyW3nn7mD53Sf70W14LsY_7T72y0W2d6h8W45-nKPW8dZBFt3vTkVfW6R9RW75v3FyzW94N63F8DcJMgW3fwv9G9gSWRcW22CqMv3PCbjdW8xJKBL4DMLBwW2jxQVJ2DXRNXN8h05txX4smpVtV7xc4HtP3YW57PV_T7YDy7hW6qMs3k80R7NTW30xKYQ8T40-tW20Fp1X4MZ5SMW639RQT46GNM2N18XlffK_GyKVYqD2m3S0vgTW6vzgmb8pyqX8f3gx-mg04
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 81565d30ace04d44-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 13 Oct 2023 08:55:31 GMT
edge-cache-tag: CT-137969508747,CG-2378615,CG-4214981702,P-2378615,L-40774621311,L-40775681335,L-40798544809,W-40873874761,W-40879374656,CW-18345526332,CW-40775538069,CW-40775538070,CW-40775552769,CW-40775552770,CW-40775603651,CW-40775603652,CW-40775680974,CW-40775776995,E-40775681226,E-40775681446,E-40775689242,MENU-40873874761,MENU-40879374656,PGS-ALL,SW-1,B-4214981702,GC-40839529451,GC-45696088322
etag: W/"04131527110d7d1eb0f9f13afbf6045b"
last-modified: Sat, 07 Oct 2023 23:05:18 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kw%2FA1I3c1%2FCBu%2B2GZLJLsLiOq6aYcusYSivuMy6CWnhhEsr7j0EYWWUXbH5lnwOuJOEJMn2Fbbnec7zKNXbI37P1yGdsZhA6Xax4YE%2B65JEjn1GDGMA%2FO%2FDQoDhJOUTA2SB9SkYcVUQXjbaQg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 137969508747
x-hs-https-only: worker
x-hs-hub-id: 2378615
x-hs-prerendered: Sat, 07 Oct 2023 23:05:18 GMT

Redirect headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 81565d2f282a4d2b-FRA
content-security-policy: upgrade-insecure-requests
date: Fri, 13 Oct 2023 08:55:30 GMT
link: <https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email>; rel="canonical"
location: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HBEIAQYyJ247tYg91OGmDiqovkWN8QFMmWxgi8B8bCY7aZOBhU5pfnkILTZsprO0v7qtXky3bmcKMKm8dEjGUpf1xi0gGDFUgajqJfOiDWpEcF6L6h9ohrBI40ihd5mxWqibgz6dxJRHC%2FGoA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 32
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-7d997f8c5-ncz5v
x-evy-trace-virtual-host: all
x-hs-https-only: worker
x-hubspot-correlation-id: 703cc6c8-d80f-4458-94a1-25b4b038ab92
x-request-id: 703cc6c8-d80f-4458-94a1-25b4b038ab92
x-robots-tag: none

GET
H3 200 index.js Show response
blog.pradeo.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 88ms
87ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 5cb605e8100138acccc04f094724133e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 8228225
x-amz-cf-pop: CDG52-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p4K6DbiKu%2BZmd8M062Mnmhg4C6%2FV5Kufm0COZ7n8ypO5%2FZ8ukgj0jSl5dJR6A6B3sGP7kEbcnfLR8fehhXSjLxyOClUmA4%2BbV3VtaGtZAJvYMq4U86vPyy7DI6Q8M5MhWZx99GdmHw2CD1E6vg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 81565d33d8d74d44-FRA
x-amz-cf-id: 1HpAFXqvL-enGli7aFtbEYFS9QYd6YvOX2Rnrw2xQ2piSsJZzYKgAg==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H3 200 project.js Show response
blog.pradeo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 124ms
120ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1448790
x-amz-cf-pop: DUS51-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncGnwDs5QtutfYJ58JuHgqymRnbgKJyb%2BpqhGvjd6PbfwjAZz4ZMJLWAm0lg1HadwJYkSdVoPHC2bzDeKDOCSfYZoMYRhmfpijA9fmaAKTnRrzjwWlHGpzMfJS8pzn804Q9S68eS59VYFLhgbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 81565d33d8de4d44-FRA
x-amz-cf-id: LNgj2ZIytuqwkMnVDvc_2UlrPogsB_9S_K5-bFYWj8ZYsrBK9EcLUw==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H3 200 project.js Show response
blog.pradeo.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 85ms
81ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 574068
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qN9IXuly7ighyzn7rUcNotn3YPyA5DZPhA%2FqekmL9UYl0pBLrd2KDujiRViS7FspoZ1YnRBGEwkdY2J0tw8m10T9zSemL5ClAG%2FLjE28FVbN1L05BR85sryGAvUPF25exBDrG1Xdj7WKX3o50A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 81565d33d8df4d44-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H3 200 post_listing_asset.js Show response
blog.pradeo.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 85ms
82ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 8223549
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cLMUr0S5Ze2qSIcBCtRjGYix6a3tXpymJ1tjaoqsyElUMyF8NI6vNq4IO6YWmo%2FbI299dFdQ9xfEwrDraAqeLYmvXiTG09lwp3YSWYbkhRPCizfihr3aev%2FGhCKLgq1zMGo2Is004JJ4ot428g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 81565d33d8e14d44-FRA
x-amz-cf-id: mhe-XZqlu0UYIouskl3OSMY2m4X2j8did-p1-Mtvgj_trvaRM8b1YA==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H3 200 v2.js Show response
blog.pradeo.com/_hcms/forms/ 563 KB
186 KB 88ms
85ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

279817a125934c4629aa278564e64fca0dcb0fdc45f38739e38c9cab297d2a92

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 228
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3938/bundles/project-v2.js&cfRay=815657a4069f5d8e-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"df4d197f9648d27915af7ec01a018b73"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3938/bundles/project-v2.js
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: pLPYW3H2ND7V2jGLhGJ4mCejj6Xammwx
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: de171d4b-4b73-455b-ad8d-3d1ea03d310c
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: de171d4b-4b73-455b-ad8d-3d1ea03d310c
last-modified: Thu, 12 Oct 2023 03:05:49 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BWVyp5cClsZPupB5OrqZrAOn2tWIfnCqqqYjrJrJBijA8ogMHLSn%2Fj4JvLn4LzMroGZdYp4uXKetEyjy6WLLudbTmKnsWPm%2FvpPgkBfIt0CYnqsh74a1ECu87KVzu24drd614pBSRJpkZIlMA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-97z5m
cf-ray: 81565d33d8e24d44-FRA
x-amz-cf-id: dNK44JIebQm2zCRRXUnHJMl0zalDoyaDgN7zCUWPVljuXAiOUd16Hw==

GET
H3 200 jquery-1.7.1.js Show response
blog.pradeo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
34 KB 205ms
202ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 502399
x-amz-cf-pop: DUS51-P2
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZQvIObwFyLxJEN56NPlVVFId9lX1eOfMXLTUwU1aGz%2BOZs5i%2BDMiko3%2Fr%2FnwQ0NhD5yPkEQAD%2BdR2x0jCPJ%2BSmpmJ6ux%2FnH3VS%2BOW0biRUlLfsBcevaScCUt%2BLW1N59CwUvF7YKwaoVz%2BIQPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 81565d33d8e44d44-FRA
x-amz-cf-id: fm5oEyshHguW5eyTWJujGExVMJHQq6j4KXVELLj8_f20U-gCmo27Iw==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H3 200 rss_post_listing.css
blog.pradeo.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
1016 B 88ms
85ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 8223549
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2B8BoO6S70VMNkLS0tP9CWsx%2FSCUoCz7tNGQEHWuPm1ye5P4e%2F1iRlG6EfXH8xovIbpiGM4yLpWFIAveS5Q9Qq01KSadeKoeY3MQaOF5MzPqSyBo79tvtaeoNiRibNiCywXcZ3mhtcBrW4fsdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 81565d33d8e84d44-FRA
x-amz-cf-id: Hv7KHoUC0V9DtyqH_USTeUTGCSaKjY55iHZcx3f-paYsvF8FK62-6A==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
89 KB 159ms
59ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-728CP3087N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

05ddf9cec7d99350f0d520cffbe4f489995c1cf2ed305d2b2fba71191bbef8df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90996
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 13 Oct 2023 08:55:31 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 188ms
40ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6722) /

