urlscan.io logo urlscan.io
SecurityTrails logo

cs.beta.fletch.ai Open in urlscan Pro
34.102.249.32  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/...
Effective URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/...
Submission: On November 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 15 domains to perform 40 HTTP transactions. The main IP is 34.102.249.32, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is cs.beta.fletch.ai.
TLS certificate: Issued by R3 on October 14th 2021. Valid for: 3 months.
This is the only time cs.beta.fletch.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

15    34.102.249.32 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 32.249.102.34.bc.googleusercontent.com
cs.beta.fletch.ai
2    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6811:b749 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsforms.net
1    75.2.60.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: acd89244c803f7181.awsglobalaccelerator.com
fullstory.com
1    2a05:d014:275:cb00:ce75:162:d945:5f34 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
www.fullstory.com
2    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a02:26f0:6c00::210:ba1b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    2620:119:50e8:101::9002:f05 (San Francisco, United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
3    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:400c:c1b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    143.204.98.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-128.fra50.r.cloudfront.net
widget.intercom.io
3    143.204.98.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-70.fra50.r.cloudfront.net
js.intercomcdn.com
1    75.2.88.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad8b87a22ce463223.awsglobalaccelerator.com
api-iam.intercom.io
Domain Requested by
15 cs.beta.fletch.ai cs.beta.fletch.ai
3 js.intercomcdn.com widget.intercom.io
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
cs.beta.fletch.ai
3 www.googletagmanager.com cs.beta.fletch.ai
www.googletagmanager.com
2 www.google.de cs.beta.fletch.ai
2 www.google.com cs.beta.fletch.ai
2 px.ads.linkedin.com 2 redirects
2 connect.facebook.net cs.beta.fletch.ai
connect.facebook.net
2 fonts.googleapis.com cs.beta.fletch.ai
1 api-iam.intercom.io js.intercomcdn.com
1 widget.intercom.io 1 redirects
1 stats.g.doubleclick.net www.google-analytics.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.googletagmanager.com
1 px4.ads.linkedin.com cs.beta.fletch.ai
1 www.linkedin.com 1 redirects
1 snap.licdn.com cs.beta.fletch.ai
1 www.fullstory.com cs.beta.fletch.ai
1 fullstory.com 1 redirects
1 js.hsforms.net cs.beta.fletch.ai
40 20

This site contains no links.

Subject Issuer Validity Valid
*.beta.fletch.ai
R3		 2021-10-14 -
2022-01-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-02 -
2021-12-01		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.intercomcdn.com
Amazon		 2021-03-01 -
2022-03-30		 a year crt.sh
*.intercom.com
Amazon		 2021-04-15 -
2022-05-14		 a year crt.sh

This page contains 2 frames:

Primary Page: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Frame ID: B8637548889CC5783DE97EC396517E60
Requests: 37 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.bb0a76ed.js
Frame ID: 3676B308DA2BEDF208A4FE316A446544
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fletch

Page Statistics

40
Requests

93 %
HTTPS

65 %
IPv6

15
Domains

20
Subdomains

16
IPs

3
Countries

4226 kB
Transfer

5468 kB
Size

17
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://fullstory.com/s/fs.js HTTP 301
  • https://www.fullstory.com/s/fs.js
Request Chain 13
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e. HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2977852%26time%3D1637752374974%26url%3Dhttps%253A%252F%252Fcs.beta.fletch.ai%252Fp%252Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%252Fu003ehttps%253A%252F%252Ft.co%252F4gUTEOTUHz%252Fu003c%252Fe%252Fu003e.%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&liSync=true&e_ipv6=AQKEF4p2-tIrYAAAAX1RpglrBrMgRWOmN6ZeeOQnxzFJtqEErMAZp-X_sTCLx-_yYsIlDqc
Request Chain 35
  • https://widget.intercom.io/widget/i0eyz6a3 HTTP 302
  • https://js.intercomcdn.com/shim.latest.js

