cyble.com Open in urlscan Pro
192.0.78.152 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/
Effective URL:
https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Submission: On November 11 via api (November 11th 2023, 3:37:32 pm UTC) from IN — Scanned from DE

Summary HTTP 198 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 31 domains to perform 198 HTTP transactions. The main IP is 192.0.78.152, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is cyble.com.
TLS certificate: Issued by R3 on September 26th 2023. Valid for: 3 months.

This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::ac43:4bbf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
84	192.0.78.152 192.0.78.152	2635 (AUTOMATTIC) (AUTOMATTIC)
14	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.112.117 18.66.112.117	16509 (AMAZON-02) (AMAZON-02)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2606:4700::68... 2606:4700::6810:8bce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:bb59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2600:9000:264... 2600:9000:2644:c00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
20	2400:52e0:1a0... 2400:52e0:1a01::999:1	200325 (BUNNYCDN) (BUNNYCDN)
4	2606:4700::68... 2606:4700::6811:cff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:50ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:f7a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7a0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:bdf::67 2620:1ec:bdf::67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:fcdb:3dce:d8d6:7d53	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:9000:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.112.19 18.66.112.19	16509 (AMAZON-02) (AMAZON-02)
3	3.127.196.46 3.127.196.46	16509 (AMAZON-02) (AMAZON-02)
3	20.122.63.128 20.122.63.128	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0d::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6810:e05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	2606:2c40::c7... 2606:2c40::c73c:67e2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	162.247.243.30 162.247.243.30	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2400:52e0:1a0... 2400:52e0:1a01::987:1	200325 (BUNNYCDN) (BUNNYCDN)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
198	40

1 2606:4700:20::ac43:4bbf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

blog.cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

84 192.0.78.152 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-117.fra56.r.cloudfront.net

uploads-ssl.webflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8bce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:bb59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2644:c00:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2400:52e0:1a01::999:1 (Los Angeles, United States)

ASN200325 (BUNNYCDN, SI)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:cff9 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f7a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7a0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::67 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:fcdb:3dce:d8d6:7d53 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:9000:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-19.fra56.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.127.196.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.122.63.128 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

p.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:e05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2c40::c73c:67e2 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

labs.cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.243.30 (United States)

ASN54113 (FASTLY, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1a01::987:1 (Los Angeles, United States)

ASN200325 (BUNNYCDN, SI)

to.getnitropack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
86	cyble.com 1 redirects blog.cyble.com cyble.com labs.cyble.com	1 MB
21	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 5303 api.omappapi.com — Cisco Umbrella Rank: 5594	95 KB
17	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 15907 i0.wp.com — Cisco Umbrella Rank: 3823 s0.wp.com — Cisco Umbrella Rank: 8056 stats.wp.com — Cisco Umbrella Rank: 2855 fonts.wp.com — Cisco Umbrella Rank: 16559 pixel.wp.com — Cisco Umbrella Rank: 2799	2 MB
10	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 5485 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 5222 api.hubspot.com — Cisco Umbrella Rank: 4613 app.hubspot.com — Cisco Umbrella Rank: 5456 track.hubspot.com — Cisco Umbrella Rank: 2298 forms.hubspot.com — Cisco Umbrella Rank: 4747	50 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	452 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 827 p.clarity.ms — Cisco Umbrella Rank: 7485 c.clarity.ms — Cisco Umbrella Rank: 1405	28 KB
5	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5567	306 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6003	5 KB
5	adroll.com s.adroll.com — Cisco Umbrella Rank: 3056 d.adroll.com — Cisco Umbrella Rank: 1356	113 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	35 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4294 forms-na1.hsforms.com — Cisco Umbrella Rank: 6733 perf-na1.hsforms.com — Cisco Umbrella Rank: 5955	10 KB
3	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 2623	1 KB
3	licdn.com snap.licdn.com — Cisco Umbrella Rank: 778	11 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	261 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 78	2 KB
2	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 15283	45 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2386	2 KB
2	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6454	356 KB
1	getnitropack.com to.getnitropack.com — Cisco Umbrella Rank: 17511	457 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 236	763 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	1 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 562	19 KB
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 15649	1 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6862	455 B
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 13166	5 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4568	88 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4559	24 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2150	21 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2155	20 KB
1	webflow.com uploads-ssl.webflow.com — Cisco Umbrella Rank: 12350	278 KB
198	31

	Domain	Requested by
84	cyble.com	cyble.com
20	a.omappapi.com	cyble.com a.omappapi.com
11	fonts.wp.com	cyble.com fonts-api.wp.com
5	static.hsappstatic.net	app.hubspot.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.com	cyble.com a.omappapi.com www.gstatic.com www.google.com
4	s.adroll.com	cyble.com www.googletagmanager.com s.adroll.com
3	fonts.gstatic.com	fonts.googleapis.com www.google.com
3	bam-cell.nr-data.net	app.hubspot.com
3	p.clarity.ms	www.clarity.ms
3	app.hubspot.com	js.usemessages.com static.hsappstatic.net app.hubspot.com
3	px.ads.linkedin.com	3 redirects
3	snap.licdn.com	www.googletagmanager.com snap.licdn.com
3	www.googletagmanager.com	cyble.com www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	track.hubspot.com
2	x.clearbitjs.com	tag.clearbitscripts.com
2	api.hubspot.com	js.usemessages.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.clarity.ms	cyble.com www.clarity.ms
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	forms.hsforms.com	js.hsforms.net cyble.com
2	js.hs-scripts.com	cyble.com www.googletagmanager.com
2	js.hsforms.net	cyble.com js.hsforms.net
2	fonts-api.wp.com	cyble.com
1	forms.hubspot.com	js.hsleadflows.net
1	to.getnitropack.com	cyble.com
1	c.bing.com	1 redirects
1	fonts.googleapis.com	a.omappapi.com
1	labs.cyble.com	cyble.com
1	js-agent.newrelic.com	app.hubspot.com
1	app.clearbit.com	x.clearbitjs.com
1	www.google.de	cyble.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	api.omappapi.com	a.omappapi.com
1	perf-na1.hsforms.com	cyble.com
1	forms-na1.hsforms.com	cyble.com
1	px4.ads.linkedin.com	cyble.com
1	www.linkedin.com	1 redirects
1	tag.clearbitscripts.com	www.googletagmanager.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	pixel.wp.com	cyble.com
1	d.adroll.com	s.adroll.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	stats.wp.com	cyble.com
1	s0.wp.com	cyble.com
1	i0.wp.com	cyble.com
1	uploads-ssl.webflow.com	cyble.com
1	blog.cyble.com	1 redirects
198	54

This site contains links to these domains. Also see Links.

Domain
labs.cyble.com
www.cyble.com
getodin.com
thecyberexpress.com
partnernetwork.cyble.com
partnercentral.cyble.com
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com
attack.mitre.org
blog.cyble.com
www.youtube.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2023-09-26` - `2023-12-25`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
uploads-ssl.webflow.com Amazon RSA 2048 M02	`2023-07-29` - `2024-08-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-16` - `2024-05-15`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
a.omappapi.com R3	`2023-10-05` - `2024-01-03`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
clearbitscripts.com Amazon RSA 2048 M01	`2023-06-11` - `2024-07-09`	a year	crt.sh
api.opmnstr.com Amazon RSA 2048 M01	`2023-03-01` - `2024-02-08`	a year	crt.sh
clearbitjs.com Amazon RSA 2048 M01	`2023-03-17` - `2024-04-14`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
clearbit.com Amazon RSA 2048 M02	`2023-03-17` - `2024-04-14`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
labs.cyble.com GTS CA 1P5	`2023-09-16` - `2023-12-15`	3 months	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.getnitropack.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-19` - `2023-12-19`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Frame ID: 35DDCCA4C86BA8E1222E707088E572B5
Requests: 177 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: 908B79C6FBB9D8187FF1AA3C0DB33FAC
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 8833F5B233258C515829A5548C4DC74A
Requests: 13 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=37ukd59kf6yp
Frame ID: 999B6FCC555B13D6C2C4D18B32AAC75C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cyble — DuckLogs - New Malware Strain Spotted In The Wild

Page URL History Show full URLs

https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/ HTTP 301
https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

198
Requests

98 %
HTTPS

71 %
IPv6

31
Domains

54
Subdomains

40
IPs

4
Countries

5432 kB
Transfer

12548 kB
Size

40
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://labs.cyble.com/q3-2023-ransomware-report
Title: The Q3, 2023 Ransomware Report is Now Available. Download Now

Search URL Search Domain Scan URL

URL: https://www.cyble.com/products/cyble-vision
Title: Secure your business from emerging threats and limit opportunities for your adversaries.

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: Cyble Odin

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/
Title: The Cyber Express

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Partner Network

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/partner/registration
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&text=DuckLogs%20%E2%80%93%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild&hashtags=Clipper,Cryptocurrency,Cryptominer,Cybercrime,Darkweb,Data%20Breach,Data%20Leak,Infostealer,Malware,Remote%20Access%20Trojan,Stealer

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/bookmarklet/?media=https://cyble.com/wp-content/uploads/2022/12/8.png&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&description=DuckLogs%20%E2%80%93%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&title=DuckLogs+%26%238211%3B+New+Malware+Strain+Spotted+In+The+Wild&source=Cyble

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204/
Title: T1204

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/001/
Title: T1059

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047/
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1547/001/
Title: T1547

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1055/
Title: T1055

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562/
Title: T1562

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1497/
Title: T1497

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057/
Title: T1057

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082/
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1518/
Title: T1518

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071/
Title: T1071

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1105/
Title: T1105

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1573/
Title: T1573

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1102/
Title: T1102

Search URL Search Domain Scan URL

URL: https://blog.cyble.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://twitter.com/cybleglobal
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cybleglobal
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/ HTTP 301
https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 127

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1699717046438%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fducklogs-new-malware-strain-spotted-in-the-wild%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true&liSync=true&e_ipv6=AQLJk6EZzyjQRQAAAYu_B-Lv_M_j2juICcIQbWQkqjKhGHsaKkaeechUbKLcfqTLHYrFsb9JPzh_jQ

Request Chain 181

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B4301B07FDA449D8BE20036907A982AB&RedC=c.clarity.ms&MXFR=2A0936F3661B6AB53EA12535621B6416 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B4301B07FDA449D8BE20036907A982AB&MUID=1E9F45B1C49E6BF13E705677C5F56A37

198 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Redirect Chain

https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/
https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

574 KB
95 KB

1617ms
1582ms

Document
text/html

192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f78ea821cda2bdf5e929eb21e09157a43dce4d1d0b8a43cfaee631216801bcf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
cf-edge-cache: no-cache
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 11 Nov 2023 15:37:25 GMT
host-header: WordPress.com
link: <https://cyble.com/wp-json/>; rel="https://api.w.org/" <https://cyble.com/wp-json/wp/v2/posts/14319>; rel="alternate"; type="application/json" <https://wp.me/pf01Lu-3IX>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 2.hhn _atomic_ams EXPIRED
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: Want root? Visit join.a8c.com and mention this header.
x-nananana: Batcache-Set
x-nitro-cache: MISS
x-xss-protection: 1; mode=block