Resource Hash

c7d2435a17074fcf9d68f3dc278cdcdbaa0591d4dc6df866c6dd1f4b4f57d2ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 3285
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163638
x-li-uuid: AAYHlHQ7cmivfgfHXfiRgg==
last-modified: Fri, 13 Oct 2023 08:00:46 GMT
server: ECAcc (frb/6722)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Fri, 13 Oct 2023 09:00:46 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1696612711849/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 156ms
62ms Stylesheet
text/css 2606:4700::6810:6ed1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1696612711849/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.pradeo.com
URL: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6ed1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-encoding: br
age: 574558
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1696612712490
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 13 Oct 2023 08:55:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3a52bb66-ba37-47de-b73b-a00257bbbc7a
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3a52bb66-ba37-47de-b73b-a00257bbbc7a
last-modified: Fri, 06 Oct 2023 17:18:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fe5EX%2B2KR%2BKEAG0josHJMhXfl6hMLBcXbXg8viCzgsO%2FzrPjVOdC0hdBb471VNAjFYZdCg2Wv7xvBP51XmUosazKn2NLhpzNQ4v9kUklLPeVlgc20RecZO74F0cJ%2FVwkLBX2YgMnGbN3r%2BUgMfg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 81565d346d67373b-FRA

GET
H3 200 Awwal_Modern_Blog_Listing_Template.min.css
blog.pradeo.com/hs-fs/hub/2378615/hub_generated/template_assets/40775681226/1613135024221/Marketplace/Awwal_Design/Awwal_-_Modern_Blog_Listing_Template/Coded_Files/ 177 KB
26 KB 208ms
205ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs-fs/hub/2378615/hub_generated/template_assets/40775681226/1613135024221/Marketplace/Awwal_Design/Awwal_-_Modern_Blog_Listing_Template/Coded_Files/Awwal_Modern_Blog_Listing_Template.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7f62ea39d88b892aeda6480442d454ef8600da13390b6c9dcdb7d9e66295d8b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 8950MQTF77SVKBRQ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"6b9cb05386971da33bfe35e1b1272e20"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1613135024221
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 7007d03050a44a1c68abb38fc262d3f4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: wS5uxEC7EK4H6jIWXkJRHN1hWh1jlZKU
x-amz-cf-pop: IAD55-P5
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sUjNaQS/tcpMBxKBKy/Q766cOJh/V+LlZFFHnCUiX23xUU1PSwcEcGun2sPMP709XOm2J+1x1iQ=
x-request-id: 6ce98f23-2888-44e6-b74e-7f6849477581
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 12 Feb 2021 13:03:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KaOF3G8z5UcH8hK6V4Et0VybdEz%2BBPU0rALpMCL1TZR8ZmhDHa3sI0G4Q44z7cLJa3XwjHEgRbsZA0lteIwcT51ngEEC9bCnrh5Mx71IgEPgu3nNclqWxiusuWWoaRT6WmL2VOqn0zMRu4fLTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 81565d33d8e94d44-FRA
x-amz-cf-id: AQJ4bgkmu-B37p7ypcAUZC5VIdLO3wMEc2T0iy3tT1pb6xlcW2EnSw==

GET
H3 200 carousal.min.css
blog.pradeo.com/hs-fs/hub/2378615/hub_generated/template_assets/40775681446/1610981568788/Marketplace/Awwal_Design/Awwal_-_Modern_Blog_Listing_Template/Coded_Files/ 7 KB
3 KB 211ms
208ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs-fs/hub/2378615/hub_generated/template_assets/40775681446/1610981568788/Marketplace/Awwal_Design/Awwal_-_Modern_Blog_Listing_Template/Coded_Files/carousal.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d56743ec90478af9096365a4bec0188284af6030aac0889895139f8a7fb794fb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 3TJNXH0R1AV043ME
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"e09d0eaad3fe9121b05465ef4b35bd30"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1610981568788
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 c59b5a542015c208c95d2ed3c65cdbcc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 7lrqvwOU8HKLcNYqB8jhtxAAkJfi6SO4
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 131
alt-svc: h3=":443"; ma=86400
x-amz-id-2: V54d5tPXbKMDzfcW5kXThw9WaGs4dK1jCocskuDtxhAYk+um2MZ/6W4i0YzAft3HE5iq2v9BqBE=
x-request-id: 7f6dfcc7-b833-44de-985d-e57b432756ce
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 18 Jan 2021 14:52:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrhy205C4GJ6YCA35Bb13i9rZCF%2BO81wBqiMfIp5RK%2B5u%2BEiseW6aOIDGNc%2B9JSRWo6cBL4f%2BsHIynohzS6MnNuUoTOWSuON2pvjJOxTYPUoOkOyl0YSs4S3Koafn2DyuOhJ2ENDt1Gjr4wAuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 81565d33d8eb4d44-FRA
x-amz-cf-id: -tDqA1cqQB7oZP4ywPvo7Vk2QVV-Zl_dmf1veSfZ1zgunMnlRlm-4w==

GET
H2 200 css
fonts.googleapis.com/ 1 KB
801 B 141ms
48ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Domine:400,700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

07203d572b683bdf93cffa784ffa0268e99e5d19ac3a5fd35809e48ba4e05b76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Oct 2023 08:33:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Oct 2023 08:55:31 GMT

GET
H2 200 css
fonts.googleapis.com/ 25 KB
1 KB 144ms
51ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ece1ce88d0c0ee1733e95c7bab6fc3795dc0fefc8e09027c67302d621479b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Oct 2023 08:07:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Oct 2023 08:55:31 GMT

GET
H2 200 css
fonts.googleapis.com/ 19 KB
964 B 141ms
49ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3726f6f71175b54abf48e8863b8634461bcbf34831f7c1b0a1d11e2604782b3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Oct 2023 07:05:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Oct 2023 08:55:31 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
490 B 142ms
50ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Sanchez:400,400i

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3089a512817e0a096709ceeeb27b260267ba4e6240ffe7e3199fa5d8f639c850

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Oct 2023 08:55:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Oct 2023 08:55:31 GMT

GET
H3 200 pradeo_logo_color.png
blog.pradeo.com/hs-fs/hubfs/ 3 KB
4 KB 91ms
88ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pradeo.com/hs-fs/hubfs/pradeo_logo_color.png?width=220&height=33&name=pradeo_logo_color.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0aebc0ae8f8ad29477300b927572100346977d52275b17d941aec8eb013de929

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-40808581140,P-2378615,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 2864
cf-resized: internal=ok/m q=0 n=565+0 c=2+9 v=2023.9.8 l=2864
last-modified: Tue, 19 Jan 2021 16:18:12 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfaBEvwIiRMFe3uAAGiWFkuKTzztFJwZwkgXqGfGjaDQ:2b671b534761fafe409abd699eff5b9c"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6i4RxmJZB0Iy9y4OAKHCJ%2BMEBHUs5%2BKP3vexAs1bT4I7H%2F3swcjtZWrxXf2eet5yXmTkiKKEHh2OucF8PyxK4gzOlVcJ31mdfyL7T6esUiiTb5jXvLLqN1ariC4HNukA4hcA2xzk%2BXcSVJym%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 81565d35cb114d44-FRA

GET
H3 200 roxane-suau.jpg
blog.pradeo.com/hubfs/ 23 KB
24 KB 211ms
209ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pradeo.com/hubfs/roxane-suau.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c16c7237dcc677f0b10c3aa1c49bb4905014becca3a5cc66e93f4ddd723856c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-137997345378,P-2378615,FLS-ALL
age: 62843
x-amz-request-id: ZPBHW0Z9M0XAJDY8
x-amz-server-side-encryption: AES256
edge-cache-tag: F-137997345378,P-2378615,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="roxane-suau.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "dd4489f275c16b17c43b0d1a2c9cb518"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1696428184900
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QQ5IOCO4nLDCqn_oNXLHnWqFhiT_m5Ay
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=46584
x-cache: RefreshHit from cloudfront
cache-tag: F-137997345378,P-2378615,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 23628
x-amz-id-2: d3Cy/xKiaenw0nMyMrVtpDXZXn3NjO1QgUo71LW3r2AKrLXZfZqwQQQNrZ1vCMRFrQZ511ndp54=
last-modified: Wed, 04 Oct 2023 14:03:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qC66rwmeoQz%2BCyCO05GTZf8JDprJXx7pMR6W51HTprLPCbYXqs241AYsYYrM5dPJUfDbhZUc%2FvMsgGo3IElgdUg7sXFI8eQ6%2F2113TPRlC79v8vfrdVgoKXAwr5g46m47fluZ%2B%2BAwuO8hJolIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 81565d33d8ec4d44-FRA
x-amz-cf-id: qtBtgU44SvFko5hhKLQDvJ3l-0CvZbdiAtDNDOHdnDpl1OQuBYXehQ==