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request u003e.
cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/ 		12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a38144f11c5b73a3fec085ac0cd40caacf4bc0c64e2efdc5a8d8c20a8d5c239a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-guploader-uploadid
ADPycdtHGtROZORr6dwN4QgOauoYc3jxf5w20R1J3pxUkoymchrcHu5sJTuLdwLAyg274Nk2SgC_bUnuHlObBCbOk7Y
date
Wed, 24 Nov 2021 11:12:54 GMT
cache-control
no-store
expires
Thu, 24 Nov 2022 11:12:54 GMT
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
etag
"e495ba186e296dc6c63b3ada739cf9a9"
x-goog-generation
1637625967329801
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
12311
content-type
text/html
x-goog-hash
crc32c=y66ZEw== md5=5JW6GG4pbcbGOzrac5z5qQ==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
12311
server
UploadServer
alt-svc
clear
css
fonts.googleapis.com/ 		3 KB
504 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,700,900
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 10:34:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 24 Nov 2021 11:12:54 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Nov 2021 11:12:54 GMT
css
fonts.googleapis.com/ 		10 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700&display=swap
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
22be54768ea412635eb9e7f33ee7e2cdbda2b0bc9c413edc57f2256add63ebfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 10:03:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 24 Nov 2021 11:12:54 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Nov 2021 11:12:54 GMT
js
www.googletagmanager.com/gtag/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-84061015-7
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
411e2c6f1aefd8fa0997a0ad0a62f9bcf918f84da9f2929083e4e3cfc3cd9e00
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:54 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36155
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Nov 2021 11:12:54 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-433039094
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0d24b2868696db714eaa5c329baca4e188922ab823edbe48166905b8783212bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:54 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39528
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Nov 2021 11:12:54 GMT
shell.js
js.hsforms.net/forms/ 		565 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/shell.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:54 GMT
via
1.1 6f3546b6b501aaa8c1b4750231158189.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
281
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 22 Nov 2021 03:35:42 UTC
server
cloudflare
etag
W/"81d36b7b25dcbaadd300923b7cd32d2c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9DFnMyRgDspRwATh5sIq%2FTBKOVpAZpmVHia%2BCwP3B3JezpV8OFVuQJ7CBpnsSdJQO%2BP2YsMWwGutONdY2wpb9z0QYaW6F2yQdREYRTuNeSRdR4mGSbFjf1CAwfCWZy0hXuk%2FaNq0V1U7Abt"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
DbFNkSWAQliTMR.LcB9YoOy1wsVfAP3h
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-P1
cf-ray
6b323476ddd82c0d-FRA
x-amz-cf-id
s_liWcfAfXswkqLvIBp6gcor4Nch9OWPoCUHyieLbuAEyp8leirf-A==
x-hs-target-asset
FormsNext/static-5.415/bundles/project_with_deps.js
11.b7cec96e.chunk.css
cs.beta.fletch.ai/static/css/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/css/11.b7cec96e.chunk.css
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3dc3dd9c188828ef890e6c5b4c84c56c1500fc7a9ddc61f46652fb18578540e0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:54 GMT
age
0
x-guploader-uploadid
ADPycdtmQzS6ywMjXX8N7WeOAkerSUvpZmpg7wJUtQnw1JBpchCE4Q9dEnguRYEYQsYWT74bjY0CGHSzidcVsIcs5HQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
10998
last-modified
Tue, 23 Nov 2021 00:06:10 GMT
server
UploadServer
etag
"c80c0cc10bf4147c05e1cfca6f1f4e24"
x-goog-hash
crc32c=3neDCA==, md5=yAwMwQv0FHwF4c/Kbx9OJA==
x-goog-generation
1637625970941622
cache-control
public,max-age=3600
x-goog-stored-content-length
10998
accept-ranges
bytes
content-type
text/css
main.36106644.chunk.css
cs.beta.fletch.ai/static/css/ 		74 KB
75 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/css/main.36106644.chunk.css
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
642e2f439490aeb35ac0ee85c8ea29884c19066750e4a0a9b639813fde78df00

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:54 GMT
age
0
x-guploader-uploadid
ADPycdt9XuxDis4ITjDoJjOFv7QK88Spx5v4yjWh8rU8gldpI2Obc5NpjADaLU8nAPXIBQfbCkmxXfFCRm5CDRHFSkM
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
76011
last-modified
Tue, 23 Nov 2021 00:06:11 GMT
server
UploadServer
etag
"23437f2623a3a04cf68807d708e151ed"
x-goog-hash
crc32c=o2695w==, md5=I0N/JiOjoEz2iAfXCOFR7Q==
x-goog-generation
1637625971300673
cache-control
public,max-age=3600
x-goog-stored-content-length
76011
accept-ranges
bytes
content-type
text/css
11.920e23b5.chunk.js
cs.beta.fletch.ai/static/js/ 		746 KB
747 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9c187bd1e054b6450fa6e9fc7cd8130ea7c2da5d50825e8f9abd80c010bd49af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:54 GMT
age
0
x-guploader-uploadid
ADPycdsiEKx3_YvgWLpz85P2-WtJVD2wMbLx6aJ2BmwZHqERdx45WLxcbGAza_lHORBpR5AgS-STvayl5cymxrXypl8
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
764016
last-modified
Tue, 23 Nov 2021 00:06:10 GMT
server
UploadServer
etag
"77c4cf958848bc5451a18a6499c2c8bf"
x-goog-hash
crc32c=cct6kw==, md5=d8TPlYhIvFRRoYpkmcLIvw==
x-goog-generation
1637625970098479
cache-control
public,max-age=3600
x-goog-stored-content-length
764016
accept-ranges
bytes
content-type
application/javascript
main.8a34627d.chunk.js
cs.beta.fletch.ai/static/js/ 		913 KB
913 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/main.8a34627d.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
13afab5a3fbef1e85b123abfb9158df6e0b79e73ad676fe98968090359dd1c63