Redirect headers

cache-control: max-age=3600
cf-ray: 82479dc57e901e59-FRA
date: Sat, 11 Nov 2023 15:37:24 GMT
expires: Sat, 11 Nov 2023 16:37:24 GMT
location: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dvc9g5iPQ5J%2FckShruqRdXaP05ZgVVJPawSB6vJQssWeyNYTdZXeXEAcq7jYkm2mVJxJLO6uA1PISAOKHvl4oBJ3ELQUPLMkcJ2CCY%2BTe2Q8sF2LtnpgGY6OJAyUDp9gidaXunNH3jL%2BsgAC"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/ 46 KB
9 KB 8ms
8ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

044ef4f8ed43bfa59c9793d62975bc7ff747731bb1d97bbf0e1c0c6db95cca31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Nov 2023 18:11:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654a7dba-b8a0"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 8 KB
1 KB 63ms
23ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A500%2C400&display=fallback&ver=4.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a61adcba5535446226b967547c5a240a0c58588d868a17890e04c990b67c5f82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Sat, 11 Nov 2023 15:37:25 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/ 108 KB
15 KB 10ms
0ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=16.9.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8566b5839e309fd46ee7189f1af0337ffce13dc6f751a148ac589164f89e9de8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 25 Oct 2023 15:46:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6539385e-1b09e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
cyble.com/wp-content/plugins/layout-grid/ 58 KB
3 KB 11ms
0ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 26 Jan 2022 12:47:22 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"61f142da-e64d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
cyble.com/wp-includes/js/mediaelement/ 11 KB
3 KB 11ms
0ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5f735862-2bf8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.css
cyble.com/wp-includes/js/mediaelement/ 4 KB
1 KB 11ms
0ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5cfaccce-105a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
BLOB 200
OK 6ac6e638-d919-4b34-8f34-7962e5fedc5e
https://cyble.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/6ac6e638-d919-4b34-8f34-7962e5fedc5e
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 ele-news-ticker.css
cyble.com/wp-content/plugins/news-ticker-widget-for-elementor/assets/css/ 529 B
533 B 20ms
8ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/news-ticker-widget-for-elementor/assets/css/ele-news-ticker.css?ver=6.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0c679efd167a32b0825de0591a02315d08db62c62fbf9f2178bdf55f195e83ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 11:58:15 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654e1ad7-211"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ticker.css
cyble.com/wp-content/plugins/news-ticker-widget-for-elementor/assets/css/ 785 B
567 B 20ms
8ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/news-ticker-widget-for-elementor/assets/css/ticker.css?ver=6.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3857b8ea601a609b4eefe5391232b41680ac7c303de5a021136608bda8ec92ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 11:58:15 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654e1ad7-311"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 t4bnewsticker.css
cyble.com/wp-content/plugins/t4b-news-ticker/assets/css/ 3 KB
1 KB 20ms
9ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/t4b-news-ticker/assets/css/t4bnewsticker.css?ver=1.2.8

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

418ba9866f7867d24cd94a10ea132a6e5a7ff9b4ec74e9e009b08b0e0693badb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 12:22:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654e2073-b43"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/ 776 B
584 B 20ms
9ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.17

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 19 Oct 2023 06:11:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6530c87a-308"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elementor-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 20ms
9ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.23.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

941b1493157dfb7316bcb3c7357a94e9ba173607d80559408620f4ab4c39c88d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 14 Sep 2023 16:57:35 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65033b7f-4c4d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 167 KB
21 KB 20ms
9ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.17.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a50d381748c22ce26c690586d18b41c72b4a9c71c0f1254e64fec18e2d0b039a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Nov 2023 16:07:37 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654bb249-29beb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/ 13 KB
3 KB 20ms
10ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 14 Sep 2023 16:57:35 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65033b7f-324c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-5708.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
695 B 20ms
10ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1699498092

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 09 Nov 2023 02:48:12 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654c486c-4bd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 440 KB
44 KB 19ms
10ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.17.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

54b504a934b8cc1b8bf548c18b209e1f490a9ed03e7d6905935743d488e02344

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 01 Nov 2023 18:11:12 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654294c0-6e0eb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/ 639 KB
71 KB 19ms
10ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.36.25

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8731d7ba8485239f3bf5c23da3962a8374f8a7c7129d3e552840f6f56800bba9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 09 Nov 2023 18:11:10 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654d20be-9fa0b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-9211.css
cyble.com/wp-content/uploads/elementor/css/ 18 KB
2 KB 26ms
17ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1699498092

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ef8bfc9484e5389cc2e09db84c64a5f7cc8cb742d08c102e0727333a014a95f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 09 Nov 2023 02:48:12 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654c486c-46b6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/ 74 KB
8 KB 26ms
17ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.17

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ea14d1b1233e6cbc9b1a156ac532f076f7adafc309726fca7bf8833f882ac872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 19 Oct 2023 06:11:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6530c87a-127a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
cyble.com/wp-content/plugins/astra-addon/addons/blog-pro/assets/css/minified/ 5 KB
1 KB 25ms
17ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/blog-pro/assets/css/minified/style.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c880dba8b9785ed12e3d0c9ed65ab16620e1769154264989633851a0653758a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-129a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 related-posts.min.css
cyble.com/wp-content/plugins/astra-addon/addons/blog-pro/assets/css/minified/ 682 B
525 B 25ms
18ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/blog-pro/assets/css/minified/related-posts.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8b715e2b510a6fe1970eb41598d51f6ee26ab7e0390d5a4e86eceda88145c352

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-2aa"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 blog-layout-3.min.css
cyble.com/wp-content/plugins/astra-addon/addons/blog-pro/assets/css/minified/ 1 KB
575 B 25ms
18ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/blog-pro/assets/css/minified/blog-layout-3.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

295fbb5e54d72b6d4ce1706b49b105dde853dec01470192fd5c372e5b29b8837

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-43f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
cyble.com/wp-content/plugins/astra-addon/classes/builder/assets/css/minified/ 6 KB
2 KB 25ms
18ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/classes/builder/assets/css/minified/style.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8e4e49412ad1d916f9fe1a2c6a0124bafe489ede5311fd5082ea359f92b8a8cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-1792"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 astra-hooks-sticky-header-footer.min.css
cyble.com/wp-content/plugins/astra-addon/addons/advanced-hooks/assets/css/minified/ 2 KB
618 B 25ms
18ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/advanced-hooks/assets/css/minified/astra-hooks-sticky-header-footer.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4252a2cdfd3391e6f8bed901f0fdcf6c1779363f4c18a4489ca8070416bf333b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-601"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
cyble.com/wp-content/plugins/astra-addon/addons/advanced-hooks/assets/css/minified/ 214 B
506 B 25ms
18ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/advanced-hooks/assets/css/minified/style.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1af623b7fa49e6d07f7fbaa58e70f51a790c4cd4c8abb452af6c7a12d327b137

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
etag: "6536b73f-d6"
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 214
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
cyble.com/wp-content/plugins/astra-addon/addons/site-layouts/assets/css/minified/ 1 KB
684 B 24ms
18ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/site-layouts/assets/css/minified/style.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f9559fb7eb7556f21cc88d419722e9bf3147b01639b30df770820e08bd076861

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-4f3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
cyble.com/wp-content/plugins/astra-addon/addons/sticky-header/assets/css/minified/ 10 KB
2 KB 24ms
19ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/sticky-header/assets/css/minified/style.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

445e6c05d7b739e170dd20ae0670401c985c0de787c83773f5177d01306c8fd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-2958"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mega-menu.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 15 KB
2 KB 24ms
19ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/mega-menu.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

71543675c131b841c82320e95d11ce0544414ac3c30dadf40d6c5ef5ff21ea8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-3c67"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
cyble.com/wp-content/plugins/astra-addon/addons/advanced-search/assets/css/minified/ 9 KB
2 KB 24ms
19ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/advanced-search/assets/css/minified/style.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1ccc47fe2259773bf33ee7831905071311322957e5b270f00ce7f855ebbf0216

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-2327"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.css
cyble.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 24ms
19ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 04 Oct 2023 18:11:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"651daac2-14d6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 76 KB
3 KB 57ms
25ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c391d5d280b0b950860203c4aea86b6aa48c587ba784a3438945670d8f418b12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Sat, 11 Nov 2023 15:23:34 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 fontawesome.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 24ms
19ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 14 Sep 2023 16:57:35 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65033b7f-e238"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 brands.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 675 B
609 B 24ms
20ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 14 Sep 2023 16:57:35 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65033b7f-2a3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
cyble.com/wp-content/plugins/jetpack/css/ 98 KB
19 KB 24ms
20ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/css/jetpack.css?ver=12.9-a.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6d8df80636365e2ceb28f46ce2b54a2fbd661b03a0282983f26c435d927d9657

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 31 Oct 2023 20:55:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654169ca-18946"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
cyble.com/wp-includes/js/jquery/ 86 KB
31 KB 24ms
20ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
cyble.com/wp-includes/js/jquery/ 13 KB
5 KB 24ms
20ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6482bd64-3509"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 related-posts.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 24ms
20ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 19 Jun 2023 19:16:28 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6490a98c-1661"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.js Show response
cyble.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 32ms
28ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 04 Oct 2023 18:11:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"651daac2-21fc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 325 KB
106 KB 88ms
37ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bd75d8c46b85f9707565edbb53845948e0c94cb884b00f088ec8da8d99a3c160

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107720
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 11 Nov 2023 15:37:25 GMT

GET
H2 200 Cyble-Logo-150x42-1.webp
cyble.com/wp-content/uploads/2023/07/ 3 KB
3 KB 32ms
28ms Image
image/webp 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/07/Cyble-Logo-150x42-1.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

594e58a370b6219afb761152e616c06147e70e8c8d040ef51058f238025633a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 26 Jul 2023 09:51:45 GMT
server: nginx
etag: "64c0ecb1-c16"
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 3094
expires: Thu, 21 Sep 2023 18:18:57 GMT

GET
H2 200 visioncyble.png
cyble.com/wp-content/uploads/2023/08/ 6 KB
7 KB 24ms
21ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/visioncyble.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 31 Aug 2023 04:03:56 GMT
server: nginx
etag: "64f0112c-19b2"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 6578
expires: Thu, 21 Sep 2023 18:18:57 GMT

GET
H2 200 hawkbycyble.png
cyble.com/wp-content/uploads/2023/08/ 4 KB
4 KB 24ms
21ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/hawkbycyble.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

50609579a0013a9543bdf2f3b69b484dafea8e313a2ce1a65f5ae93a930991d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 31 Aug 2023 06:39:32 GMT
server: nginx
etag: "64f035a4-e06"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 3590
expires: Thu, 21 Sep 2023 18:18:57 GMT

GET
H2 200 Ami-Breached.png
cyble.com/wp-content/uploads/2023/08/ 5 KB
5 KB 8ms
8ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Ami-Breached.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

39badaa7254daebaccbfc900a8ab3e619aaa048a7306b182ecf19655fdaf3976

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 04 Sep 2023 07:06:50 GMT
server: nginx
etag: "64f5820a-1282"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 4738
expires: Thu, 21 Sep 2023 18:18:57 GMT

GET
H2 200 cybleodin.png
cyble.com/wp-content/uploads/2023/08/ 7 KB
7 KB 8ms
8ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/cybleodin.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 04 Sep 2023 07:06:50 GMT
server: nginx
etag: "64f5820a-1a66"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 6758
expires: Thu, 21 Sep 2023 18:18:57 GMT

GET
H2 200 tce-logo.png
cyble.com/wp-content/uploads/2023/08/ 10 KB
10 KB 14ms
13ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/tce-logo.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f650518059b9901bbf0175fde4089bda6ac93efef083514d37c3245a7f50abdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 31 Aug 2023 06:41:34 GMT
server: nginx
etag: "64f0361e-271a"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 10010
expires: Thu, 21 Sep 2023 18:18:57 GMT