GET
H3 200 dossier_bank.jpg
blog.pradeo.com/hubfs/ 32 KB
33 KB 216ms
214ms Image
image/jpeg 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pradeo.com/hubfs/dossier_bank.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9bcc316ece6125743791562d57fa4ba00e77f0c794201b3146f33fd53390ec8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-6260595031,P-2378615,FLS-ALL
age: 321629
x-amz-request-id: WZCE48VTTGC87KB1
edge-cache-tag: F-6260595031,P-2378615,FLS-ALL
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "4ce00f874437db30f3b80a2cd83e5d4c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 4a95385e61c9df8f5f8de6338a3fe59a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: sO26d0wwShA4Um45xF4xWEP.4EUVpYWc
x-amz-cf-pop: FRA56-P7
cf-polished: degrade=85, origSize=64603, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-6260595031,P-2378615,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 32489
x-amz-id-2: O5hq6PScdnhbZzfJsk6+9SaYRk5Bfcd1C+Oz+TYPsbhXrN1WuABs4qQZHKQ0v6CrA2ACoQjK7rY=
last-modified: Tue, 02 Oct 2018 12:51:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B87kBRnLXFJFBkvW2rka2VElRPyKQgH5SqgabGilk7%2BIs%2F%2BEOumFQqBE65TNzBIdIAv3Up05omufBKH8ZjxKT8TIgcuA5NPVQbztFuggwNSg%2F67pKv%2BIJkH9GeJI3XCgExxOZtK5YnUZjP0hag%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 81565d33d8ed4d44-FRA
x-amz-cf-id: -bYGiQb9Wi99CYNXA0RDgBzZhwH_GHA5UoC93ieWxUlmsiCVF2-KvA==

GET
H3 200 roxane-suau.jpg
blog.pradeo.com/hs-fs/hubfs/ 2 KB
3 KB 67ms
66ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pradeo.com/hs-fs/hubfs/roxane-suau.jpg?height=100&name=roxane-suau.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

feb0d786f02c7b9d741f8001735a3b915e04e1cffccdebcabcdfd9968d118c0e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b7b71910b45e646f6476bbd270127a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-137997345378,P-2378615,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 1764
cf-resized: internal=ok/m q=0 n=609+0 c=1+2 v=2023.9.8 l=1764
last-modified: Wed, 04 Oct 2023 14:03:05 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf0lhjD-uR2XPyq99UdBD7eBBNLUunfbdv5LwC_u_KDQ:dd4489f275c16b17c43b0d1a2c9cb518"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLd%2FQepDwnDzppBU4wUpSU%2FiTOnwZtpCIddT9xHvp21qtXppfkQ%2FMlYvSCxkaTF4LvuK0T9FnGPcOfqir%2FB%2FtO0pacX%2Bh8GwoavrhMxH2nBZfXSJ5PJ9VtIWJwOFx1FeTItQCmlQUQZiLOV2SA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 81565d353a6c4d44-FRA

GET
H3 200 pirate-anonyme-utilise-malware-telephone-portable-pour-pirater-donnees-personnelles-argent-comptes-bancaires-concept-cybercriminalite.jpg
blog.pradeo.com/hubfs/ 605 KB
606 KB 68ms
67ms Image
image/jpeg 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pradeo.com/hubfs/pirate-anonyme-utilise-malware-telephone-portable-pour-pirater-donnees-personnelles-argent-comptes-bancaires-concept-cybercriminalite.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

37e168bdcef5bf4be9763a1542fd4db0869189299b318936c3d694ad0aac9bcc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-123594412635,P-2378615,FLS-ALL
age: 690127
x-amz-request-id: GN704AYZ725NPG7J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-123594412635,P-2378615,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "b98c2fb97b337f78af5469cb3feb10d3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1688635770243
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: J7FGgA74MEQXTM__R0_Heo6gVl1wAcMK
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: degrade=85, origSize=5521438, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-123594412635,P-2378615,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 619092
x-amz-id-2: wPxf5J2mCSAeeXsR1SBfHjT6L6IqNmRxu0guVzmFlhE0GGCmhxg5O3vn8OYisXL+qxalDof+08Uv8dm5crBcjA==
last-modified: Thu, 06 Jul 2023 09:29:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFJFUiJtYF2Lf%2FrTrfWsCTwXiR8IeD%2BBNft6zXlDdsdl5HejgjJPYt%2BUGGHyd2qeYKcIANY%2B7fj9RnKlSYIsZR3VBO3FM8UJSKQjaAMyStznq2kGUcqdx05zTN3H8ee0qK8Rgazk5c1nE8d2cw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 81565d355a844d44-FRA
x-amz-cf-id: 7GDtQ3pgHkc6F5T1Z6Xi313bap5GxdAw9VbADe4RHVI9Is_iS-ihmw==

GET
H3 200 MicrosoftTeams-image%20%2818%29-2.png
blog.pradeo.com/hubfs/ 40 KB
42 KB 102ms
102ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pradeo.com/hubfs/MicrosoftTeams-image%20%2818%29-2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6847f2ac15ac5fb8340362fbf13e4c4d977ca1712a60e05bcc24e9c12cd82a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-104476254635,P-2378615,FLS-ALL
x-amz-request-id: 7M1BWEMERYCJV24B
x-amz-server-side-encryption: AES256
edge-cache-tag: F-104476254635,P-2378615,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="MicrosoftTeams-image%20%2818%29-2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "236199a1243464f228acbb1259e0846f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1677598465324
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XRpxKexR5ZfM1zMCKc6F4CZFwdE_PNUq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=85949
x-cache: RefreshHit from cloudfront
cache-tag: F-104476254635,P-2378615,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 41360
x-amz-id-2: PcZ0jD2eDF8pk6Dx2FDHTj0UR7Ao1zk+zQ/FGBMn6ot4PzeFsObq2BsRA0YtcEaAYir60vw7nxo=
last-modified: Tue, 28 Feb 2023 15:34:26 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nMatNkhzFeYZd8saawzP%2FQ0qjTeR0h%2B1%2BdzwPuz5VYHtn5S0yfUOTTMwDyszJKZUC1oNpsE38SAxTJiho0sI8ulzMpD5EUtji1dVMK3vrqVELKFVV5kAARlvzp8ES95mhqgzgwIrOAAjFP8HxA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 81565d35cb054d44-FRA
x-amz-cf-id: Cjje8JmByGvvFWgwJQHEX-dfeJKRXQIaXmKnOJfNR6bd6TWDiUTXXQ==

GET
H2 200 ad3111b0-9454-41ff-91f4-9eee95b1f08f.png
no-cache.hubspot.com/cta/default/2378615/ 129 KB
130 KB 272ms
171ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2378615/ad3111b0-9454-41ff-91f4-9eee95b1f08f.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a835950d18dec999a3aa4741f3172c2841cadddc1801c907d3c50b524c41fcf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: X78Q9JE129R3HN5Y
x-amz-server-side-encryption: AES256
content-length: 131954
x-amz-id-2: bbggofprArQkdGyg+E5HJ6WEzSU9uwTtOfb1tDP4cn13hCTfemiQb62/CbUCh/6JSX6/O/fVXF4=
last-modified: Wed, 27 Jan 2021 10:23:34 GMT
server: cloudflare
etag: "199f726771a87ae28b169d17bdededd4"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jil4C2kYmqXncjGAJEaokJk%2F8MRu1NGRFpdNJuNuZ252wIO73L3WfS7LUADnVHGck74tKLWjat%2FzK%2BfP2VpIEi36aul%2F4wGtsIoRMLSiEAOSXbnWbGmaPnHos0%2BjO6yA8V5FnuWq6nHHMFFMASeKNCJ2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 81565d366f109273-FRA

GET
H3 200 current.js Show response
blog.pradeo.com/hs/cta/cta/ 18 KB
8 KB 89ms
86ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/cta/cta/current.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1f58a3e48f23d9036625e9f26553d5da8f45516cf308b6ae6fb2b0fe0d13b4e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 468
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.226/bundles/current.js&cfRay=815651c8654a4da4-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"7a7ad36467619447fadd7b98ce7f3800"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.226/bundles/current.js
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: vhhL_YuOEeyrE1us6iU1p_IC2N0DFzup
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: dbdbf446-46d8-4026-adac-2f0b1ed196d9
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: dbdbf446-46d8-4026-adac-2f0b1ed196d9
last-modified: Wed, 04 Oct 2023 01:26:06 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TD1Kr1mc6JiQiBZWzclbKdUtgb4NBBU1I1jU8HIu8MT%2BTixS4tLN86eIc3jeGZzGs%2F9J4MzQHQ46IQPAqK6mgl6iZhyQks3yV8Sk06w2OSSq8uqVrX29Rkh4hfaIF%2BtmLEsiGOufJJyL9k%2Fu6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: EXPIRED
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-bnhh6
cf-ray: 81565d35cb094d44-FRA
x-amz-cf-id: AHuCI9BkNdoAxS6yQMe-lOU9p10uffVVl1vJ4r65mU39wqbK5qNCzQ==

GET
H3 200 pradeo_logo_white_square.png
blog.pradeo.com/hs-fs/hubfs/ 3 KB
3 KB 90ms
87ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pradeo.com/hs-fs/hubfs/pradeo_logo_white_square.png?width=90&height=74&name=pradeo_logo_white_square.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0207b82347c4b660ae85f31e3d8db808590860caad8aa124fad79e83a9e26646