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:54 GMT
age
0
x-guploader-uploadid
ADPycdtroA-lXu_vt84KihOfcCaLoEvNRuREujOr0SSzXtG2baRUOlVU2PbbMvXOYb7Z_TmI1Iw6Ktxaz3xbNiNu9RY
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
934568
last-modified
Tue, 23 Nov 2021 00:06:08 GMT
server
UploadServer
etag
"1644952d835336ab3f8875280bccf86e"
x-goog-hash
crc32c=nRX6bw==, md5=FkSVLYNTNqs/iHUoC8z4bg==
x-goog-generation
1637625968371776
cache-control
public,max-age=3600
x-goog-stored-content-length
934568
accept-ranges
bytes
content-type
application/javascript
mp-2-latest.min.js
cs.beta.fletch.ai/ 		80 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/mp-2-latest.min.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
860db316dab7ba4947d9d82a085cdae25947737cd5fdcbc4aa55310cb5d74035

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
age
0
x-guploader-uploadid
ADPycduQPrbLUgnjtlkXP71QWmxmVDfPa8H08F1aFrn_24fzUkpKfO0gUcP6p_zbC8Uj5474APG5DGbHerR5FxZpuKI
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
82429
last-modified
Tue, 23 Nov 2021 00:06:11 GMT
server
UploadServer
etag
"2a51ad1c7504618c995b8c1a88c79e50"
x-goog-hash
crc32c=6kSIRg==, md5=KlGtHHUEYYyZW4waiMeeUA==
x-goog-generation
1637625971460362
cache-control
public,max-age=3600
x-goog-stored-content-length
82429
accept-ranges
bytes
content-type
application/javascript
fs.js
www.fullstory.com/s/
Redirect Chain
  • https://fullstory.com/s/fs.js
  • https://www.fullstory.com/s/fs.js
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fullstory.com/s/fs.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Server
2a05:d014:275:cb00:ce75:162:d945:5f34 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

x-nf-request-id
01FN8TC263DSQHXCHT3D4WK87C
date
Wed, 24 Nov 2021 00:37:03 GMT
server
Netlify
age
38152
strict-transport-security
max-age=31536000
content-type
text/plain
location
https://www.fullstory.com/s/fs.js
cache-control
public, max-age=0, must-revalidate
content-length
49
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
9BjrppVZZt2bbGlq92XoMq9DzeGCSYFMuCQtOMA67Ul9evaEOrmF1SZWqRBuozjV57XoyDCNp3WJ1MawHK1s0w==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Wed, 24 Nov 2021 11:12:54 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 24 Nov 2021 11:12:54 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 19:17:49 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=14035
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2977852%26time%3D1637752374974%26url%3Dhttps%253A%252F%252Fcs.beta.fletch.ai%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%...
0
156 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&liSync=true&e_ipv6=AQKEF4p2-tIrYAAAAX1RpglrBrMgRWOmN6ZeeOQnxzFJtqEErMAZp-X_sTCLx-_yYsIlDqc
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:56 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-ltx1
x-li-proto
http/2
x-li-pop
prod-lva1
content-type
application/javascript
content-length
0
x-li-uuid
Yyrg1xt3uhaQvo+OZCsAAA==