GET
H2 200 63e0e74f21fa4757c3a4f79f_products.png
uploads-ssl.webflow.com/63dd0ddca5abb1b5aff27e38/ 277 KB
278 KB 67ms
14ms Image
image/png 18.66.112.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/63dd0ddca5abb1b5aff27e38/63e0e74f21fa4757c3a4f79f_products.png
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e5c524e3e761e7f83d82d0713c43a707f52e9d2bac9d3705a09857714e094fac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:58:34 GMT
x-amz-version-id: 8j9.sXtilP1QVSLFuZIMlcthaYrBO2bI
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
age: 3548332
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 283614
last-modified: Mon, 06 Feb 2023 11:41:05 GMT
server: AmazonS3
etag: "c9ae576c481235e660203b28916cb3fc"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: CmKLPAu7rBBBhK_GzngP7gXfIhNXpYCAsjtoLBuNV8zMAoiPeSIOWA==

GET
H2 200 8-1024x512.png
cyble.com/wp-content/uploads/2022/12/ 300 KB
301 KB 128ms
124ms Image
image/webp 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2022/12/8-1024x512.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

801d28764049db88df7f96a30172b3790f9578799a491942a8f0faf534bcce5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-ac: 2.hhn _atomic_ams MISS
alt-svc: h3=":443"; ma=86400
content-length: 307102
x-nc: HIT dca 4
last-modified: Mon, 06 Nov 2023 19:25:15 GMT
server: nginx
etag: "f7255df92cc66360"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
expires: Thu, 06 Nov 2025 07:25:15 GMT

GET
H2 200 Figure-1-%E2%80%93-DuckLogs-Stealer-Advertisement-in-CyberCrime-Forum-1024x318.jpg
cyble.com/wp-content/uploads/2022/12/ 21 KB
22 KB 255ms
251ms Image
image/webp 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2022/12/Figure-1-%E2%80%93-DuckLogs-Stealer-Advertisement-in-CyberCrime-Forum-1024x318.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4d6940b8d6231d123cedc7c9e3ca87fa1b740d9cc59c7f40dbf94de714098c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-ac: 2.hhn _atomic_ams MISS
alt-svc: h3=":443"; ma=86400
content-length: 21668
x-nc: MISS dca 8
last-modified: Sat, 11 Nov 2023 15:37:26 GMT
server: nginx
etag: "1f9f55515522f7d7"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
expires: Tue, 11 Nov 2025 03:37:26 GMT

GET
H2 200 subscribe-to-CRIL.jpg
i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/ 16 KB
16 KB 46ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 16232
x-nc: HIT hhn 1
last-modified: Wed, 26 Jul 2023 23:15:01 GMT
server: nginx
etag: "27ade7d444618f64"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg>; rel="canonical"
expires: Sat, 26 Jul 2025 11:15:01 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 559 KB
179 KB 51ms
22ms Script
application/javascript 2606:4700::6810:8bce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063746967871d4216965a4986fe8364aa66625bc5da5dd9d4c356d863b5c51da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding: br
age: 592
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4110/bundles/project-v2.js&cfRay=82478f5ccece4d74-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"c29a551e477ae940faf937d9f051c067"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4110/bundles/project-v2.js
date: Sat, 11 Nov 2023 15:37:25 GMT
x-amz-version-id: 2.K8Uxn1o3u0mUGuPox8BfBcKB0lZg3T
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 33e9980c-4724-4158-9840-7ed3eda2956a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 33e9980c-4724-4158-9840-7ed3eda2956a
last-modified: Wed, 08 Nov 2023 09:25:28 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVFkM1n2y%2BoG8LrgITCMqEQXRBlyr0rAMieqtX2QapJ6Het%2BDxo8sKgy26fREj9If0RFbSpvpmiJtZMyPq%2FU0lWyrn44dcD2X5Vrrc8GH49vbQ0AsMv3JCG5wD5jE34k0u8pMgedG6G8KDR8"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-j8qxr
cf-ray: 82479dd06e8e4d91-FRA
x-amz-cf-id: w-fkrLS96eKnvF7SxQYkBaowMLt9ZL2mP6-I888SAaTSxy4TS8CyNw==

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 6 KB
3 KB 21ms
14ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202345
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 51384f67c702c265bd5d21f3b1bbb9fc22bce41125daffbf058f13b28217d127

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 11 Nov 2023 15:37:25 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Thu, 26 Oct 2023 13:17:07 GMT
server: nginx
etag: W/"653a66d3-19e3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 05 Nov 2024 00:00:00 GMT

GET
H2 200 magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 0
280 B 7ms
6ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
etag: "6536b73f-0"
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 0
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.css
cyble.com/wp-content/plugins/revslider/public/assets/css/ 58 KB
13 KB 8ms
7ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4e0444e1833b39198b3f37d6f556b0443dabff58bcd8e8b16530b0f980ea2b1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64c955b1-e96a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/themes/astra/assets/js/minified/ 21 KB
5 KB 7ms
6ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2caa7723419d7c6ded5dc50d3a9518cfc31a806471197dd34d6605393e9bcaeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Nov 2023 18:11:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654a7dba-528b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 2 KB
1 KB 173ms
127ms Script
application/javascript 2606:4700::6810:bb59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.2.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f103f62477c6a9676ce29ecbdf9c9493fad45111dd75a14cbfb0f5baf4096693

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8cabc80f-1e67-48e1-9584-adcb4af8c737
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8cabc80f-1e67-48e1-9584-adcb4af8c737
last-modified: Sat, 11 Nov 2023 15:30:49 GMT
server: cloudflare
x-trace: 2BC9FAA98B3100BACED615691041D9EEB51B1B2D93000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-lwkqr
cf-ray: 82479dd0b84871bb-FRA
expires: Sat, 11 Nov 2023 15:38:25 GMT

GET
H2 200 ticker.js Show response
cyble.com/wp-content/plugins/news-ticker-widget-for-elementor/assets/js/ 26 KB
9 KB 18ms
10ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/news-ticker-widget-for-elementor/assets/js/ticker.js?ver=1.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dbd6799bbdbc2fd53a96f503f454a90c5b5af94aef34b794aa6c017b77702341

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 11:58:15 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654e1ad7-6610"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rbtools.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 162 KB
62 KB 31ms
28ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

52984e532d02a87a060764ff400626a1b81cc316284a8ba1feab5d94697119a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64c955b1-28681"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 406 KB
106 KB 31ms
28ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d83aec48544d062dde1996c25831b736a6262a98fc15a037ee5c72b1f9f0aeb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64c955b1-659a8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.liscroll.js Show response
cyble.com/wp-content/plugins/t4b-news-ticker/assets/js/ 6 KB
2 KB 18ms
11ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/t4b-news-ticker/assets/js/jquery.liscroll.js?ver=1.2.8

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b8b88e3de37446ef3659a8a4329f4a01f32e8693c4b102b3df91fecb687d6fa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 12:22:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654e2073-16fa"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-pro.min.js Show response
cyble.com/wp-content/plugins/astra-addon/assets/js/minified/ 4 KB
2 KB 18ms
11ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/assets/js/minified/frontend-pro.min.js?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0c91ab5b297f9f2fda85a197eeb47839100565b39ddea58772a161211e76f3ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-1186"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 advanced-hooks-sticky-header-footer.min.js Show response
cyble.com/wp-content/plugins/astra-addon/addons/advanced-hooks/assets/js/minified/ 5 KB
2 KB 18ms
11ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/advanced-hooks/assets/js/minified/advanced-hooks-sticky-header-footer.min.js?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f834a029a78c0ab307009a4b634873883ed1e544d0e68ef28a5efa5b56d0f643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-1533"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sticky-header.min.js Show response
cyble.com/wp-content/plugins/astra-addon/addons/sticky-header/assets/js/minified/ 16 KB
4 KB 18ms
12ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/sticky-header/assets/js/minified/sticky-header.min.js?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

80dd975a6a9a2990bd82dc0d70b88250ddab2c213a1afe4c36071a944a8f1e2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-41c8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mega-menu-frontend.min.js Show response
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/js/minified/ 8 KB
2 KB 18ms
12ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/js/minified/mega-menu-frontend.min.js?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c2e3d942841a2db58ec17b82d5a30909aa2ff162f8330da05b5abed1ea46c6f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-1e2b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 advanced-search.min.js Show response
cyble.com/wp-content/plugins/astra-addon/addons/advanced-search/assets/js/minified/ 3 KB
1 KB 19ms
12ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/advanced-search/assets/js/minified/advanced-search.min.js?ver=4.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fa2adc8e591afce15ec4b4b22089c4faa15095f55b78eb007ff6a849ebaa6e5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 23 Oct 2023 18:11:11 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6536b73f-ba3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202345.js Show response
stats.wp.com/ 7 KB
3 KB 45ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202345.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Sat, 11 Nov 2023 15:37:25 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684464982353.1523
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 04 Nov 2024 07:34:58 GMT

GET
H2 200 jetpack-carousel.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/ 24 KB
8 KB 19ms
12ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=12.9-a.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 30 May 2023 17:03:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64762c64-5e2d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 helper.min.js Show response
cyble.com/wp-content/plugins/optinmonster/assets/dist/js/ 3 KB
1 KB 18ms
12ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.14.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ab2893642fc3a295af460bb6c27d6c0c425becfef2e1a90ebf25507a04b2fda7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 13 Oct 2023 05:51:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6528dad2-bb9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 uael-nav-menu.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/ 20 KB
4 KB 18ms
13ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.36.25

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 09 Nov 2023 18:11:10 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654d20be-51a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery_resize.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/ 3 KB
2 KB 18ms
13ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.36.25

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 09 Nov 2023 18:11:10 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654d20be-d5e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_cookie.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/ 2 KB
1 KB 18ms
13ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.36.25

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 09 Nov 2023 18:11:10 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654d20be-7a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack-pro.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 19ms
13ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.17.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d9755b7eff734eeb6267db6515f0267fc66622cd873cd37f65761b3fcc94cac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 01 Nov 2023 18:11:12 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654294c0-16a9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 19ms
13ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.17.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

263d6264b8a006bde843f733401522760c8a67452cbadfa35a4a69ce6aff7524

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Nov 2023 16:07:37 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654bb249-1385"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-modules.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 59 KB
18 KB 19ms
14ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.17.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fe2b279e27abcce2aaa29cb64e7424cced3465bd6837490093f8e4d26627b31b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Nov 2023 16:07:37 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654bb249-eaf7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-polyfill-inert.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 19ms
14ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"63c7d511-1feb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 regenerator-runtime.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 19ms
14ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 19 Sep 2023 19:30:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6509f6d0-19e1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-polyfill.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 16 KB
6 KB 19ms
14ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"649af113-3f12"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/hooks/ 4 KB
2 KB 19ms
14ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=700a21be8955e3eb9568

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

761c4ef72f1aa7bcaf50a6562e915e33d2713aefa1384d6ee1d77a3a07fb7be3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Oct 2023 19:29:26 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6526f796-11f6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 19ms
15ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=f5a63315d8d2f363ce59

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9ddaa48947691f4edbd85d83e34061cdf5eaabf0b10b59b3922d95233b8950ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Oct 2023 19:29:26 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6526f796-23b2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 29ms
24ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.17.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c7267d9f9b72944e2b3772a521fd1b8882ca17b124de63549fbf591167efbd25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 01 Nov 2023 18:11:12 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654294c0-6062"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 waypoints.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 29ms
25ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 14 Sep 2023 16:57:35 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65033b7f-2fa6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
cyble.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 29ms
25ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"63dbe690-53be"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 39 KB
13 KB 29ms
25ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.17.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