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-40838121402,P-2378615,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 2714
cf-resized: internal=ok/m q=0 n=852+0 c=2+13 v=2023.9.8 l=2714
last-modified: Wed, 20 Jan 2021 13:24:45 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfJFmBwJUvQ5qamsAuMu6CcPgJgkZfXtLzlpscL4gdDQ:7ced6346a66f930292e77bd5a410b05d"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2FEqNP1T7TJmRa2GJfMqq5xUyDx4U1ZCcTZNgtf%2B4tUCBFfOLjg97Et8eInH85sZe1jEEb7e5uPfF%2BvB%2FMuiMzNEuEgIcPI%2BtIfQmbjbRpjoabVWKYHxZxyP6OmvtC6XKaVURzUC1SPoXkPdAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 81565d35cb124d44-FRA

GET
H2 200 email.svg
3067823.fs1.hubspotusercontent-na1.net/hubfs/3067823/awwal/ 2 KB
2 KB 343ms
222ms Image
image/svg+xml 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3067823.fs1.hubspotusercontent-na1.net/hubfs/3067823/awwal/email.svg
Requested by: Host: blog.pradeo.com
URL: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 109d4e6b53fc6ddfe1ff1b962eeddb39e067fb151f065a898db11a2a92523cb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5035794007,P-3067823,FLS-ALL
x-amz-version-id: lIwVQhKGQtHOP2guc2C0ZWwCd_j7.q8N
age: 8655
x-amz-cf-pop: FRA56-P7
x-amz-request-id: HM5JJ0M95ZDP0RDD
edge-cache-tag: F-5035794007,P-3067823,FLS-ALL
cache-tag: F-5035794007,P-3067823,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: erMen3ZkyFwj7JbRX+xYn6ruzvjM15jO/jRDFZ/e4VuJKM/vhsfYa1nopcgupi/gg+Ub8AfhFZc=
last-modified: Sat, 07 Oct 2017 19:24:03 GMT
server: cloudflare
etag: W/"0ac9f17ee1e8a24a2e25a7fcf2953426"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 81565d368a3a9a1b-FRA
x-amz-cf-id: NvS-0hLtIrRJQn5kx9Bu3PRL38cH9HpRRY5AieMHVaq7Nl1HdI1WvQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 166ms
57ms Script
application/javascript 2606:4700::6812:5ffd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:5ffd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 153737
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2BZUlzWREdhJ9etE7JcnSFJ9ckri3n9uErNNngf9t7jyC92nrxwThujQRlM0OsbZryzXDpf2yfSlng%2FyUW2TODMN9Q6pR6xlqX3K74EoR3Yq0G5skocg8zZtLTvv8kvMUcv2UhSCvqcF143cnM%2FRK3CAZqw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 81565d367c1368f2-FRA
x-amz-cf-id: Ed7ZRu4tO-VeXAZz6WACFIM7vle7A2PQoVVBfoI-sl9Mb2i-jr7nTw==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H3 200 Owl_Carousal.min.js Show response
blog.pradeo.com/hs-fs/hub/2378615/hub_generated/template_assets/40775689242/1610981569784/Marketplace/Awwal_Design/Awwal_-_Modern_Blog_Listing_Template/Coded_Files/ 27 KB
9 KB 109ms
105ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs-fs/hub/2378615/hub_generated/template_assets/40775689242/1610981569784/Marketplace/Awwal_Design/Awwal_-_Modern_Blog_Listing_Template/Coded_Files/Owl_Carousal.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1d52f04728180feba25c81c41a44dcf093ed4ef603b3ee47c23b9a0baf7d327

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: R6A10VFTNDE963TQ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"cbd5fe7f178b76cece9259766fd7ec9d"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1610981569784
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 bf7159e30a38421f642619d6da9a8eb4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 0NLNRVdz6_fkBbNWLOt6_sWWi0mL_tDW
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 155
alt-svc: h3=":443"; ma=86400
x-amz-id-2: c/5qe2ZgRyw6Vo+wbEnwhF4ozgskIMOp1y9oxz9cBfVpQMPMSXOBNjb0EDDwLxrC+plapdqMDsDQ0Ry53TiUuA==
x-request-id: 88c476d4-67d7-4214-ab36-576f654191d5
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 18 Jan 2021 14:52:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9vAkOPGR8T5juqGCbON1E6hdopDKYkRnWkQhXekSCeKTgSPsUxvn%2BIhUb5HpbTP6PxCNU5wdJmloEZw1PQgWZTPpgYNfwl3W9VsiLahdZQBY9ml0ZNQqAqVvb6W7Izg3rA0oqmhvKW4b3Jfhcw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 81565d35cb0c4d44-FRA
x-amz-cf-id: 1Z_mv5JbL4asCJdi2061P23HXevpuNcj4GTs1EYgHjZlO98Vgok6pw==

GET
H3 200 module_40775538069_Blog_Listing_Slider.min.js Show response
blog.pradeo.com/hs-fs/hub/2378615/hub_generated/module_assets/40775538069/1612951579102/ 2 KB
2 KB 94ms
91ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs-fs/hub/2378615/hub_generated/module_assets/40775538069/1612951579102/module_40775538069_Blog_Listing_Slider.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a359de822aa23221feaafd35d63cb804766bcc0f2bbb9e152d7a1a9fbf260057

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 3TJJDGZ4HWTBC5A9
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"949435e9f4d58bf582435d73facf62ae"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1612951579102
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 db50275fc6a3d1f557e22016322e2ba2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QKEVrcqTyJPXja9QEMriLrJP8qIhhw1K
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 111
alt-svc: h3=":443"; ma=86400
x-amz-id-2: XKPKRJABpBxBlF3XRLv7k43rW9TJJruz+bzdx48H5gT0mWTnund8x1qi08eKxeP7qUtQsewXBSY=
x-request-id: c77dc5da-0b9d-44da-8fad-2a84539c4273
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 10 Feb 2021 10:06:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJL7zxlleBtznpnDe4bBTgQ8LTucPw86KU1sz6WD6uIBYdd2aQtuUZifnHasohPIOpievUrewHmmSfyL%2F5QBcWmp7d8Vzsp31KxUkOY%2FWaVx3lV9TRVe5jf4q0zW%2FyeihAw1j3IdeYyH6pGCYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 81565d35cb0d4d44-FRA
x-amz-cf-id: _KDTzcc8PBJConcHb-EdUjkkGzyfFZGQac1iUmfR9rQSq1IaqsoRcQ==

GET
H3 200 module_40775603651_Blog_Subscription_Section.min.js Show response
blog.pradeo.com/hs-fs/hub/2378615/hub_generated/module_assets/40775603651/1611151651668/ 761 B
2 KB 92ms
89ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs-fs/hub/2378615/hub_generated/module_assets/40775603651/1611151651668/module_40775603651_Blog_Subscription_Section.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

26c178298625a446421360b74aa4f5cef9edb09ec87eeb1715d0d5ca7454e48c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 90GJPHGANF0K8QZY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"5d1a2725e0191e396f721771f47aebfd"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1611151651668
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 ad2604250e9eed83c372fadb62dfeaca.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FkUpeW5.rC7S1Oie7XbXrwuY1LgWEtZn
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5f79ab54-db87-452d-807b-e05b240f1a9a
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 161
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0RemDbUnDUrI+s3J6pKam0RyAzEJ4ZBd+/kAlsQEwwc+Go+qqi9VguDpwfO6x8rcqrHAOgFzmUk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5f79ab54-db87-452d-807b-e05b240f1a9a
last-modified: Wed, 20 Jan 2021 14:07:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSQsTsz6nVyvkoQeo%2BC3EXgieKVQW1Eai5%2B5VjGexRqgslYKBwiXoeWbjyILAlPiqVC1BP3Vp1SJGM3u130n33f6ycgd7obuvrrO4o2n6ikaQmFRq%2FRzWWFxUZjjeD4MQWsAqcLl3VfTryq5qw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-xmwnv
access-control-allow-credentials: false
cf-ray: 81565d35cb0e4d44-FRA
x-amz-cf-id: P0NJjEzOjS-dhEYuWSsN5w2oR6inPSFUDgXFyLarVCvsdD6tjYg0yQ==