Redirect headers

date
Wed, 24 Nov 2021 11:12:55 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2977852&time=1637752374974&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&liSync=true&e_ipv6=AQKEF4p2-tIrYAAAAX1RpglrBrMgRWOmN6ZeeOQnxzFJtqEErMAZp-X_sTCLx-_yYsIlDqc
x-li-proto
http/2
x-li-pop
prod-ltx1
content-length
0
x-li-uuid
SzMYxBt3uhaQJ4YzmSsAAA==
845692003047415
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/845692003047415?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6eb09ea090731cd6537290b4bb46a8b8607b9338a017a0a073b83146fd7eb970
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
DMVMPcqKKT4y4RI/2ncDPOc2wnN3wNMzp1+QKdVKyt2h8nAEYisqefs7KlJcoPTW/2MNMG+sUVUSYfQjjs1Omw==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 24 Nov 2021 11:12:55 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
0.4567fee5.chunk.js
cs.beta.fletch.ai/static/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/0.4567fee5.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
29997e548c243d96a5a2c9bd4aca2b9cb899ed59819bb3f3b77abfc7d15ecb3a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
age
0
x-guploader-uploadid
ADPycdt-AZ2oyIRKLe3A6pAYvBezgqc0JmxMHWLxwyWAFGSADgop4glNyEj4XUoHvYWcHSZeDMnF4gq4LlKKX-kaj6I
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
10913
last-modified
Tue, 23 Nov 2021 00:06:08 GMT
server
UploadServer
etag
"a6e7e188aed6b135e6c34d5b5751f436"
x-goog-hash
crc32c=T/Flxg==, md5=pufhiK7WsTXmw01bV1H0Ng==
x-goog-generation
1637625968710574
cache-control
public,max-age=3600
x-goog-stored-content-length
10913
accept-ranges
bytes
content-type
application/javascript
1.05402ce7.chunk.js
cs.beta.fletch.ai/static/js/ 		152 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/1.05402ce7.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
893e252e6cbff40bd095beafc2bb4b52fb4f68683345bebeed6d70244efc299f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
age
0
x-guploader-uploadid
ADPycdviuW3dKykHWRIiNJN84ujtJcv35Or8WKbH5aYe2gSyzWXa9G4PbDv-VNiCPPsGp_w3pgcF3kEvcst9hDFDUkw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
155769
last-modified
Tue, 23 Nov 2021 00:06:10 GMT
server
UploadServer
etag
"85b3d5d38025d32bc483c2bbeeb16efa"
x-goog-hash
crc32c=m/mhKA==, md5=hbPV04Al0yvEg8K77rFu+g==
x-goog-generation
1637625970731346
cache-control
public,max-age=3600
x-goog-stored-content-length
155769
accept-ranges
bytes
content-type
application/javascript
2.a7f8825b.chunk.js
cs.beta.fletch.ai/static/js/ 		43 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/2.a7f8825b.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
53de1be32dccbff21320260c0c67670a4a97fc5e65cd4b1e6693e68e3206e112

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
age
0
x-guploader-uploadid
ADPycducnanoD5JqWGKRFbU4xH_uk5bEG4XCy_0ByX752CgX1AfCKzbjVAKEkaMIHWnXGxX4ZZsxVPkKgcLlFHqiWaU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
43654
last-modified
Tue, 23 Nov 2021 00:06:08 GMT
server
UploadServer
etag
"03c95a939e6a620623db31f6c22275ca"
x-goog-hash
crc32c=gA9dUA==, md5=A8lak55qYgYj2zH2wiJ1yg==
x-goog-generation
1637625968205501
cache-control
public,max-age=3600
x-goog-stored-content-length
43654
accept-ranges
bytes
content-type
application/javascript
3.e29cb5f7.chunk.js
cs.beta.fletch.ai/static/js/ 		902 KB
903 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/3.e29cb5f7.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
60ad8e7c27dcccadf29e2a78e1ad90217ac83fe90c23cd5ad6557fcba7ebd3fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
age
0
x-guploader-uploadid
ADPycduvz9_A4051O_6BmhwgOfzAd7Lqdr61bndgMG2lmcU4wWl8MWyMu839XDw-BB8aNExAXlj3_ccOa8EF7du42jc
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
923530
last-modified
Tue, 23 Nov 2021 00:06:09 GMT
server
UploadServer
etag
"cef0495feec33c03aea32c1c790ace18"
x-goog-hash
crc32c=PSmd/w==, md5=zvBJX+7DPAOuoywceQrOGA==
x-goog-generation
1637625969636000
cache-control
public,max-age=3600
x-goog-stored-content-length
923530
accept-ranges
bytes
content-type
application/javascript
15.1fd2b905.chunk.css
cs.beta.fletch.ai/static/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/css/15.1fd2b905.chunk.css
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
dc335d65ba390ea6e1dab9ed15666899d58fac8d3694b63a3258c259bc313587