658f3a895bca2fee13e440e355fe44511cb4fd3bd72156b268f2950bb1003b30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Nov 2023 16:07:37 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654bb249-9df4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elements-handlers.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 35 KB
9 KB 29ms
25ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.17.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

60a6db28503da0b2c2f4e39da485b7649425cd481da5dee9ff33f6c68e9cb480

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 01 Nov 2023 18:11:12 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654294c0-8b5a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/ 99 KB
29 KB 61ms
9ms Script
text/javascript 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5c771b0f3654468975034601cec8742e7768614c03e92d1c438e666d28852790

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

X-Amz-Version-Id: STuGNjveWHwuSy2hyPziu2N_b9s7gWBY
Content-Encoding: gzip
Via: 1.1 a84e87b6b82308dbc0e331c3e28c23c6.cloudfront.net (CloudFront)
Date: Sat, 11 Nov 2023 15:23:21 GMT
Age: 2042
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Fri, 10 Nov 2023 12:42:09 GMT
Server: AmazonS3
Etag: W/"07439a6cf1fe0ef688143c70f24cb66b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: G2xmFsd7fe9ZinzJ3MnWlCqOQ9uQaBkLRqxyHKGYklYBb4rTp_-uyg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 235 KB
84 KB 103ms
54ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f19bda39706dbdf297fbcda17d6286e94a962b92a06cc8616e16314adebb0aec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85743
x-xss-protection: 0
last-modified: Sat, 11 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 11 Nov 2023 15:37:25 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 51 KB
18 KB 521ms
164ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: b18b7934fcad866d7a86f35e082d61323a9417ef10ded37e30c710dae0d38df4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: br
cdn-edgestorageid: 1002
perma-cache: HIT
cdn-storageserver: LA-457
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Wed, 08 Nov 2023 17:53:19 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 625
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"654bcb0f-cb9a"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 1a4c6d69b930282274d6ef4457c22851
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 pxiEyp8kv8JHgFVrFJDUc1NECPY.ttf
fonts.wp.com/s/poppins/v20/ 155 KB
155 KB 42ms
10ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiEyp8kv8JHgFVrFJDUc1NECPY.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 17:03:58 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 158240
x-xss-protection: 0

GET
H2 200 KFOmCnqEu92Fr1Me5WZLCzYlKw.ttf
fonts.wp.com/s/roboto/v30/ 164 KB
165 KB 41ms
11ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOmCnqEu92Fr1Me5WZLCzYlKw.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:47 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 168260
x-xss-protection: 0

GET
H2 200 astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/ 3 KB
4 KB 8ms
7ms Font
application/font-woff 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Tue, 07 Nov 2023 18:11:06 GMT
server: nginx
etag: "654a7dba-ce8"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 3304
expires: Thu, 16 Nov 2023 21:15:19 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9V1tvFP-KUEg.ttf
fonts.wp.com/s/poppins/v20/ 153 KB
153 KB 42ms
11ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9V1tvFP-KUEg.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

8d909883de81344e0fbcfef30e931872e92d9aeecdf85b6dcf6e0b28c078e98e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:10:12 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 156520
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmEU9vAx05IsDqlA.ttf
fonts.wp.com/s/roboto/v30/ 165 KB
165 KB 41ms
11ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9vAx05IsDqlA.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9d0d55a303bfd13b79a87721f65185e93f235e2d77fe398b2dca67ac519915f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 168644
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmWUlvAx05IsDqlA.ttf
fonts.wp.com/s/roboto/v30/ 163 KB
164 KB 54ms
23ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlvAx05IsDqlA.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ec685a46105296fe46c8744da4a11cf8118ba6c11271941766f7a546df6aa7c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:25:11 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 167336
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLCz7V1tvFP-KUEg.ttf
fonts.wp.com/s/poppins/v20/ 150 KB
151 KB 54ms
24ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7V1tvFP-KUEg.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7219547ee25334cbac0fe4b3acf0bf631e48ebb622c71af038edaaa652c60875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:11:45 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 153944
x-xss-protection: 0

GET
H2 200 pxiGyp8kv8JHgFVrJJLed3FBGPaTSQ.ttf
fonts.wp.com/s/poppins/v20/ 178 KB
178 KB 53ms
23ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLed3FBGPaTSQ.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3225cec6a018310497ea9ee116aa43b2a833464fed6156dceb9a3a4424bb8613

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:07:05 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 182012
x-xss-protection: 0

GET
H2 200 pxiDyp8kv8JHgFVrJJLmy15lEN2PQEhcqw.ttf
fonts.wp.com/s/poppins/v20/ 172 KB
173 KB 54ms
24ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmy15lEN2PQEhcqw.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9d4d9f3c2c289eaec403660ec215bdc45e62b49f978807714bfc31ca7916c8fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:52:06 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 176588
x-xss-protection: 0

GET
H2 200 Figure-2-DuckLogs-features.jpg
cyble.com/wp-content/uploads/2022/12/ 145 KB
146 KB 14ms
13ms Image
image/jpeg 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2022/12/Figure-2-DuckLogs-features.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cf7f9ade78374ff4a5fd3f995eca2cd383068587c0cf4dcdc2695d17932f2cc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 01 Dec 2022 11:10:38 GMT
server: nginx
etag: "63888bae-24507"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 148743
expires: Mon, 13 Nov 2023 08:15:51 GMT

GET
H2 200 Figure-3-Price-details-of-DuckLogs-malware.jpg
cyble.com/wp-content/uploads/2022/12/ 92 KB
93 KB 113ms
112ms Image
image/jpeg 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2022/12/Figure-3-Price-details-of-DuckLogs-malware.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

24cef64cc88d12267c974f045596734e2d5cd1cc061d4969f06c110b52206d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams MISS
last-modified: Thu, 01 Dec 2022 11:11:05 GMT
server: nginx
etag: "63888bc9-170fc"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 94460
expires: Sat, 18 Nov 2023 15:37:26 GMT

GET
H2 200 Figure-4-DuckLogs-web-panel-login-page.jpg
cyble.com/wp-content/uploads/2022/12/ 44 KB
44 KB 121ms
120ms Image
image/jpeg 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2022/12/Figure-4-DuckLogs-web-panel-login-page.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7ca11be0a225dfbd8b93ceab545a5994ca4462227253ceb79a500fca04593515

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams MISS
last-modified: Thu, 01 Dec 2022 11:11:36 GMT
server: nginx
etag: "63888be8-aee4"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 44772
expires: Sat, 18 Nov 2023 15:37:26 GMT

GET
H2 200 Cyble-Demo.png
cyble.com/wp-content/uploads/2023/06/ 84 KB
84 KB 14ms
13ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/06/Cyble-Demo.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0427349d2020319a07c730eb5c5cb8ee988339b37ea834a0e0e19463d7ff324d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 26 Jun 2023 08:04:44 GMT
server: nginx
etag: "6499469c-14f03"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 85763
expires: Thu, 21 Sep 2023 18:18:57 GMT

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/ 38 KB
7 KB 180ms
162ms XHR
application/json 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.4110&X-HubSpot-Static-App-Info=forms-embed-1.4110

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c50793d6519f290cdf7ac7d324deac5cf3258db48ea4693e6316e0f85f917200

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Sat, 11 Nov 2023 15:37:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 6535cbeb-8064-4e4c-b184-60d289e77b7d
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 27
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6535cbeb-8064-4e4c-b184-60d289e77b7d
Server: cloudflare
X-Trace: 2B24B46526FE8BAC3B1C5CEC6EC5CDFD32581A111A000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://cyble.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 82479dd219c72bb0-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-8c9pm

POST
H2 200 /
cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/ 15 B
302 B 834ms
834ms Ping
text/html 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

88aaa00ed63445a1d87d9d2c4473d0b8ed19a8365c8fdfa5b4ce13580229fcc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarysPaagSypGSVaMwvD

Response headers

cf-edge-cache: no-cache
x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000
content-encoding: br
x-ac: 2.hhn _atomic_ams BYPASS
server: nginx
vary: Accept-Encoding
x-nitro-beacon: FORWARD
content-type: text/html; charset=utf-8
cache-control: no-cache
host-header: WordPress.com

GET
H2 200 fa-brands-400.woff2
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 75 KB
75 KB 8ms
7ms Font
application/font-woff2 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 08 Nov 2023 16:07:37 GMT
server: nginx
etag: "654bb249-12bdc"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 76764
expires: Thu, 16 Nov 2023 20:59:01 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 77 KB
23 KB 50ms
28ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.2.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79371284e1052bf1e88b017d78ece22e4a39bb58b520a3f3ee3c545b273ae8f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding: br
age: 51
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.676/bundles/project.js&cfRay=82479c9598bf91d8-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"01bab0289dcd8ac651a7405f40ec59a4"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.676/bundles/project.js
date: Sat, 11 Nov 2023 15:37:26 GMT
x-amz-version-id: QsIa1V6BkpY2avVuCaY7zCDykE83Ad58
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 99e8fde1-cc2b-4755-ba1f-159f9f01fc46
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-request-id: 99e8fde1-cc2b-4755-ba1f-159f9f01fc46
last-modified: Thu, 09 Nov 2023 11:48:06 UTC
server: cloudflare
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5hworcveoNblQ0tQrlLLycsvm82Idqyqj6ZkEAFxP7vxTVnDBrwYpZgtn8FNGruU0hCbZ52BlUB%2Fq4yETmNSbXiKOVMXE370bvVLpHPJRKANbquA5nsvYrHbyDCxm7bNMpznOqJVYcUaoaz"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-jmkhw
cf-ray: 82479dd2adf891fb-FRA
x-amz-cf-id: iJx_EF9KOJGkMLunKeKFwW5VdS3gkvm2Po-jvdDSDNLmyrDKnPeYSw==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 67 KB
20 KB 144ms
122ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.2.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 150a92a328e55d525a998e5bc69e9183ed1c582770a1fb4f679cb05dd6c84a17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
x-amz-version-id: 3zb77h61zT_f5Sq4AmnKjQJSZST_DtJM
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: W4RPX152A8E61307
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 63627f57-328a-4f09-b049-037c379ef471
x-envoy-upstream-service-time: 48
x-amz-id-2: /Iz1SHm29gkraFKqZN5IHXR8vL/M5VDRSfM+89SfzkYLLtXSuHfyRalCaXIzV+JVu+h0GrvK1ckgGNw5hLpj9w==
x-evy-trace-listener: listener_https
x-request-id: 63627f57-328a-4f09-b049-037c379ef471
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 18 Oct 2023 18:55:33 GMT
server: cloudflare
etag: W/"3f96456bdb76d65151e0dd16e11cf6d5"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-snk2v
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 82479dd2a96f3a91-FRA
expires: Sat, 11 Nov 2023 15:42:26 GMT