GET
H3 200 2378615.js Show response
blog.pradeo.com/hs/scriptloader/ 2 KB
2 KB 213ms
211ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/scriptloader/2378615.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b77e5f56647c2ba8057f0630c69fff36fe9ff54d72059fcfcadafa1626f71cf7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f794c808-5356-4904-9c04-3f7e2848e2bf
content-encoding: br
x-envoy-upstream-service-time: 10
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f794c808-5356-4904-9c04-3f7e2848e2bf
last-modified: Fri, 13 Oct 2023 06:29:18 GMT
server: cloudflare
x-trace: 2BC2FD4593997CF8D83431C97EFC45FDB811416A43000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.pradeo.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-nvx4k
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQqBZa%2FenNo5KlTa8ulHH1KBrNKF2pBZKsmxyzzNZY%2FYtV4xppyBs%2Fi0zjKW0uzCGyGfxg8Spc4EOTY1hY0Oii3vsqEIhTsQFkRpPjsjKuDWuJaX5%2F3CVjeyqGO2H2vNBTjSwv9ygg77pxTziw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 81565d35cb134d44-FRA
expires: Fri, 13 Oct 2023 08:56:31 GMT

GET
H2 200 Wi3sMwdYLpC5EfGSMBQz Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 380ms
271ms Script
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/Wi3sMwdYLpC5EfGSMBQz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

170898a021e7906051ff20402e862f7b4d7a6fcdfcc3b907a4bd626fb9a7fa01

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 81565d3678139bb9-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 174ms
78ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.pradeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 07:45:30 GMT
x-content-type-options: nosniff
age: 263401
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Oct 2024 07:45:30 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 111ms
40ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.pradeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 07:52:07 GMT
x-content-type-options: nosniff
age: 522204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Oct 2024 07:52:07 GMT

GET
H2 200 fontawesome-webfont.woff
static.hsappstatic.net/content_shared_assets/static-1.3779/fonts/ 82 KB
83 KB 145ms
58ms Font
application/octet-stream 2606:4700::6812:5ffd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content_shared_assets/static-1.3779/fonts/fontawesome-webfont.woff?v=4.1.0

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs-fs/hub/2378615/hub_generated/template_assets/40775681226/1613135024221/Marketplace/Awwal_Design/Awwal_-_Modern_Blog_Listing_Template/Coded_Files/Awwal_Modern_Blog_Listing_Template.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:5ffd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.pradeo.com/
Origin: https://blog.pradeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
x-amz-version-id: null
via: 1.1 e0062aca9ee6d0119808cbfccfdda9da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MXP63-P3
age: 478829
x-cache: Miss from cloudfront
x-amz-meta-access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 83760
last-modified: Wed, 24 Sep 2014 02:18:25 GMT
server: cloudflare
etag: "fdf491ce5ff5b2da02708cd0e9864719"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngHnA6OS012TTpz0U8RQr87SjgzdNTen7fQFjFaCqIEBO5xKOBeQYt9ItglaVd1EYkiv77xFkcpOS43xYEmkNupiFWBaCEzBY72UIFCoQpPhX3e3mDCnkQkPub52XkM87vIFQEex5coV0MZAu8geufe4M3U%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 81565d3688185d74-FRA
x-amz-cf-id: fRorSqX657ltLZzh7qLA6Yu8JY-DhiqIoZ4jwUFUE-oFJADQNDbOPA==
expires: Sat, 12 Oct 2024 08:55:31 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 157ms
87ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.pradeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 00:08:32 GMT
x-content-type-options: nosniff
age: 118019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 00:08:32 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 116ms
45ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.pradeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 18:56:09 GMT
x-content-type-options: nosniff
age: 50362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 18:56:09 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 122ms
52ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.pradeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 07:35:17 GMT
x-content-type-options: nosniff
age: 4814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Oct 2024 07:35:17 GMT

GET
H3 200 json Show response
blog.pradeo.com/_hcms/forms/embed/v3/form/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9/ 2 KB
2 KB 172ms
171ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/_hcms/forms/embed/v3/form/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

90654c024be42043ade404e326b546275616e8d4c99dd8a734d5eb21c7c70227

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 445b165c-68dd-446c-87dc-acb66cc2078b
content-encoding: br
x-envoy-upstream-service-time: 13
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 445b165c-68dd-446c-87dc-acb66cc2078b
server: cloudflare
x-trace: 2BFE2B9CD5C84A7DCAE8853AC38BDE58C24A2B0FCE000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-lmntd
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KMm2H8%2B3B8tFLXHimnm5y8sOhkFkAMIQFOK66vutzfxeNNsFYZfLjgsL2mndK6kbqm0Z21nBW9GJALz2XFyiyJyak8KqYstlF%2B%2FZFegslI9GMMIjJuPjzHcC%2FQ7TZZjMlSHRY0pFoQIN5FwEFg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 81565d36ec5e4d44-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 json Show response
blog.pradeo.com/_hcms/forms/embed/v3/form/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9/ 2 KB
2 KB 166ms
166ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/_hcms/forms/embed/v3/form/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

214c67a32fbafb5938bea5f21b2e6a659fedbc028c76e0add8d720821800f273

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b6ed0354-3c43-4ceb-9da4-ca47f0f9fbe0
content-encoding: br
x-envoy-upstream-service-time: 7
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b6ed0354-3c43-4ceb-9da4-ca47f0f9fbe0
server: cloudflare
x-trace: 2B7E2DB3D7AD1A14C01640F75578D2A624417EAFD8000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-48whc
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1iylEK%2Bu4u0xQ0Q2pAbvR8F00FiRm4ybUvouDnNukkE7brkxv6FvlazhHPToNb8advMenqLUkveujT8efZvUgCeWVhK%2BFZT8PaJ0N9Re4sCvAcIAY%2Fw5p4Bs%2BpIEFrmtVWFjWIG1bidMt325xg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 81565d36ec644d44-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 189ms
39ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.pradeo.com
URL: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BD) /
Resource Hash: 9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Fri, 13 Oct 2023 08:55:31 GMT
Content-Encoding: gzip
Age: 352
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27598
Last-Modified: Mon, 09 Oct 2023 20:29:49 GMT
Server: ECS (frb/67BD)
Etag: "391b7fdf0c468036f27102529636f0ca+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
621 B 230ms
220ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=2378615&callback=jsonpHandler

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b446c2fc-bb57-4ac5-a029-adef48f02128
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=81565d372f979273&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: b446c2fc-bb57-4ac5-a029-adef48f02128
server: cloudflare
x-trace: 2B1C1C9BFEBA11B5412895BC593E99D10284C2BA8C000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-s4jft
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 81565d372f979273-FRA

GET
H3 200 postlisting Show response
blog.pradeo.com/_hcms/ 2 KB
1 KB 215ms
213ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/_hcms/postlisting?blogId=4214981702&maxLinks=5&listingType=popular_all_time&orderByViews=true&hs-expires=1728255916&hs-version=2&hs-signature=AJ2IBuGqfQ53bZLhX-Q8IkDUO6vObs0Cgw&currentUrl=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

aaa4ead81c51f810f9736a5c1620dce82bb3ce8ecd7b7e65c43e7a9b1829c09d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 16b9bc7b-223d-4bd1-88d4-c0e564d0c428
content-encoding: br
x-envoy-upstream-service-time: 25
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 16b9bc7b-223d-4bd1-88d4-c0e564d0c428
last-modified: Fri, 13 Oct 2023 08:55:31 GMT
server: cloudflare
x-trace: 2BCA906966C267AEE4EA8C8C74D657A5BD7A88C49E000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJlrtQ1OlxpRts%2F2P%2FN4tst%2FL2x89Do2aZM6KaVRNDJewO2Rdkn5ldc2nNSJ5QGf3DY0BQOi%2FgdfYKzyaYyvshA1DTqT1vatR5fd%2Bb7DMIsSN0jdZrK0mrVRPM8hxFeG7YUNZzQPVf8B1pS%2B4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-5d6cd77679-2w6b6
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 81565d372c9e4d44-FRA
x-robots-tag: none

GET
H3 200 postlisting Show response
blog.pradeo.com/_hcms/ 2 KB
1 KB 198ms
196ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/_hcms/postlisting?blogId=4214981702&maxLinks=5&listingType=recent&orderByViews=false&hs-expires=1728255917&hs-version=2&hs-signature=AJ2IBuE_ALJmvS9dJjfP87K-jTSlLAr3Ww&currentUrl=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

913bae30a5889fc883678240ae5a1a95166ef63f71341f384b3ea22ed9f86767

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 95c9a5d6-4823-4301-bcae-93f7588aa7f9
content-encoding: br
x-envoy-upstream-service-time: 22
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 95c9a5d6-4823-4301-bcae-93f7588aa7f9
last-modified: Fri, 13 Oct 2023 08:55:31 GMT
server: cloudflare
x-trace: 2B9FC20F5E30DAEB7C4EA404CE28B39B0171083904000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awo5gGh0ktq7LUiYoLCVMU18sZlUd%2FiSahBWKQ5Hb4J%2B732UCZQWOQ0kiYCTMfcPAVTQHbcLyjueNdFzNMG8QQBl1l7yZWwYwo2VgL8Rbe3kuCA1%2BPJgGwP6Gf3eIkcI2Kq0ZbQ75kfBjWwxpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-5d6cd77679-c2kt7
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 81565d372c9f4d44-FRA
x-robots-tag: none