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
age
0
x-guploader-uploadid
ADPycdtaa9noVIS8QG2FGc4Zg9208RNLMcQxixLmH75ldth1NxXPM_tQcNj8NK89gqFTyaN6_9rmz6OYH5s5XOKKp98
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
2835
last-modified
Tue, 23 Nov 2021 00:06:11 GMT
server
UploadServer
etag
"94491789ab1e010d1cee489c62b632e6"
x-goog-hash
crc32c=ewgC1A==, md5=lEkXiaseAQ0c7kicYrYy5g==
x-goog-generation
1637625971121365
cache-control
public,max-age=3600
x-goog-stored-content-length
2835
accept-ranges
bytes
content-type
text/css
15.9042e8b0.chunk.js
cs.beta.fletch.ai/static/js/ 		717 KB
718 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/static/js/15.9042e8b0.chunk.js
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4e67e5b3b61e1f8869b80390a960d4acf809fcdf7825a9d93e15f3829694bde7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
age
0
x-guploader-uploadid
ADPycdtQmyKcVVA79ClYgrztdegj4Q59UaPTRSWkqrAAgHzTvjL3bXbhEfWuQ4hvvVaR-DwZ_2DvxyRVz75GKTLntl0
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
734594
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"0f180f4fb4576c61c8463fadabbc2d36"
x-goog-hash
crc32c=Z69Bqg==, md5=DxgPT7RXbGHIRj+tq7wtNg==
x-goog-generation
1637625967832211
cache-control
public,max-age=3600
x-goog-stored-content-length
734594
accept-ranges
bytes
content-type
application/javascript
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-84061015-7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
5872
date
Wed, 24 Nov 2021 09:35:03 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 24 Nov 2021 11:35:03 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-433039094&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-84061015-7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e9baa3a876a1d5e4ca8b9c5d2ec217296bd5bb65ae7e37b282f63d7870fe0b17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39551
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Nov 2021 11:12:55 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-433039094
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14378
x-xss-protection
0
server
cafe
etag
684346926396516684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 24 Nov 2021 11:12:55 GMT
/
cs.beta.fletch.ai/api/v1/app/mp/decide/ 		12 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/api/v1/app/mp/decide/?verbose=1&version=1&lib=web&token=115e279999d130115d9f861b632c4eb5&ip=0&_=1637752375139
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/mp-2-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a38144f11c5b73a3fec085ac0cd40caacf4bc0c64e2efdc5a8d8c20a8d5c239a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
x-guploader-uploadid
ADPycduVTQrrb95oghJ0LmqQY9G3oYah6I_WGOHFy5QjJ930keuJUJKhupZODk198Xqmkrf6Uhk6xhjF_UCdvzFDWmg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
12311
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"e495ba186e296dc6c63b3ada739cf9a9"
x-goog-hash
crc32c=y66ZEw==, md5=5JW6GG4pbcbGOzrac5z5qQ==
x-goog-generation
1637625967329801
cache-control
no-store
x-goog-stored-content-length
12311
accept-ranges
bytes
content-type
text/html
expires
Thu, 24 Nov 2022 11:12:55 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=378294982&t=pageview&_s=1&dl=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&ul=en-us&de=UTF-8&dt=Fletch&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&an=fletch&_u=YEBAAUABAAAAAC~&jid=317702710&gjid=2093483760&cid=1725872262.1637752375&tid=UA-84061015-7&_gid=326381418.1637752375&_r=1&gtm=2ouba1&z=629391050
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cs.beta.fletch.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:12:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cs.beta.fletch.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=378294982&t=pageview&_s=2&dl=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&dp=%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&ul=en-us&de=UTF-8&dt=Fletch&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=&gjid=&cid=1725872262.1637752375&tid=UA-84061015-7&_gid=326381418.1637752375&gtm=2ouba1&z=1492265308
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 08:55:39 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
8236
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/433039094/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/433039094/?random=1637752375183&cv=9&fst=1637752375183&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&tiba=Fletch&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
270d4c269130662c67661c9c148ed5910cd569278a6713e38438ac5fb3409ee8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:12:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1102
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-84061015-7&cid=1725872262.1637752375&jid=317702710&gjid=2093483760&_gid=326381418.1637752375&_u=YEBAAUAAAAAAAC~&z=1865955073
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cs.beta.fletch.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 24 Nov 2021 11:12:55 GMT
content-type
text/plain
access-control-allow-origin
https://cs.beta.fletch.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/433039094/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/433039094/?random=1637752375183&cv=9&fst=1637751600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&tiba=Fletch&async=1&fmt=3&is_vtc=1&random=2100290551&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:12:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/433039094/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/433039094/?random=1637752375183&cv=9&fst=1637751600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcs.beta.fletch.ai%2Fp%2Fbazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors%2Fu003ehttps%3A%2F%2Ft.co%2F4gUTEOTUHz%2Fu003c%2Fe%2Fu003e.&tiba=Fletch&async=1&fmt=3&is_vtc=1&random=2100290551&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:12:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-84061015-7&cid=1725872262.1637752375&jid=317702710&_u=YEBAAUAAAAAAAC~&z=37718564
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:12:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-84061015-7&cid=1725872262.1637752375&jid=317702710&_u=YEBAAUAAAAAAAC~&z=37718564
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 11:12:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
u003e.
cs.beta.fletch.ai/p/slug/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/ 		12 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/p/slug/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a38144f11c5b73a3fec085ac0cd40caacf4bc0c64e2efdc5a8d8c20a8d5c239a