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1699716900000/ 66 KB
21 KB 170ms
150ms Script
text/javascript 2606:4700::6810:50ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1699716900000/21289959.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.2.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81ca4e463dd4fdddc4c6472a1268e8a0b667ea8486185a3881a9feef60955de2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: G2JGPQ69CDT8YEBE
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 97f91ef1-7b58-441b-a560-a070bf80736b
x-envoy-upstream-service-time: 17
x-amz-id-2: P6ejPLszJu1mJd/zuEh21n7QTJzQdWKhocAFA6hEPUCM6I/ZihzL6y17rXYYrgKTXRGF6IxkPNc=
x-evy-trace-listener: listener_https
x-request-id: 97f91ef1-7b58-441b-a560-a070bf80736b
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 10 Nov 2023 16:23:58 GMT
server: cloudflare
etag: W/"2d34d59f26046c98a2041f267a2209cf"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-576b4d6667-lh5rv
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 82479dd2a80d3688-FRA
expires: Sat, 11 Nov 2023 15:42:26 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 83 KB
24 KB 55ms
16ms Script
application/javascript 2606:4700::6811:f7a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.2.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f7a8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b14289833de1c5b8da19bf0aa86278185dfdbb3113baca8b658fa0ee8a563dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
x-amz-version-id: wH3z2hXmzY083mmKsKR.rBDdNfo.ct1e
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 341
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.14670/bundles/project.js&cfRay=8247957f4f9bbb4d-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 335f95bc-b0c4-4f3b-896b-d53697c3d05b
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 335f95bc-b0c4-4f3b-896b-d53697c3d05b
last-modified: Mon, 06 Nov 2023 17:38:05 UTC
server: cloudflare
etag: W/"16a6c607eb7d2279e56c6ae6291e6de2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-hlwpz
cf-ray: 82479dd2bb411c9b-FRA
x-amz-cf-id: 8YTVCU9xo7SCj5pNxCcdq9Gpvd0qmsdzE4r26SU3TdvvgPiiKS9Qrg==
x-hs-target-asset: conversations-embed/static-1.14670/bundles/project.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 50ms
17ms Script
application/javascript 2606:4700::6812:7a0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.2.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7a0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee041148b4d2b4bfb2a9dbff837265a3484bb6ef80a18174ee45309237654c74

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding: br
age: 14696
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1275/bundle/main/lead-flows-release.js&cfRay=824637070ee46d79-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"df7c200fc1e8a1a0c9d50df4fbec7e86"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1275/bundle/main/lead-flows-release.js
date: Sat, 11 Nov 2023 15:37:26 GMT
x-amz-version-id: RTyeMetKvg_dT1r75rKZucXAeC83sdPJ
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 22bb8d33-7566-4bd9-a0a9-81703ef00478
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: 22bb8d33-7566-4bd9-a0a9-81703ef00478
last-modified: Wed, 25 Oct 2023 14:35:17 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-pw49x
cf-ray: 82479dd2bdb76957-FRA
x-amz-cf-id: tQAUoM9kAIUdX-LD4v4o-yiUCVL-khlUqoIalebeMJANxUyvWT_XuQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
71 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2b3ca18ab60a00c8559ed15c4b364dc59742457a540eae69b60b667884db4f86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72676
x-xss-protection: 0
last-modified: Sat, 11 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 11 Nov 2023 15:37:26 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 55ms
9ms Script
application/javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Nov 2023 07:18:39 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=30634
accept-ranges: bytes
content-length: 3840

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 53ms
16ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 11 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6465
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 11 Nov 2023 15:49:41 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 2 KB
857 B 125ms
125ms Script
application/javascript 2606:4700::6810:bb59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4225ae63df8a0c865d40b02b055857a1283e908ca807dced41985e08972b6fec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 43c60e05-5ebd-4c97-9b78-1ebd3018bad4
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 43c60e05-5ebd-4c97-9b78-1ebd3018bad4
last-modified: Sat, 11 Nov 2023 15:30:50 GMT
server: cloudflare
x-trace: 2B8E925CED0B035B6FAB8121D230CEC50C6EFB173A000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-td5cb
cf-ray: 82479dd2aaad71bb-FRA
expires: Sat, 11 Nov 2023 15:38:26 GMT

GET
H2 200 hf2o0cm7gp Show response
www.clarity.ms/tag/ 650 B
1015 B 164ms
109ms Script
application/x-javascript 2620:1ec:bdf::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8d221e56b16a1c51416da4631cbaa1473b6866ed4ced5e692359b3379ff3709b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

expires: -1
date: Sat, 11 Nov 2023 15:37:26 GMT
x-azure-ref: 20231111T153726Z-d2q2xwkvqx4a38rh7yqz3s4mh8000000029g00000003aa3d
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 52ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe3b81v9106873920&_p=1699717045817&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=10001&gdid=dZTNiMT&cid=732653862.1699717046&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699717046&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&dt=Cyble%20%E2%80%94%20DuckLogs%20-%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2193
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ELNAF2EZDFHJRAP3ODLCUU Show response
d.adroll.com/consent/check/ 482 B
575 B 142ms
38ms Script
application/javascript 2a05:d018:cc3:fe04:fcdb:3dce:d8d6:7d53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=10237753645.129776&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&_s=3ccc7cbb101451c33610cd111425c0a1&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:fcdb:3dce:d8d6:7d53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 43c8d7eea6663dfa29e870ed4803e36bea95e068084fbaea1ce09c0e2f775c3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
server: nginx/1.22.1
content-length: 482
content-type: application/javascript

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 13ms
12ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 15 Oct 2023 08:32:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=61808
accept-ranges: bytes
content-length: 3272

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 23ms
22ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je3b81z8868834701&_p=1699717045817&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=10001&cid=732653862.1699717046&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699717046&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&dt=Cyble%20%E2%80%94%20DuckLogs%20-%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild&en=page_view&_fv=1&_ss=1&tfd=2298
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 14ms
8ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=14319&tz=-5&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A12.9-a.1&host=cyble.com&ref=&fcp=1973&rand=0.5643876654319913
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 11 Nov 2023 15:37:26 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
cyble.com/wp-includes/js/ 18 KB
5 KB 7ms
7ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"63db0985-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/ 4 KB
1 KB 1115ms
1115ms XHR
application/json 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/?relatedposts=1

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7bd7eefaa2b36027b0fb0b4bfb805f93de0d8db06ce50c0164b6ae2fdbb8bc5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
x-requested-with: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

cf-edge-cache: no-cache
x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
x-nananana: Batcache-Set
x-ac: 2.hhn _atomic_ams EXPIRED
x-nitro-disabled: 1
host-header: WordPress.com
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-nitro-disabled-reason: ajax
server: nginx
vary: Accept-Encoding, Cookie
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache
x-nitro-cache: MISS

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ Frame 908B 559 KB
178 KB 26ms
25ms Script
application/javascript 2606:4700::6810:8bce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063746967871d4216965a4986fe8364aa66625bc5da5dd9d4c356d863b5c51da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding: br
age: 593
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4110/bundles/project-v2.js&cfRay=82478f5ccece4d74-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"c29a551e477ae940faf937d9f051c067"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4110/bundles/project-v2.js
date: Sat, 11 Nov 2023 15:37:26 GMT
x-amz-version-id: 2.K8Uxn1o3u0mUGuPox8BfBcKB0lZg3T
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 33e9980c-4724-4158-9840-7ed3eda2956a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 33e9980c-4724-4158-9840-7ed3eda2956a
last-modified: Wed, 08 Nov 2023 09:25:28 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAWs%2Fheyi1zV%2BAb2kekWk%2BuVT7VQz5XkvI9M7IJvBgrhcMaAP%2BDMMbs%2FO73xSDsIh7c%2FB3VzmZCb5l%2FLBe65QMllmpFD1K6095kmYwyKojNzxKxuptf03pE2HLJb%2BmCHdBnm3X%2FgaiPzheOS"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-j8qxr
cf-ray: 82479dd3ba214d91-FRA
x-amz-cf-id: w-fkrLS96eKnvF7SxQYkBaowMLt9ZL2mP6-I888SAaTSxy4TS8CyNw==

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 246 B
987 B 139ms
139ms Fetch
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97824daa6d5a75e1aa86b8148af2fa935276f4aa8abe1d050fd861d325a5686e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a2ee99a8-d37f-4785-a518-eea7758ae28e
content-encoding: br
x-envoy-upstream-service-time: 15
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a2ee99a8-d37f-4785-a518-eea7758ae28e
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQfMfAQzNcRmP1Tot3ZBXbKvsRCLoCkD5Zw7%2FQZtoiCcEH%2FI1SVHTGh4MQgrxsMW9JUOgth0JaNc7CZVYqEcrxHfxGlTfMGr69NZIkPxidDkYKJsLGf0QzpycDo1Zv9sMnWpKOW97C35Tps4ZbhzteGCreluXJvoDec%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 82479dd3beae91fb-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-8c9pm

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 147ms
138ms Preflight
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.14670&mobile=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&traceId=a7d7edb97f0c4f979ce70b2e3a385765

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyble.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 82479dd3dee491fb-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Sat, 11 Nov 2023 15:37:26 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qqpgdCSik7tw0E9Rzlf%2BmVr1hwBOZlR6vu%2BhhnJVvnekCIxINbI%2BUdUre3fd%2Fr14vPDlvgiiLt1rpWW7gU08bOe1zVVKpZ7CLWsa6wkDAhsFVB5NpdrKwrSBg0VWMfCHSQp5Fom3nzSqGg%2BgTw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-zd7c5
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: e39c8646-c617-4611-990e-65f0e3cc92d9
x-request-id: e39c8646-c617-4611-990e-65f0e3cc92d9
x-trace: 2B873668382B007A76121DC1FB9E9D3657E97BCB41000000000000000000

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 205ms
205ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63bcc9a1cd3428ff4089bb4cb7f38809aa676fcd1dc599797051b6413456d3c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: dbfea8b7-f654-4ed6-848c-92c144c5abd0
x-envoy-upstream-service-time: 77
content-length: 1305
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dbfea8b7-f654-4ed6-848c-92c144c5abd0
server: cloudflare
x-trace: 2BC613EC9B83A86D5C030D9E87C357DF0EAA0417D5000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-xkwpr
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9FxN2Yx6UA4Ce6hD50%2Fk6NU9S63rSVPEPTLErt%2BI7Z6v7GbOCVkBo0Z2L%2FzQlfXZd%2BDqTcHVyKzo63kbOzJ%2BVZYf1mnolbzXSXKIjki3WsgX67SrRSnYJwmaXuN0AqjIQvRtW9GOCaM%2BBnnY1A%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 82479dd4bf8691fb-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 77 KB
24 KB 32ms
32ms Script
text/javascript 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 04973f96fb9c6e41af1fc9486d48e8936d01498f8eedb266616bacd866e2e6c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

X-Amz-Version-Id: WR87b7q5q8oup3pL2O5SSN.NVO0Ke7cd
Content-Encoding: gzip
Via: 1.1 a84e87b6b82308dbc0e331c3e28c23c6.cloudfront.net (CloudFront)
Date: Sat, 11 Nov 2023 15:00:29 GMT
Age: 2218
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 31 Oct 2023 15:28:28 GMT
Server: AmazonS3
Etag: W/"c7df5f519bb5d8f62bef23196a8ec659"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: KqE96i0YtwU7M7IXjbTCx3cz5mKhek1uwXLX4xHZE1n1i7Rw7U33tg==

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/ 16 KB
5 KB 228ms
175ms Script
application/javascript 2600:9000:214f:9000:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9000:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

envoy /

Resource Hash

9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
server: envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
etag: W/"9bd0e6149c66576fdc7ae464697b7327"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: PRhJbDqFuhZwMp9ihXvDWo14IJI6OK4xUNJI3Bvp15uFOkQ_Z6yVDA==

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 10ms
8ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 15 Oct 2023 08:32:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=61808
accept-ranges: bytes
content-length: 3272

GET
H2 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
969 B 7ms
7ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.17.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

168b0b3e4dad8dd251775a64bfd2eaaa3fec94b04971043eebc16665757ab151

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Nov 2023 16:07:37 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654bb249-550"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Thu, 16 Nov 2023 20:59:01 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1699717046438%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true&liSync=true&e...