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
2 KB 185ms
168ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications&pageId=137969508747&pid=2378615&sv=cta-embed-js-static-1.226&utm_medium=email&rdy=1&cos=1&df=t&pg=ad3111b0-9454-41ff-91f4-9eee95b1f08f

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f4e033c5ef8b9b9891d380918c77fda1830dea842583141ca33b48a62ea36b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 13 Oct 2023 08:55:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d891ccac-690b-429a-a11e-b3234025071e
content-encoding: br
x-envoy-upstream-service-time: 14
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d891ccac-690b-429a-a11e-b3234025071e
server: cloudflare
x-trace: 2B8431000B35982D8CD333156E5C1D70520B0833E4000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.pradeo.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-swd7n
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GU5O9PawKEzOJ0bXDDYR68mSefg3L8e4B%2FnXp9g%2BbS8t324LGsEk7W7JeR3O3k2A8rXJT7f4PcnfJq7B2ZdJnQvJlixMMnhAiw%2B6ToVKzDl4cyy8jloZubswl%2FtZP403%2Fmk9paibsuywTvW19KXJbJ12MSq7NZ35zF4%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 81565d375fc19273-FRA

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 255ms
151ms Script
application/javascript 2606:4700::6812:7d0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/scriptloader/2378615.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7d0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
Origin: https://blog.pradeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js&cfRay=81565d37e8be2bd1-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b41828c438dcec976b93ddee1edebd6d"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js
date: Fri, 13 Oct 2023 08:55:31 GMT
x-amz-version-id: w9qtR_oGTBab1H9Wt5L5qiHDqxRKIaLE
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 5a301d8f-39c4-44e3-867b-0043053ff8f1
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5a301d8f-39c4-44e3-867b-0043053ff8f1
last-modified: Mon, 04 Sep 2023 12:55:59 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-q9rvq
cf-ray: 81565d37e8be2bd1-FRA
x-amz-cf-id: HMILBLsNSs0cY-lc7VIKfHydxQyzdCRATIko0TGxcTXXkxXzinZTPA==

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 76 KB
22 KB 156ms
52ms Script
application/javascript 2606:4700::6811:f7a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/scriptloader/2378615.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f7a8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10e7b81bac41ad0da1d3f4a3498669f984e84db9d54eedf10e8e7d5b059c5d08

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
x-amz-version-id: q7mMdyrgJRb2V1PNW0MT.lJmDYHWhi5r
via: 1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 17
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.14392/bundles/project.js&cfRay=81565ccb8c379b8f-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 30a436b7-8850-4f6c-9c53-09bea64435b8
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 30a436b7-8850-4f6c-9c53-09bea64435b8
last-modified: Tue, 10 Oct 2023 02:47:57 UTC
server: cloudflare
etag: W/"8150bb6bff68cbcd9e5f8f6c23b586ae"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-97z5m
cf-ray: 81565d37e9369b8f-FRA
x-amz-cf-id: WaR9Fl7_swMVuACyU8nwE93jqYoUllWKsTi7bXIOKgVgi05UYGK9YQ==
x-hs-target-asset: conversations-embed/static-1.14392/bundles/project.js

GET
H2 200 2378615.js Show response
js.hs-banner.com/ 61 KB
16 KB 152ms
48ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2378615.js
Requested by: Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/scriptloader/2378615.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea84bf0882f2c7212983240b3f86f38c87370748f9f15683ea6f42e9ff09a04c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
x-amz-version-id: xhspovn0hD8nlz9zr8lrpEeZqTxjj0Pq
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: BAD0XHC67ASM60RD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3011ee5d-541a-4974-9fe7-bd88261cc0ba
age: 48
x-envoy-upstream-service-time: 59
x-amz-id-2: mfXT/rGTub7J9LdycK9hSEacWI8dYtvSeJZmdFdJJBTB/XCLGL5FdPN/ecLfp0tjV4L3ThQP2LY=
x-evy-trace-listener: listener_https
x-request-id: 3011ee5d-541a-4974-9fe7-bd88261cc0ba
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 13 Sep 2023 14:11:27 GMT
server: cloudflare
etag: W/"b514126d6b20fbdac447cd15c6fb39ec"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.pradeo.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-mlgh4
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 81565d37e921049b-FRA
expires: Fri, 13 Oct 2023 08:59:43 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 150ms
47ms Script
application/javascript 2606:4700::6811:e6a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/scriptloader/2378615.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e6a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:31 GMT
x-amz-version-id: MiORZOji2P27E5f3usS102mv5dcg0lYn
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 516
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.485/bundles/pixels-release.js&cfRay=8156509b6eac92a5-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 3a6bc23c-bb22-4ef6-bfb7-1d44d4b945d7
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3a6bc23c-bb22-4ef6-bfb7-1d44d4b945d7
last-modified: Tue, 19 Sep 2023 08:21:28 UTC
server: cloudflare
etag: W/"1bce211846e6a6691aa314979e0a21fb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-g8f86
cf-ray: 81565d37eb8b1c20-FRA
x-amz-cf-id: VjeqJbXQZXgHtmWPQZWPzSUnfgwEebysrmSALFDhLgV7UvwaYrKRLg==
x-hs-target-asset: adsscriptloaderstatic/static-1.485/bundles/pixels-release.js

GET
H2 200 2378615.js Show response
js.hs-analytics.net/analytics/1697187300000/ 66 KB
21 KB 320ms
223ms Script
text/javascript 2606:4700::6810:4cba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1697187300000/2378615.js
Requested by: Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/scriptloader/2378615.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4cba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61c04ca4191215fe0261ddec99ea680e009e5bf234b8e09a7c65da59ccf74235

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: X78RETD712ETENWS
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: ce0d4246-d313-4ab3-9adb-26216b30ef32
x-envoy-upstream-service-time: 66
x-amz-id-2: fpUtpfIXS2lonKjjYZK3blRk4OzzVUQLBLCOzAhYTOZGynX2i8MvjVcYg2BzJl1LR6czDe+TL9A=
x-evy-trace-listener: listener_https
x-request-id: ce0d4246-d313-4ab3-9adb-26216b30ef32
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 12 Oct 2023 14:57:25 GMT
server: cloudflare
etag: W/"b58d41f520fa291d4166a6db96c41a91"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-jgkmt
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 81565d37e9ab9158-FRA
expires: Fri, 13 Oct 2023 09:00:31 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
245 B 141ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-728CP3087N&gtm=45je3ab0&_p=1420117340&gcs=G100&gdid=dZTQ1Zm&cid=901801032.1697187332&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697187331&sct=1&seg=0&dl=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email&dt=SpyNote%20malware%20now%20targeting%20banking%20applications&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-728CP3087N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 08:55:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.pradeo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1015 B 262ms
157ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Fri, 13 Oct 2023 08:55:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 48dee15b-9257-42a7-91fb-a7c63b9270b3
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 48dee15b-9257-42a7-91fb-a7c63b9270b3
Server: cloudflare
X-Trace: 2B1AE2DF1772BBE6AC90B18ABE3A0D9B0688729039000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-r55k7
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 81565d38df341cbd-FRA

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1015 B 253ms
161ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Fri, 13 Oct 2023 08:55:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 89b2fe10-abb7-438c-93e3-140dc37b64ae
x-envoy-upstream-service-time: 8
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 89b2fe10-abb7-438c-93e3-140dc37b64ae
Server: cloudflare
X-Trace: 2B09B3E521B025C065836A4F5DBC63E0AD7B7B636B000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-lmntd
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 81565d38ef2c03f8-FRA

GET
H3 200 cta-loaded.js Show response
blog.pradeo.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 189ms
186ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2378615&pg=ad3111b0-9454-41ff-91f4-9eee95b1f08f&lt=1697187331558&dt=1697187331559&at=1697187331897&an=1

Requested by

Host: blog.pradeo.com
URL: https://blog.pradeo.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b0bff7ea-eb9c-4dfc-87eb-67c665487f8e
x-envoy-upstream-service-time: 7
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b0bff7ea-eb9c-4dfc-87eb-67c665487f8e
last-modified: Fri, 13 Oct 2023 08:55:32 GMT
server: cloudflare
x-trace: 2B3947D62A9B8BBBB160EA401A7EBD77E1A24E629A000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDvt3GPzH9hrnozLlVLWuDQC2VKPGW7sHk2GeLyfnd8wlEc7uBg%2FI9tGw35ZsS3MA2oPGtsmQ98xK059E2M%2FC5JeztSKdeRxaYY%2FoWgHzIRMYA%2BKzXzm4%2FQEY6L9sU75lbid8to%2Flou7eaOrvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-hjwld
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 81565d387e194d44-FRA
x-robots-tag: noindex, follow