Request headers

Accept
application/json, text/plain, */*
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:12:55 GMT
x-guploader-uploadid
ADPycdvYJW_vRc3u9jgfdZ2SfvWJgpySDiiVJnUfZoQCoP2ld8npiU9mmwBdxp_HBgNeonUDV-oX00Tr9c9l418ObZY
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
12311
last-modified
Tue, 23 Nov 2021 00:06:07 GMT
server
UploadServer
etag
"e495ba186e296dc6c63b3ada739cf9a9"
x-goog-hash
crc32c=y66ZEw==, md5=5JW6GG4pbcbGOzrac5z5qQ==
x-goog-generation
1637625967329801
cache-control
no-store
x-goog-stored-content-length
12311
accept-ranges
bytes
content-type
text/html
expires
Thu, 24 Nov 2022 11:12:55 GMT
config
cs.beta.fletch.ai/app/ 		77 B
345 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cs.beta.fletch.ai/app/config
Requested by
Host: cs.beta.fletch.ai
URL: https://cs.beta.fletch.ai/static/js/11.920e23b5.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.249.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.249.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c52e519daac8d05fb80bf435e222532fed9bc1f4ad7668bf96bf3d8d668ca67c

Request headers

Accept
application/json, text/plain, */*
Referer
https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 06:04:38 GMT
age
18497
x-guploader-uploadid
ADPycduJIrPnrtIB-ODdYwQxrhWslVK6VvdCK2WkuTfeF8GB3QVp3h_9HhqiLapTn1qsc-H7nYgdAYo-yX4_ob3CN4Q
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
77
last-modified
Tue, 23 Nov 2021 00:05:52 GMT
server
UploadServer
etag
"55f26df230fb1e049407c505fa47b78b"
x-goog-hash
crc32c=vOtx2Q==, md5=VfJt8jD7HgSUB8UF+ke3iw==
x-goog-generation
1637625952047910
cache-control
public,max-age=3600
x-goog-stored-content-length
77
accept-ranges
bytes
content-type
application/json
shim.latest.js
js.intercomcdn.com/
Redirect Chain
  • https://widget.intercom.io/widget/i0eyz6a3
  • https://js.intercomcdn.com/shim.latest.js
18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/shim.latest.js
Protocol
H2
Server
143.204.98.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-70.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
040771869f4119aa88101ffc86be18c82049a8f91a4f501e8b9fc271fb2d8d91

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cs.beta.fletch.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 24 Nov 2021 11:09:31 GMT
content-encoding
gzip
last-modified
Wed, 24 Nov 2021 09:59:21 GMT
server
AmazonS3
age
209
etag
"f886b7a75d43cbd1c278418899b7464f"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control
max-age=300, s-maxage=300, public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
6046
x-amz-cf-id
TAGd9O55pFYPC21GblIGZTC2J8FK6xf_azMTMKnDZ0Oh8isuuCygLA==