0
264 B

215ms
162ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true&liSync=true&e_ipv6=AQLJk6EZzyjQRQAAAYu_B-Lv_M_j2juICcIQbWQkqjKhGHsaKkaeechUbKLcfqTLHYrFsb9JPzh_jQ
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 62A804A35F494B2EB5328701546914EB Ref B: FRAEDGE1511 Ref C: 2023-11-11T15:37:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJ4jbSSEohUrI/53TB2w==

Redirect headers

date: Sat, 11 Nov 2023 15:37:26 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 59F704CBB81E4417BC31B1069E719A34 Ref B: FRAEDGE1807 Ref C: 2023-11-11T15:37:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1699717046438&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cookiesTest=true&liSync=true&e_ipv6=AQLJk6EZzyjQRQAAAYu_B-Lv_M_j2juICcIQbWQkqjKhGHsaKkaeechUbKLcfqTLHYrFsb9JPzh_jQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJ4jbOW8GL6J+OX4W2xQ==

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.16/ 59 KB
25 KB 176ms
176ms Script
application/javascript 2620:1ec:bdf::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.16/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 354142e53641e1e72a89609e46eff578e69d762290d65d84acaaf380751c20fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: br
last-modified: Wed, 08 Nov 2023 11:11:51 GMT
etag: W/"0x8DBE04B8283FFCB"
vary: Accept-Encoding
x-azure-ref: 20231111T153726Z-d2q2xwkvqx4a38rh7yqz3s4mh8000000029g00000003aa5g
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 42b3ba36-801e-002a-2158-13f1cb000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 418 KB
56 KB 10ms
9ms Script
text/javascript 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47e5ff66931402cb5755d7eed98a6d23ee556a7f8e9c1dd340d351c27f669a0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

X-Amz-Version-Id: wD7IUQmRA9PUuld8lU58FBeuMlOqC6p6
Content-Encoding: gzip
Via: 1.1 a84e87b6b82308dbc0e331c3e28c23c6.cloudfront.net (CloudFront)
Date: Sat, 11 Nov 2023 15:36:50 GMT
Age: 38
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 05 Jul 2023 21:39:27 GMT
Server: AmazonS3
Etag: W/"3306a47faf7223d93fb356e8a73d1942"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 6vGaaEdoasYwndQjGVSt71JHLQ3AbY8KyUV5Zj_i2dnWzR26GN9TBw==

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
625 B 141ms
129ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c4be08f2-bd56-4433-9481-bbe24e00b35e
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c4be08f2-bd56-4433-9481-bbe24e00b35e
server: cloudflare
x-trace: 2BCD9A6ECCACC37FFD2A959B00BE1221AE1D3649E8000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-trgn5
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 82479dd4ae2c4d8f-FRA

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1015 B 140ms
119ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 15:37:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: cb6d7815-fe71-4b70-bc55-12dea21557de
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cb6d7815-fe71-4b70-bc55-12dea21557de
Server: cloudflare
X-Trace: 2B49FF0D0838309568FE1EBE385D8DB37FC5090FB3000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-gg9tw
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 82479dd4ec0a4dc7-FRA

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 10ms
9ms Image
image/png 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Date: Fri, 10 Nov 2023 16:18:02 GMT
Via: 1.1 a84e87b6b82308dbc0e331c3e28c23c6.cloudfront.net (CloudFront)
Age: 83965
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: hgpxiJ0X2MjqOvYJLztMdtnE-s-Kwu_L1EF3QmiyISvjcyQXWW5hNg==

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 144ms
125ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 15:37:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 39c8f69c-4d4b-4692-a509-64cad06e495a
x-envoy-upstream-service-time: 4
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 39c8f69c-4d4b-4692-a509-64cad06e495a
Last-Modified: Sat, 11 Nov 2023 15:37:26 GMT
Server: cloudflare
X-Trace: 2BEB58B2F6350F87C8521B43AD5916898EB62D5390000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-wk74s
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 82479dd50dd49247-FRA

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 161ms
161ms Stylesheet
text/css 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 85016d81a1b51d8867123c56433b2e638844aac2e3dfe64fd79acc1f11c6f983

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: br
cdn-edgestorageid: 1110
perma-cache: HIT
cdn-storageserver: LA-244
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Wed, 08 Nov 2023 17:53:45 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 389
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"654bcb29-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: a885c0c0e47973a40e8fd0242c8a0f59
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 r0hediyvvmvme9sqc9m4 Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 170ms
103ms XHR
application/json 18.66.112.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/r0hediyvvmvme9sqc9m4
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-19.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 283547740fcb77b2440b432515bfb0437fcbcb49dae73c5835d0087dcfd54a31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: FRA56-P5
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-campaign: r0hediyvvmvme9sqc9m4
x-user-agent: standard--
last-modified: Mon, 21 Aug 2023 11:57:48 GMT
server: Pagely Gateway/1.5.1
etag: W/"b68a1a774bac47ced8f1623f6053bc08"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: pmbspftLBKa1SqshRDNKJ4O4ojvvMmCfYLIpM6Ka6FoXbyQcEIBJ-A==
expires: Sat, 11 Nov 2023 15:13:06 GMT

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 0
170 B 342ms
301ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: envoy
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
content-length: 0

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 168 KB
45 KB 426ms
385ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600

GET
H2 200 a7d7edb97f0c4f979ce70b2e3a385765 Show response
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 8833 53 KB
20 KB 273ms
230ms Document
text/html 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8b2b184147a6b52a221baa07cb1e2906281d646afd0e460133835911689bb9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
age: 2119
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 82479dd64aee5d9d-FRA
content-encoding: br
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.17122/html/index.html&cfRay=82479dd64aee5d9d&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2Fa7d7edb97f0c4f979ce70b2e3a385765%3Fuuid%3Da77f412e188e4dd3b3e15fd0755d430c%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3Da7d7edb97f0c4f979ce70b2e3a385765%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fducklogs-new-malware-strain-spotted-in-the-wild%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&cfenv=prod&pdt=2023-11-11&csp=ro
content-type: text/html; charset=utf-8
date: Sat, 11 Nov 2023 15:37:26 GMT
etag: W/"a219031c7ab1547831df1cb9570aa446"
last-modified: Mon, 06 Nov 2023 17:38:05 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=82479dd64aee5d9d&resource=conversations-visitor-ui/static-1.17122/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
x-amz-cf-id: KI7FfUl2KZE_E88nTrYfq6dzRLtMbiBasoChHCKYBvNbPtqVfuLLCA==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: ooAiPfm6ITboXXVZjUE3VAq.MN.YFgbb
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 6
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-hgc92
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.17122/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: e0888861-ae81-4212-aafd-119c51c4a914
x-request-id: e0888861-ae81-4212-aafd-119c51c4a914

GET
H2 200 5.c3191d3c.min.js Show response
a.omappapi.com/app/js/ 16 KB
6 KB 161ms
160ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.c3191d3c.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 745b79544835c8ee16198c039bdde0b6ec42333c0f830df5770bd4dcd60a6ac6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: br
cdn-edgestorageid: 999
perma-cache: HIT
cdn-storageserver: LA-457
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Wed, 25 Oct 2023 17:46:02 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 465
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"6539545a-4146"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 09ee49b0c349420a43c0e840b549d44a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
289 B 922ms
230ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.16/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Sat, 11 Nov 2023 15:37:27 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
205 B 22ms
21ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=237982722&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&ul=en-us&de=UTF-8&dt=Cyble%20%E2%80%94%20DuckLogs%20-%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAAABEAAAAC~&jid=853957450&gjid=1286006496&cid=732653862.1699717046&tid=UA-201575643-1&_gid=401737254.1699717047&_r=1&_slc=1&gtm=45He3b81n81PMWT557v868834701&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=1000h&z=813721111

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 3 KB
2 KB 65ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1699717046211&cv=11&fst=1699717046211&bg=ffffff&guid=ON&async=1&gtm=45Pe3b81v9106873920&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=1000h&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&hn=www.googleadservices.com&frm=0&tiba=Cyble%20%E2%80%94%20DuckLogs%20-%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild&did=dZTNiMT&gdid=dZTNiMT&auid=393356173.1699717047&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7754dd2599dac84ce144bf479b0fdb27c1bf255c7462dfecf2f3d69d9100e30b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
342 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c0d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=732653862.1699717046&jid=853957450&gjid=1286006496&_gid=401737254.1699717047&_u=aADAAAAAEAAAAC~&z=1516336968

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 11 Nov 2023 15:37:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
455 B 65ms
29ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1699717046211&cv=11&fst=1699714800000&bg=ffffff&guid=ON&async=1&gtm=45Pe3b81v9106873920&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&frm=0&tiba=Cyble%20%E2%80%94%20DuckLogs%20-%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaNEFHqgTBZerheBsZEMztEWup3TsmFng&random=3428749031&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10996750928/ 42 B
455 B 63ms
28ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10996750928/?random=1699717046211&cv=11&fst=1699714800000&bg=ffffff&guid=ON&async=1&gtm=45Pe3b81v9106873920&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&frm=0&tiba=Cyble%20%E2%80%94%20DuckLogs%20-%20New%20Malware%20Strain%20Spotted%20In%20The%20Wild&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaNEFHqgTBZerheBsZEMztEWup3TsmFng&random=3428749031&rmt_tld=1&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4.1dae6b4d.min.js Show response
a.omappapi.com/app/js/ 48 KB
14 KB 172ms
172ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.1dae6b4d.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 8d7293476de0d15a9417a6f896f642845e90a174c74455e095f5f9a69768b51c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 1000
perma-cache: HIT
cdn-storageserver: LA-355
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Wed, 01 Nov 2023 17:12:10 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"654286ea-c029"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5dcce4186468f50767d3dba2d372f8dd
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.368/ Frame 8833 44 KB
16 KB 57ms
19ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.368/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
x-amz-version-id: wWLMJ6qW0lXJfco2m026CzodYMop32jV
via: 1.1 bc3ecf5f025b0be9b8c39c5dd2dace2e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 35869
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=82479dd80db1bb79-FRA
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 11 Jul 2023 18:31:41 GMT
server: cloudflare
etag: W/"63ec2a77119dfb2ddcae56ab3a029230"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4EpbGrNn9fnHfCqTz%2BecX3hrPMJ2a0ZEHHkWS7HBMKpaQ04M8LQoZJ7QL5YXclJZIsBT5ur%2FU0YMmQ2WFvAt7mD190dmxnX0icBieFE9Q5gZ%2BDBZj3CdBimG9%2BbN6jR8o%2BrnKHOGNAzjqd2165zjsseN0k0%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 82479dd80db1bb79-FRA
x-amz-cf-id: 2X3pLVRzgECYwe9GSeKWWVKChduc-2ab20vkPSJKNcgENi3Y6mgfAA==
expires: Sun, 10 Nov 2024 15:37:27 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/ Frame 8833 19 KB
4 KB 55ms
17ms Stylesheet
text/css 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