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 251ms
157ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Fri, 13 Oct 2023 08:55:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: b2ba6796-a9c3-40cb-8f50-140c9cb5e7fc
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b2ba6796-a9c3-40cb-8f50-140c9cb5e7fc
Last-Modified: Fri, 13 Oct 2023 08:55:32 GMT
Server: cloudflare
X-Trace: 2BE968EF82132A5721F7F368EB7920828CFDAE23EB000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-lmntd
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 81565d391e0b3623-FRA

GET
H2 200 911f2f55-c6ff-4b3b-8173-d746aacdf43c.png
f.hubspotusercontent10.net/hubfs/2378615/hub_generated/resized/ 71 KB
72 KB 414ms
312ms Image
image/webp 2606:4700::6813:f812
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent10.net/hubfs/2378615/hub_generated/resized/911f2f55-c6ff-4b3b-8173-d746aacdf43c.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:f812 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

864a338345407cb0549ec1c6ef62ac2e4b925427bfa45c08ed11970a504c18f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: fRqhD6CiyjurzRmNy.gh2sPxlaPJX6IR
x-amz-cf-pop: FRA56-P7
x-amz-request-id: KC10Q95Q3BJ3ZJH5
cf-polished: origFmt=png, origSize=131954
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
content-disposition: inline; filename="911f2f55-c6ff-4b3b-8173-d746aacdf43c.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
content-length: 72598
x-amz-id-2: V1Ob3Bb6DtXN7/2UGLekoUzm8Uh/9efqm0d0HD5JJHUiHHGPPu60GIz8YRlM6+Or0smnYV1RFjYH4K8oBjpSUA==
last-modified: Wed, 27 Jan 2021 10:23:34 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "199f726771a87ae28b169d17bdededd4"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 81565d391dedbbef-FRA
x-amz-cf-id: YiNUiwuXpJEZqXcYsRqCtL50ZxbCrOxDKPXXScF8FgIy71HHTwkcTw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 247ms
154ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Fri, 13 Oct 2023 08:55:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 50ac4470-2bfd-47b9-9e47-59a05157f769
x-envoy-upstream-service-time: 5
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 50ac4470-2bfd-47b9-9e47-59a05157f769
Last-Modified: Fri, 13 Oct 2023 08:55:32 GMT
Server: cloudflare
X-Trace: 2BBBCE4DA7039D9F6EB3A8B694E5FAF92D43606463000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-lmntd
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 81565d391b5f91f3-FRA

GET
H/1.1 200
OK widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html Show response
platform.twitter.com/widgets/ Frame BBB1 319 KB
104 KB 40ms
39ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fblog.pradeo.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 303774
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Fri, 13 Oct 2023 08:55:31 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 09 Oct 2023 20:29:18 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67F2)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 229ms
148ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.pradeo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://blog.pradeo.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 81565d393bc32bf7-FRA
content-length: 0
content-type: application/octet-stream
date: Fri, 13 Oct 2023 08:55:32 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 2
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-jgkmt
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: f6fa9000-040e-43d8-95d0-945b4fb0b2a2
x-request-id: f6fa9000-040e-43d8-95d0-945b4fb0b2a2

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
174 B 165ms
165ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/2378615.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ac7d9321-56b0-4dfd-b226-760ab00fb69d
x-envoy-upstream-service-time: 21
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ac7d9321-56b0-4dfd-b226-760ab00fb69d
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://blog.pradeo.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-mlgh4
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 81565d3a1d072bf7-FRA

GET
H3 200 widget Show response
blog.pradeo.com/_hcms/livechat/ 512 B
2 KB 192ms
191ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pradeo.com/_hcms/livechat/widget?portalId=2378615&conversations-embed=static-1.14392&mobile=false&messagesUtk=d1ce73036d6a404a839a22de01ae32ef&traceId=d1ce73036d6a404a839a22de01ae32ef

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0859fc868c980e3c2c4da08f777b63daa6787ac53f83ef20feb43f74a898b791

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4565da8f-b4a6-4da2-a2ae-3acfaeb3b698
x-envoy-upstream-service-time: 11
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4565da8f-b4a6-4da2-a2ae-3acfaeb3b698
server: cloudflare
x-trace: 2B6FBBDB8CA3CDFEE79A828C2C9A746EA1AEBAC88B000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-58hgh
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VzGkEC95%2BEVW3qZqLg7OmGCTtmODjIhPASNsFpHE5yTRfuXP4mAUE8W2Hb7TAgwrFNVq2028ehFftnf%2FnwN7ADFjhBBDEf%2FrhF7OmF9u357johnSS67TlMa%2BIcYqasczlaCoB7saQhb7OwOxfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 81565d38de934d44-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 settings Show response
syndication.twitter.com/ Frame BBB1 869 B
659 B 235ms
143ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=6eefdad21d1658bb4e508897a6b35189e36d8cba

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fblog.pradeo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-response-time: 104
date: Fri, 13 Oct 2023 08:55:31 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Fri, 13 Oct 2023 08:55:32 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 7f0f351fb50cee4f
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 103a31b3752bf3cc8e2d5a1779e1dd5c6806d64a3e87bbdfb4774dba76ba7ecd
content-length: 337

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
652 B 175ms
159ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=2378615&pi=137969508747&ct=blog-post&ccu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications&cpi=137969508747&cgi=4214981702&lpi=137969508747&lvi=137969508747&lvc=en-us&pu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email&t=SpyNote+malware+now+targeting+banking+applications&cts=1697187332359&vi=ccbec44bbe95142ef72b535a77311e87&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ffbff0b7-9941-4a15-92b1-df935a753c65
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ffbff0b7-9941-4a15-92b1-df935a753c65
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sfl%2BtDlR9BLlrcDhXsrCUBJqCn14v7u1UbLLaKsGQNRHRZdujLtvSVqz9h0lcDPsj022TaTH7NEQAk4spQb0caSs04kExf2lelRM4dYew9lJis%2FUW8DTuyxOAiQ8H2krAiJJNOmXsmHJG7uvNW4%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-pptkh
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 81565d3b8ab99273-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
668 B 203ms
159ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a0940060-2a89-450f-97f4-0adea6e69d1d
x-envoy-upstream-service-time: 11
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a0940060-2a89-450f-97f4-0adea6e69d1d
last-modified: Fri, 13 Oct 2023 08:55:32 GMT
server: cloudflare
x-trace: 2B8743C7153B4E10D2F5632D5E6FE2D43C63C9DC46000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-tj9jf
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 81565d3baad99273-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
501 B 178ms
169ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=caf050a8-9ff7-4223-8e7a-0bad8656b2b9&fci=728b9890-bfa6-4606-ad9c-233ed27472f2&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=2378615&pi=137969508747&ct=blog-post&ccu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications&cpi=137969508747&cgi=4214981702&lpi=137969508747&lvi=137969508747&lvc=en-us&pu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email&t=SpyNote+malware+now+targeting+banking+applications&cts=1697187332361&vi=ccbec44bbe95142ef72b535a77311e87&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6389b0dd-40a8-40e0-b72c-4ed089b835b8
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6389b0dd-40a8-40e0-b72c-4ed089b835b8
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oxZm1Sbf677GizDpQRNAHEUR95XC%2BZtzGSdN8glHar3HVTkOmbdZ8pZbyThmPwGdvNnuUanO8itWjrbtBH5a5ZrSvoJKbP6siVXMbOPx2wtY0lzpB0LB4xq0fnLC7XDJe9y%2FEbGfudn%2BuywaorGj"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-mxv56
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 81565d3b7ab69273-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
506 B 164ms
160ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22ad3111b0-9454-41ff-91f4-9eee95b1f08f%22%2C%222c8dcc53-ca95-4ec6-ac2f-2eb48903709b%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=2378615&pi=137969508747&ct=blog-post&ccu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications&cpi=137969508747&cgi=4214981702&lpi=137969508747&lvi=137969508747&lvc=en-us&pu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email&t=SpyNote+malware+now+targeting+banking+applications&cts=1697187332363&vi=ccbec44bbe95142ef72b535a77311e87&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: bec0dd9b-7a11-40ee-b45d-3add719ae944
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 2
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: bec0dd9b-7a11-40ee-b45d-3add719ae944
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o0V%2Bvgn%2BQbyk5InA6Zj27hM3G1HNF%2BYLbQ20KUrMFR444mR0i4z0eYKRUlxT9J3H68hn%2BfpHUWTkBpbsD7XnKjKtRNECDlLyiFA6OrSt9oXGakT4dF4PI9yV3tmBl99CF8TnBjjGzJ2pKfsKsjLN"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-76tt8
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 81565d3b8ab89273-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
458 B 184ms
181ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=caf050a8-9ff7-4223-8e7a-0bad8656b2b9&fci=a8cd271a-3c6a-4756-a5cb-562e6d215ab7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=2378615&pi=137969508747&ct=blog-post&ccu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications&cpi=137969508747&cgi=4214981702&lpi=137969508747&lvi=137969508747&lvc=en-us&pu=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email&t=SpyNote+malware+now+targeting+banking+applications&cts=1697187332365&vi=ccbec44bbe95142ef72b535a77311e87&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 08:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 72251133-c54c-4d60-8687-b4589a3cdbf0
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 16
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 72251133-c54c-4d60-8687-b4589a3cdbf0
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JA%2BBCpXHXkaIjDvz38I%2F1QgJ9fiWDUi%2FYcfd6hort2oaYXEgA%2BdIhJ5QQ0gC655NhNvuLov3dstHI466SRRxnQxCkP3VuGDpCtaa8vYVckcmGo40diG8Mjdb88uwa6bW36YkRu7Q%2BgH2n%2FJaZbl3"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-s2f9n
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 81565d3b8ab79273-FRA
x-robots-tag: none