Redirect headers

date
Mon, 04 Oct 2021 18:53:00 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
server
AmazonS3
age
4378797
x-cache
Hit from cloudfront
location
https://js.intercomcdn.com/shim.latest.js
x-amz-cf-pop
FRA50-C1
content-length
0
x-amz-cf-id
REj9yYXwEy5qragujD8Ud6V8zO10pbogp43jHGMePA5BIZ-bo6Gj5w==
frame-modern.bb0a76ed.js
js.intercomcdn.com/ Frame 3676 		276 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.bb0a76ed.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/i0eyz6a3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-70.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4bb242a57535499387dc83c50f5a2824a8be6c3bd1bf50817f2cbc7afe57424f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 24 Nov 2021 09:59:27 GMT
content-encoding
gzip
last-modified
Wed, 24 Nov 2021 09:52:39 GMT
server
AmazonS3
age
4410
etag
"3517e170c93737b0217a1da704e83e5a"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
75411
x-amz-cf-id
I9A_wevAfly6ReHoCgnUenfgtW_Zztii1RDemAubVyJJ5l8NWJZbJg==
vendor-modern.8c83be62.js
js.intercomcdn.com/ Frame 3676 		125 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.8c83be62.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/i0eyz6a3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-70.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2a4990d05e3939e74657a0daf8c3de20a3a5570fb30d48d0f16c4ffc31b7dba1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 24 Nov 2021 10:36:03 GMT
content-encoding
gzip
last-modified
Tue, 23 Nov 2021 16:28:47 GMT
server
AmazonS3
age
2214
etag
"ba73863b39d6f35379bebbce1c53a9ee"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
38714
x-amz-cf-id
ufB9OXzOWw6vpSL9UBRlPyXpEROBlI_3MtLutxWOTDDROsHzbyVIZA==
ping
api-iam.intercom.io/messenger/web/ Frame 3676 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.bb0a76ed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.88.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad8b87a22ce463223.awsglobalaccelerator.com
Software
nginx /
Resource Hash
7fa9dfc16b5f9268805af90fd3310451ae593de93b27a43a4f8d7e03201a0c68
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 24 Nov 2021 11:12:57 GMT
content-encoding
gzip
x-ami-version
ami-09a046a428ba17525
status
200 OK
strict-transport-security
max-age=31556952; includeSubDomains; preload
vary
Accept,Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
00025e7ip1usf8a0edcg
x-runtime
0.641222
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"7fa9dfc16b5f9268805af90fd3310451"
x-ratelimit-remaining
13332
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://cs.beta.fletch.ai
x-intercom-version
15a8ff3aa9517433456e012fea87192911d6fc28
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-ratelimit-reset
1637752380
x-ratelimit-limit
13333
access-control-allow-headers
Content-Type
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| MIXPANEL_CUSTOM_LIB_URL object| mixpanel function| fullstory boolean| _fs_debug string| _fs_host string| _fs_org string| _fs_namespace function| intercom object| intercomSettings string| host object| mixpanelConfig function| getQueryParam function| campaignParams string| mixpanelID string| intercomID function| FS function| Intercom function| gtag object| dataLayer function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| webpackJsonpshenlon-ui boolean| _already_called_lintrk object| regeneratorRuntime number| __mobxInstanceCount object| __mobxGlobals object| scCGSHMRCache function| setImmediate function| clearImmediate object| FontAwesomeConfig object| ___FONT_AWESOME___ number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ object| _dsStore object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| __intercomAssignLocation

17 Cookies

Domain/Path Name / Value
cs.beta.fletch.ai/ Name: onboarding
Value: {%22adminRequests%22:{}%2C%22connectingPlatforms%22:[]%2C%22collaboratorsInvited%22:[]}
.fletch.ai/ Name: _gcl_au
Value: 1.1.529850446.1637752375
.fletch.ai/ Name: mp_115e279999d130115d9f861b632c4eb5_mixpanel
Value: %7B%22distinct_id%22%3A%20%2217d51a60761a23-05c80c4202c605-978183a-1d4c00-17d51a607621177%22%2C%22%24device_id%22%3A%20%2217d51a60761a23-05c80c4202c605-978183a-1d4c00-17d51a607621177%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22__mps%22%3A%20%7B%22%24os%22%3A%20%22Windows%22%2C%22%24browser%22%3A%20%22Chrome%22%2C%22%24browser_version%22%3A%2096%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%7D
.fletch.ai/ Name: _ga
Value: GA1.2.1725872262.1637752375
.fletch.ai/ Name: _gid
Value: GA1.2.326381418.1637752375
.fletch.ai/ Name: _gat_gtag_UA_84061015_7
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.linkedin.com/ Name: UserMatchHistory
Value: AQJY6zZxg-RwTQAAAX1RpggY5oTbuO_2FYJp5ngy2YTEtxkXlHJszHCYH7pi7D6J250l_HFj9oFSsg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLzV5B_g9VuhAAAAX1RpggYBqSB4nipJhfwaJd4Lty9L1l3yZoe40phwqMG4fLsRHj7uRfrp-TO05fSccISwg
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&73f43bfa-79a2-4726-8b26-61c448adec99"
.linkedin.com/ Name: lidc
Value: "b=TGST00:s=T:r=T:a=T:p=T:g=2747:u=1:x=1:i=1637752375:t=1637838775:v=2:sig=AQE8xDXifxD4J42_-34ikCSr27skGaUm"
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20211124111255cfc722de-30af-4da2-853e-ff31f38774b0AQFHtNctxVFM436tFIdMjyQiT5Y1CA1M"
.linkedin.com/ Name: li_gc
Value: MTswOzE2Mzc3NTIzNzU7MjswMjG4ae9XmZs8j4Z6ISjlD26uXxt8jA38ugkDqmHXADa79w==
.fletch.ai/ Name: intercom-id-i0eyz6a3
Value: 88f6450f-e369-4043-b8df-4596f18b3088
.fletch.ai/ Name: intercom-session-i0eyz6a3
Value:

4 Console Messages

Source Level URL
Text
network error URL: https://cs.beta.fletch.ai/p/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cs.beta.fletch.ai/api/v1/app/mp/decide/?verbose=1&version=1&lib=web&token=115e279999d130115d9f861b632c4eb5&ip=0&_=1637752375139
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cs.beta.fletch.ai/p/slug/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors/u003ehttps://t.co/4gUTEOTUHz/u003c/e/u003e.
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.fullstory.com/s/fs.js
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
connect.facebook.net
cs.beta.fletch.ai
fonts.googleapis.com
fullstory.com
googleads.g.doubleclick.net
js.hsforms.net
js.intercomcdn.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
stats.g.doubleclick.net
widget.intercom.io
www.fullstory.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
108.174.10.14
142.250.186.66
143.204.98.128
143.204.98.70
2606:4700::6811:b749
2620:119:50e8:101::9002:f05
2620:1ec:21::14
2a00:1450:4001:803::200a
2a00:1450:4001:810::2003
2a00:1450:4001:810::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::2004
2a00:1450:4001:82a::2008
2a00:1450:400c:c1b::9d
2a02:26f0:6c00::210:ba1b
2a03:2880:f02d:100:face:b00c:0:3
2a05:d014:275:cb00:ce75:162:d945:5f34
34.102.249.32
75.2.60.5
75.2.88.188
040771869f4119aa88101ffc86be18c82049a8f91a4f501e8b9fc271fb2d8d91
0d24b2868696db714eaa5c329baca4e188922ab823edbe48166905b8783212bb
13afab5a3fbef1e85b123abfb9158df6e0b79e73ad676fe98968090359dd1c63
22be54768ea412635eb9e7f33ee7e2cdbda2b0bc9c413edc57f2256add63ebfb
270d4c269130662c67661c9c148ed5910cd569278a6713e38438ac5fb3409ee8
29997e548c243d96a5a2c9bd4aca2b9cb899ed59819bb3f3b77abfc7d15ecb3a
2a4990d05e3939e74657a0daf8c3de20a3a5570fb30d48d0f16c4ffc31b7dba1
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
3dc3dd9c188828ef890e6c5b4c84c56c1500fc7a9ddc61f46652fb18578540e0
411e2c6f1aefd8fa0997a0ad0a62f9bcf918f84da9f2929083e4e3cfc3cd9e00
4bb242a57535499387dc83c50f5a2824a8be6c3bd1bf50817f2cbc7afe57424f
4e67e5b3b61e1f8869b80390a960d4acf809fcdf7825a9d93e15f3829694bde7
53de1be32dccbff21320260c0c67670a4a97fc5e65cd4b1e6693e68e3206e112
60ad8e7c27dcccadf29e2a78e1ad90217ac83fe90c23cd5ad6557fcba7ebd3fb
642e2f439490aeb35ac0ee85c8ea29884c19066750e4a0a9b639813fde78df00
6eb09ea090731cd6537290b4bb46a8b8607b9338a017a0a073b83146fd7eb970
7fa9dfc16b5f9268805af90fd3310451ae593de93b27a43a4f8d7e03201a0c68
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
860db316dab7ba4947d9d82a085cdae25947737cd5fdcbc4aa55310cb5d74035
893e252e6cbff40bd095beafc2bb4b52fb4f68683345bebeed6d70244efc299f
9c187bd1e054b6450fa6e9fc7cd8130ea7c2da5d50825e8f9abd80c010bd49af
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a38144f11c5b73a3fec085ac0cd40caacf4bc0c64e2efdc5a8d8c20a8d5c239a
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
c52e519daac8d05fb80bf435e222532fed9bc1f4ad7668bf96bf3d8d668ca67c
dc335d65ba390ea6e1dab9ed15666899d58fac8d3694b63a3258c259bc313587
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9baa3a876a1d5e4ca8b9c5d2ec217296bd5bb65ae7e37b282f63d7870fe0b17
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3