405767448d618a7a326a509bf3c8484414ddf0f9518dad53f90794e7796bdde8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
x-amz-version-id: 8JK3Qs8SBE2zTXCiSEFRAiP414rxQpaa
via: 1.1 81cb77eb84eee291ebbd90b4c274c1c4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 781537
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=82479dd808309177-FRA
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 02 Nov 2023 14:28:10 GMT
server: cloudflare
etag: W/"686ebda4c47b0bdb5d9460221c8036d1"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BfCY9QAesU64FSuHpluBBY%2FU2DxhyBMObrDWydK8iJsdiKYh3seHkHtkVRImUJvyjQHpjYMUNlQtoT4SZYa9AvZojlDcOzs6kw0SZa%2Fl2SoepvLeImhEpX%2B29RntdXT5Zsw0D5cFxExdq%2FQxdoGOoavB%2Fs4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 82479dd808309177-FRA
x-amz-cf-id: XAmGmHmQYEqjqhHPPevAtB1jEI0-plEeloYw7uUqC4qdFSfBgXs8rQ==
expires: Sun, 10 Nov 2024 15:37:27 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.486/ Frame 8833 295 KB
95 KB 56ms
18ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.486/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd71f4fb37229dbdec8d1f0ac68279c3ca75ef139c5c13b3cd7dc7bd556550d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
x-amz-version-id: 1H.GX9zp_AREjaA8oaNRTIyhLkZUd.2i
via: 1.1 104bdf965b5b1cb596af463b142160de.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 203761
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=82479dd80db2bb79-FRA
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 17 Oct 2023 17:50:27 GMT
server: cloudflare
etag: W/"2e7cc44968faafb72dd2b1fd707e3e6f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrj8WTdHf1KzQMFDI1q07gPECAy6I6rLpdgobzri53kZGAIP6NXpsuLYthQTO9ej4nZYTyjBdESeHW%2B3m%2BqQe%2F3xs2eE3Uxy5z8hOmbMyJ6vhS7K3FfeV1%2BFD0mYt%2FBZGumSRifeE%2Fl3Hhx%2FeLV%2FhWlTmGM%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 82479dd80db2bb79-FRA
x-amz-cf-id: RLRgtuavSchfN2yCzqlW6Ai1Kh2-aZnsLSjH51lt158gxT-ndlX2nQ==
expires: Sun, 10 Nov 2024 15:37:27 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.17122/bundles/ Frame 8833 641 KB
189 KB 57ms
19ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.17122/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

522dd061c8eb95afbacf1102f7b6fe29c8f7b0802cf7797130460153fa849417

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
x-amz-version-id: fAldLO0eD7X59snShxMe1OigXr.ZuwYL
via: 1.1 c0f1616474eb5ab66a150ca4467bd724.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: AMS58-P5
age: 424751
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=82479dd80db3bb79-FRA
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Nov 2023 17:31:32 GMT
server: cloudflare
etag: W/"c9560cf11dd3f96a0dda5c05b56f6f4a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGQDJNBZ4mXAM9BrZsCbuKrWENvP6C%2FelmucYMaHRiA2hQ2iaqNp59eiK0EFHHEpfJu72kqKKGm5QLSM3AuNKdca54SIp9JVK1RW0FZmfs%2FWfjmSaB%2BzJMNrJheSYVr22ifcB8O3dI3X%2B3sXQgmCYaqPYZ8%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 82479dd80db3bb79-FRA
x-amz-cf-id: Qij47JW4epKNU0EDzyvxZT36P3gDpAL8_K16hf7t0FYJZubxlW9lEw==
expires: Sun, 10 Nov 2024 15:37:27 GMT

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 207ms
171ms XHR
application/json 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://cyble.com
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials: true
access-control-allow-headers: Authorization, API-Version, Content-Type

GET
H2 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.17119/ Frame 8833 841 B
1 KB 22ms
22ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.17119/i18n-data-data-locales-en-us.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b427c033491f4d078ec15060f313e298970ea7c5088c546187d328f43c5f3be7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
x-amz-version-id: eHlmZvPWg1f9KRJDaQdBpge5yeJdBizZ
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 302994
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=82479dd8ae8cbb79-FRA
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 03 Nov 2023 21:44:29 GMT
server: cloudflare
etag: W/"660748a97771568466d665e05102f86a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZKkcHRz8dkgzQsXiLPmGfX2PJdj5ZN99ck1ZZv5GHDF%2F8wkNUjOniosh%2F2ALCVTVhZWcWNfpn7lg15Hi94nsQJMHtjB4jZp%2Bf0bzW%2BINlmj34aATUqMIXj%2Bph4zyVqM4GrK4CSoPzyqQ46MI1mX8uNu6Ig%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 82479dd8ae8cbb79-FRA
x-amz-cf-id: uYK-IGZSvSj3P-tzjmG1mWzQQo6n2mKhaaNHLZrpvxoKI6ZigBOt9A==
expires: Sun, 10 Nov 2024 15:37:27 GMT

GET
H2 200 17.24171f7e.min.js Show response
a.omappapi.com/app/js/ 975 B
1 KB 161ms
160ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/17.24171f7e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 900
perma-cache: HIT
cdn-storageserver: LA-389
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Tue, 12 Sep 2023 04:06:13 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64ffe3b5-3cf"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: ca6f0201d1a48ae0f37e2b6da67e0183
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 19.b93023b7.min.js Show response
a.omappapi.com/app/js/ 4 KB
3 KB 168ms
164ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/19.b93023b7.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 263c3a799ea39e2db3c3347bab23a9f98990d9d9633d2d8b833d8766c3dc2b36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 999
perma-cache: HIT
cdn-storageserver: LA-342
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:48:14 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f4e-10b0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 0013b1fe7614fc357cce2905e0e4010a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 27.78393e5b.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 175ms
170ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.78393e5b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 5405f21fd05a73a76a85b2021b366df4dcd00dd93ad956d671776622ea5e1ffc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 1109
perma-cache: HIT
cdn-storageserver: LA-357
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:48:15 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f4f-1973"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 415fa5e77a475b24e60cba40eb0dbb22
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 32.b9065693.min.js Show response
a.omappapi.com/app/js/ 11 KB
5 KB 218ms
214ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/32.b9065693.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 1114
perma-cache: HIT
cdn-storageserver: LA-357
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:56 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f3c-2c41"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 1b5d4856d028ed8a5d54d20243f82fe0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.970fc188.min.js Show response
a.omappapi.com/app/js/ 33 KB
10 KB 189ms
185ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.970fc188.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 17c637303b3f9d684a1cd953b7999c1c75dc76b644a82dccf29303710d3990af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 993
perma-cache: HIT
cdn-storageserver: LA-342
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Wed, 01 Nov 2023 17:12:12 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"654286ec-82ae"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: d3220ae0e56513eddfcfd4926dde7d43
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.514c5def.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 240ms
237ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.514c5def.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: a0746aee5a2b0032d3d664b8383d97bb3e1f0dce11ececfa1258072a704b1a72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 995
perma-cache: HIT
cdn-storageserver: LA-295
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:37 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f29-1d49"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 24ad5516940400d54706e12da7ecb780
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 9.c66ab701.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 218ms
215ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.c66ab701.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 8ad9a6bcdc20b0bb29576b861332e7b11719bd11af68024d7676724574070f05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 912
perma-cache: HIT
cdn-storageserver: LA-342
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 18:28:00 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"650896b0-879"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5d3cf07d37830f9782ef61641c49deb0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 11.38e902ad.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 233ms
230ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.38e902ad.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: c110d3e795d9bcb956d5c9ef500d23c7e480a259519d383d5c626293ee413815

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 907
perma-cache: HIT
cdn-storageserver: LA-389
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:37 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f29-a40"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 2c58977ed30747e53d0c86b9bd7a8f0d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 28.377be946.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 232ms
229ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.377be946.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 8f927cd54d7ef0ffd667f6537f9a9f3ef56fd8f86b32c8dfd534c29da2f2242a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 1001
perma-cache: HIT
cdn-storageserver: LA-389
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:51 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f37-d7b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 478a99c9b02d16c2e17b4d829c006024
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 26.1898e425.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 223ms
221ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/26.1898e425.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: c6fd60d4ecfcac36ecdcb7456ecf170d8eef75c883a1e34a4dd7855d23966cd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 998
perma-cache: HIT
cdn-storageserver: LA-342
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:40 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f2c-6b6"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: d425d76801f9089420ef3fba6194b9c9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 16.0e435a6f.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 315ms
313ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.0e435a6f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: c4fbf61bcc8a017d5d9cd2d95105bf88005bc0a3b6c18be6bfee8fc94d0adf52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 912
perma-cache: HIT
cdn-storageserver: LA-244
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:35 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f27-51f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5aeb0f6c7ee90a608b6aa3d81b97c9c8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.ea963399.min.js Show response
a.omappapi.com/app/js/ 11 KB
3 KB 332ms
330ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.ea963399.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 6507a044d207a767ec2971e891b149b58d6d32a6ee1b18068a6d6dd36bc5fa9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 984
perma-cache: HIT
cdn-storageserver: LA-356
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:48:32 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f60-2abc"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 34e4b0d88212f780ed5acb85168e3b21
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.5aa698b1.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 317ms
315ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.5aa698b1.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 5c756ba00bc22ff5690e08fc74aa2c70cde9b692a4acb7ca813a9dc7168c27d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 953
perma-cache: HIT
cdn-storageserver: LA-244
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:35 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f27-81f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: c18b8bdacfe8a514e53553bc35c97d84
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.9757d45d.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 332ms
330ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/22.9757d45d.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: eef6905a10fc006637486692b9f493a373aabd7ec439fa81a99204ee389b2716

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 1002
perma-cache: HIT
cdn-storageserver: LA-389
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:50:41 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087fe1-5a1"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 1f706ea978bce0bed1b856aba3a5e0c2
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 18.ca86437f.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 332ms
331ms Script
application/javascript 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/18.ca86437f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 220b328b851303eea8cf0c0bff31365783e87438e803e6d02bec6a5e0492f907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: br
cdn-edgestorageid: 996
perma-cache: HIT
cdn-storageserver: LA-357
cdn-cachedat: 11/10/2023 15:38:59
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:50 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 457
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f36-7a4"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 3d173710eea920a7ff045d43bf080cad
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ Frame 8833 49 KB
19 KB 35ms
7ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1216.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id: MElzWumrf8lREc3kORDlSWHVtEZAK4m8
content-encoding: br
via: 1.1 varnish
date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=300
x-amz-request-id: 32QYX7CYP3SVBZFW
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 19141
x-amz-id-2: zpeR4hGaPEJ8N7wSToPc/Hl82I0OLylMeS61mx1asKAiLpidjrtRXbureUy+SXI/0YTrVdkpkJA=
x-served-by: cache-fra-eddf8230089-FRA
last-modified: Wed, 18 Oct 2023 21:31:16 GMT
server: AmazonS3
x-timer: S1699717047.223833,VS0,VE0
etag: "63e2df852d15ab21d7ff8fc4363222e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 126186

GET
H2 200 hawk.png
labs.cyble.com/hs-fs/hubfs/ Frame 8833 4 KB
5 KB 154ms
71ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.cyble.com/hs-fs/hubfs/hawk.png?width=108&height=108

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-83412232556,P-21289959,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 4194
cf-resized: internal=ok/h q=0 n=23+0 c=54+48 v=2023.9.8 l=4194
last-modified: Tue, 30 Aug 2022 08:53:18 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfLv25S9_RZ9mVF-YFCFUfZcZkUn9Bg2vL7Sxl6y2PDQ:ac94ce2bd2684e2d18ebb6c3988701dd"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T12pmVQIk%2BjNo9GsNZS5eZTi7KxmvGXM4y86DPs6mzxAYwfcEvdJtY5b%2Btq9dPUKcJFS4sZifXacUmTwUbDJUAtOZstkacCIyQNY8bfVnlWCyUUu0i6%2Fz97PgP5AmvzzvDJ1Qk%2FGD7ScMYE3"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 82479dd9baed9b7d-FRA