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 47ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-728CP3087N&gtm=45je3ab0&_p=1420117340&gcs=G100&gdid=dZTQ1Zm&cid=901801032.1697187332&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAC&_s=2&sid=1697187331&sct=1&seg=1&dl=https%3A%2F%2Fblog.pradeo.com%2Fspynote-malware-now-targeting-banking-applications%3Futm_medium%3Demail%26_hsmi%3D278111799%26_hsenc%3Dp2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c%26utm_content%3D278111799%26utm_source%3Dhs_email&dt=SpyNote%20malware%20now%20targeting%20banking%20applications&en=page_view&_ee=1&_et=4
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-728CP3087N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 08:55:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.pradeo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.pradeo.com/	1970-01-20 15:26:29	Name: __cf_bm Value: P6NMz.GG2eudmL4xkPkGSFlFT_8BSnsMkljvGxqntMI-1697187330-0-AT2sPk0b2LllWO72PGWE/W5pV1Ipcy83nZHYFdqGMHb6c8GrD0b+HALnsP3cECZa8tkYx+USTenXkqqS0D/HqvA=
.blog.pradeo.com/	1969-12-31 23:59:59	Name: __cfruid Value: 849ca4357ceb4703f8ba4acf031a6a6048fae6e1-1697187330
.ws.zoominfo.com/	1970-01-21 00:12:03	Name: visitorId Value: 0e3db9a56563ff1663713df5827ff10965e1899cd58239420cf0f0a0fb3ba254
.zoominfo.com/	1970-01-20 15:26:29	Name: __cf_bm Value: SFQKEXZreXKBsqHFcUAr_Pd2La9BJQ8RprSKlbA7hZI-1697187331-0-AZPX+VVIcKtw2h3WAvGPg4Nw6Qut+GUOl/I0PotnGP6fMXmiMRfa02/YsZZZ9wgqSZ/3BKdDixbt9AeY2TC12Lw=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 2KJj0ufiVoNwa32.RPNIWGb7V5WNgmKgcbwu6R52TF8-1697187331823-0-604800000
.hubspot.com/	1970-01-20 15:26:29	Name: __cf_bm Value: c.H_ItvlojIOmqC9u8XNM4fLwEczjGglEKYmHnDaoRE-1697187331-0-AaqXyNSXKM0ysIlsuf3OOD/snydUgE6m2lTo//Jn5ATpVo0aVWVjlBL7H2YD2cxtaep3WL5UjBP1Y35i4bvDl4E=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3067823.fs1.hubspotusercontent-na1.net
app.hubspot.com
blog.pradeo.com
cdn2.hubspot.net
cta-service-cms2.hubspot.com
f.hubspotusercontent10.net
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsleadflows.net
js.usemessages.com
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
region1.google-analytics.com
static.hsappstatic.net
syndication.twitter.com
track.hubspot.com
ws.zoominfo.com
www.googletagmanager.com
104.244.42.136
2001:4860:4802:34::36
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:671f
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:991b
2606:4700::6810:4cba
2606:4700::6810:6ed1
2606:4700::6810:890f
2606:4700::6811:e6a3
2606:4700::6811:f7a8
2606:4700::6812:5ffd
2606:4700::6812:7d0c
2606:4700::6812:a07d
2606:4700::6812:b07d
2606:4700::6812:c07d
2606:4700::6813:9a53
2606:4700::6813:f812
2a00:1450:4001:800::200a
2a00:1450:4001:80b::2003
2a00:1450:4001:812::2008
0207b82347c4b660ae85f31e3d8db808590860caad8aa124fad79e83a9e26646
05ddf9cec7d99350f0d520cffbe4f489995c1cf2ed305d2b2fba71191bbef8df
07203d572b683bdf93cffa784ffa0268e99e5d19ac3a5fd35809e48ba4e05b76
0859fc868c980e3c2c4da08f777b63daa6787ac53f83ef20feb43f74a898b791
0aebc0ae8f8ad29477300b927572100346977d52275b17d941aec8eb013de929
109d4e6b53fc6ddfe1ff1b962eeddb39e067fb151f065a898db11a2a92523cb1
10e7b81bac41ad0da1d3f4a3498669f984e84db9d54eedf10e8e7d5b059c5d08
170898a021e7906051ff20402e862f7b4d7a6fcdfcc3b907a4bd626fb9a7fa01
214c67a32fbafb5938bea5f21b2e6a659fedbc028c76e0add8d720821800f273
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
26c178298625a446421360b74aa4f5cef9edb09ec87eeb1715d0d5ca7454e48c
279817a125934c4629aa278564e64fca0dcb0fdc45f38739e38c9cab297d2a92
2ece1ce88d0c0ee1733e95c7bab6fc3795dc0fefc8e09027c67302d621479b47
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
3089a512817e0a096709ceeeb27b260267ba4e6240ffe7e3199fa5d8f639c850
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
3726f6f71175b54abf48e8863b8634461bcbf34831f7c1b0a1d11e2604782b3a
37e168bdcef5bf4be9763a1542fd4db0869189299b318936c3d694ad0aac9bcc
3f4e033c5ef8b9b9891d380918c77fda1830dea842583141ca33b48a62ea36b2
61c04ca4191215fe0261ddec99ea680e009e5bf234b8e09a7c65da59ccf74235
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7c16c7237dcc677f0b10c3aa1c49bb4905014becca3a5cc66e93f4ddd723856c
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
864a338345407cb0549ec1c6ef62ac2e4b925427bfa45c08ed11970a504c18f8
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
90654c024be42043ade404e326b546275616e8d4c99dd8a734d5eb21c7c70227
913bae30a5889fc883678240ae5a1a95166ef63f71341f384b3ea22ed9f86767
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182
a1f58a3e48f23d9036625e9f26553d5da8f45516cf308b6ae6fb2b0fe0d13b4e
a359de822aa23221feaafd35d63cb804766bcc0f2bbb9e152d7a1a9fbf260057
a835950d18dec999a3aa4741f3172c2841cadddc1801c907d3c50b524c41fcf3
a9bcc316ece6125743791562d57fa4ba00e77f0c794201b3146f33fd53390ec8
aaa4ead81c51f810f9736a5c1620dce82bb3ce8ecd7b7e65c43e7a9b1829c09d
b139ebddb534ba35b61120ee306076d3467a0f96d3994fefdaf345afe287ceb6
b1d52f04728180feba25c81c41a44dcf093ed4ef603b3ee47c23b9a0baf7d327
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
b6847f2ac15ac5fb8340362fbf13e4c4d977ca1712a60e05bcc24e9c12cd82a6
b77e5f56647c2ba8057f0630c69fff36fe9ff54d72059fcfcadafa1626f71cf7
c7d2435a17074fcf9d68f3dc278cdcdbaa0591d4dc6df866c6dd1f4b4f57d2ab
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d56743ec90478af9096365a4bec0188284af6030aac0889895139f8a7fb794fb
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f62ea39d88b892aeda6480442d454ef8600da13390b6c9dcdb7d9e66295d8b
ea84bf0882f2c7212983240b3f86f38c87370748f9f15683ea6f42e9ff09a04c
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
feb0d786f02c7b9d741f8001735a3b915e04e1cffccdebcabcdfd9968d118c0e

blog.pradeo.com Open in urlscan Pro 2606:2c40::c73c:671f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

70 Requests

100 %HTTPS

95 %IPv6

19 Domains

25 Subdomains

22 IPs

2 Countries

1907 kBTransfer

4055 kBSize

6 Cookies

40 Outgoing links

Page URL History

Redirected requests

70 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.pradeo.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Screenshot
Live screenshot

Full Image

70
Requests

100 %
HTTPS

95 %
IPv6

19
Domains

25
Subdomains

22
IPs

2
Countries

1907 kB
Transfer

4055 kB
Size

6
Cookies

70 HTTP transactions
0 data transactions