POST
H2 204 rhumb
app.hubspot.com/api/cartographer/v1/ Frame 8833 0
1 KB 132ms
132ms Ping
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.17122

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.17122/bundles/visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 84827a18-fb3d-43d1-b02a-ebdafdf24933
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 84827a18-fb3d-43d1-b02a-ebdafdf24933
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2FA8ZQIiK1UaOiGEuqYBCTUzymKI5yygOMa3MTXyN%2F40jvNfCEO9KnfZ4AI4hsZ4XJ5zUQU2RcueLfC6P6e6BIwsJANYzef7OLx8PuMMz2DnoylExFX9xXZ86JnfKnDg21JYY0PFF3IZuiZAoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-xz9vh
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure
access-control-max-age: 604800
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 82479dd93ded5d9d-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer
timing-allow-origin: *

GET
H2 200 welcomeMessages Show response
app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/ Frame 8833 982 B
1 KB 169ms
169ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.17122&conversations-visitor-ui=static-1.17122&traceId=a7d7edb97f0c4f979ce70b2e3a385765&sessionId=AMOaWbIM7j8omfB-UvvK7SfnO-LlZ_ZhQCnXWD28vjQH7l6oWynUaT3slW4BQ68hguIPxUYPocbgMdwRs6fk9jfsHiiZaD0BNtv8M06rNI_jGbOj3Ox93VlW07yTBSIm6znStUPK4ifroU3s41l0Lapxk5VLBNOumeyOB_0puWMHVgBkQmgrNak

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29b67cf347a26c13a8ccf48116769f370373c0ec49a6753afd16bf0408e7df42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a74ad797-9124-494c-9793-30335953c892
content-encoding: br
x-envoy-upstream-service-time: 27
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a74ad797-9124-494c-9793-30335953c892
server: cloudflare
x-trace: 2B1F03C5CC032803125DAA0A1760AA7D605767DCB5000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-58kv2
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NOC4XOxf3JRMhMpnT43djUwvipDnBYwQs%2FztSI2zrTQFOCnG2vmGHoH0RnzKX14y%2F1KW57C8L9tkkXoQ0c4htnW7s6S6bJOwmBikWdbFDihJMawxEKCAeYCCOJvvf7BK%2Fs8EKkTRLyCVRwRhtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 82479dd94df75d9d-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK f9d051f404 Show response
bam-cell.nr-data.net/1/ Frame 8833 56 B
497 B 224ms
121ms Script
text/javascript 162.247.243.30
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=552&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765&be=349&fe=474&dc=443&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1699717046718,%22n%22:0,%22f%22:0,%22dn%22:20,%22dne%22:20,%22c%22:20,%22s%22:26,%22ce%22:44,%22rq%22:44,%22rp%22:273,%22rpe%22:276,%22dl%22:276,%22di%22:442,%22ds%22:442,%22de%22:443,%22dc%22:474,%22l%22:474,%22le%22:474%7D,%22navigation%22:%7B%7D%7D&ja=%7B%22nrSnippetVersion%22:%221216%22,%22environment%22:%22prod%22,%22deployed%22:true,%22hublet%22:%22na1%22,%22hsOlderBrowserVersion%22:false,%22conditionalPolyfillsInstalled%22:false,%22portalId%22:21289959,%22package%22:%22conversations-visitor-ui%22,%22packageVersion%22:%221.17122%22,%22template%22:%22visitor-index.html.tsx%22,%22user-online%22:true,%22visibility%22:%22visible%22,%22currentVisibility%22:%22visible%22,%22isEmbeddedInProduct%22:%22false%22,%22isInlineEmbeddedWidget%22:false,%22reactRhumbVersion%22:%221.9910%22,%22reaganVersion%22:%22react-rhumb%22,%22route%22:%22/%22,%22numReaganChecksStarted%22:1,%22numPreviousReaganChecksAborted%22:0,%22avgDurationBeforePreviousReaganAborts%22:0,%22numPreviousReaganChecksFailed%22:0,%22numPreviousReaganChecksSuccessful%22:0%7D&jsonp=NREUM.setToken
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.30 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 56
x-served-by: cache-fra-eddf8230069-FRA

POST
H/1.1 204
No Content f9d051f404 Show response
bam-cell.nr-data.net/ins/1/ Frame 8833 0
283 B 115ms
115ms XHR
text/plain 162.247.243.30
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/ins/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=780&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.30 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://app.hubspot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://app.hubspot.com
date: Sat, 11 Nov 2023 15:37:27 GMT
access-control-allow-credentials: true
Connection: keep-alive
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-served-by: cache-fra-eddf8230069-FRA

POST
H/1.1 200
OK f9d051f404 Show response
bam-cell.nr-data.net/events/1/ Frame 8833 24 B
344 B 127ms
113ms XHR
image/gif 162.247.243.30
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=783&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/a7d7edb97f0c4f979ce70b2e3a385765?uuid=a77f412e188e4dd3b3e15fd0755d430c&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=a7d7edb97f0c4f979ce70b2e3a385765&url=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.30 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://app.hubspot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://app.hubspot.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230042-FRA

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
1 KB 56ms
21ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.1dae6b4d.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fa1af1cbf201b91b7b02cc4531ded17078f035ca5daec87e9767ca7edb4b3328

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 11 Nov 2023 15:37:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 11 Nov 2023 13:41:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 11 Nov 2023 15:37:27 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.wp.com/s/opensans/v36/ 47 KB
48 KB 8ms
6ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
server: nginx
age: 8412
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 48432
x-xss-protection: 0

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4nY1M2xLER.ttf
fonts.wp.com/s/opensans/v35/ 128 KB
128 KB 7ms
7ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4nY1M2xLER.ttf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

abe9a73c251ad253776da6098f425db4e50bf094dc9edbadee1a6e15622c9b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:27 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 15:15:54 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 130836
x-xss-protection: 0

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v36/ 18 KB
19 KB 54ms
16ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 18:17:36 GMT
x-content-type-options: nosniff
age: 163191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18664
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:36:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Nov 2024 18:17:36 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
482 B 135ms
134ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&t=Cyble+%E2%80%94+DuckLogs+-+New+Malware+Strain+Spotted+In+The+Wild&cts=1699717047655&vi=78016c474647e952a84a51cdf1cc4408&nc=true&u=27441379.78016c474647e952a84a51cdf1cc4408.1699717047652.1699717047652.1699717047652.1&b=27441379.1.1699717047652&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 87a1d050-4057-4ef5-be6c-09a255a1c053
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 87a1d050-4057-4ef5-be6c-09a255a1c053
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KlNO2lO96OVR4Y5KpdIaR0FJEUTK23pAmA3s2vsSVnOdOwa%2BNPJFkIItY4DQlRpGqHfmS2IUmCh7tLDx5O4e98%2BHcNBW4%2Br1sY2NXdh58EpsbTuKjONnZ8wy4JCazswYtFILP3H8UyUtBMaLmeg2"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7d556d9994-qjjrn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 82479ddbe85f5d9d-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
656 B 129ms
128ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=16d2babf-1312-43d9-b3c1-39e26c3b541c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F&t=Cyble+%E2%80%94+DuckLogs+-+New+Malware+Strain+Spotted+In+The+Wild&cts=1699717047658&vi=78016c474647e952a84a51cdf1cc4408&nc=true&u=27441379.78016c474647e952a84a51cdf1cc4408.1699717047652.1699717047652.1699717047652.1&b=27441379.1.1699717047652&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e79f9f03-5118-4974-9ad5-044a5da3dc45
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e79f9f03-5118-4974-9ad5-044a5da3dc45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUeJhQYJquTp3bZ%2BHYapvES1%2FSj3Rzr7fZYoT2shRQTovbR578vyiNthKUBdNKBI7TKRwKKWI2p5rTCSkeMBdf5h2kdf7JiG7XSRRdL%2FPw5ozIvlo517jyu3vnTgcjj7tMRrbQX%2Fs44xFRq%2FKnMT"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7d556d9994-qjjrn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 82479ddbe8605d9d-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B4301B07FDA449D8BE20036907A982AB&RedC=c.clarity.ms&MXFR=2A0936F3661B6AB53EA12535621B6416
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B4301B07FDA449D8BE20036907A982AB&MUID=1E9F45B1C49E6BF13E705677C5F56A37

42 B
444 B

27ms
27ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B4301B07FDA449D8BE20036907A982AB&MUID=1E9F45B1C49E6BF13E705677C5F56A37
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:27 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:37:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 72D9DF3172734ADF92D5FDAA7CDF9B74 Ref B: FRAEDGE1521 Ref C: 2023-11-11T15:37:27Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B4301B07FDA449D8BE20036907A982AB&MUID=1E9F45B1C49E6BF13E705677C5F56A37
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 200 /
to.getnitropack.com/ 20 B
457 B 671ms
312ms Ping
text/html 2400:52e0:1a01::987:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://to.getnitropack.com/

Requested by

Host: cyble.com
URL: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1a01::987:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-LA1-987 / PHP/8.1.21

Resource Hash

a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryA9ikNUekIE3f0YyD

Response headers

date: Sat, 11 Nov 2023 15:37:28 GMT
content-encoding: none
strict-transport-security: max-age=15724800; includeSubDomains
cdn-edgestorageid: 987
x-powered-by: PHP/8.1.21
cdn-cachedat: 11/11/2023 15:37:28
cdn-pullzone: 234442
content-length: 20
server: BunnyCDN-LA1-987
cdn-proxyver: 1.04
cdn-requestpullcode: 200
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cdn-uid: b7e07321-6c82-48dc-b332-ec6b5d5d2a32
cache-control: public, max-age=0
cdn-requestid: 6299083f1e1bc7a0bd8dea1206c7de43
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
964 B 152ms
143ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=78016c474647e952a84a51cdf1cc4408&__hstc=27441379.78016c474647e952a84a51cdf1cc4408.1699717047652.1699717047652.1699717047652.1&__hssc=27441379.1.1699717047652&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fducklogs-new-malware-strain-spotted-in-the-wild%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9caa8b4caa6b881da86068cbfe402e47f9f16fbbd6b96b46cd5e25b8d5618fa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 468b12f9-8093-480b-84d9-9775413491fb
content-encoding: br
x-envoy-upstream-service-time: 32
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 468b12f9-8093-480b-84d9-9775413491fb
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FChwkZ4FZxoN9PbqpqGuGXVIi5uf8DsMZjdM24nZpyghG8TvMlhAkQICu4twI4%2Fzr%2BovXb76Crxvzw5wVjSog%2FlJrYx6Kwz5uauOTE%2BlXDSfiJNTaxIZPt0k8iwiuDyKE77ATCUFCqg1RCOElxMT"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 82479ddc3df091fb-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-trgn5

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
289 B 101ms
100ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.16/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Sat, 11 Nov 2023 15:37:27 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 6ad65309edc539a4600440865bf6676d-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/ 36 KB
10 KB 482ms
160ms XHR
application/json 2400:52e0:1a01::999:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/6ad65309edc539a4600440865bf6676d-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a01::999:1 Los Angeles, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-LA1-999 /
Resource Hash: 55054ee1484536892852a636c238f8364ce6a89e525f52605d67cb2bfe8f7f5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:28 GMT
content-encoding: br
cdn-edgestorageid: 1112
perma-cache: HIT
cdn-storageserver: LA-355
cdn-cachedat: 11/10/2023 17:44:01
cdn-pullzone: 293267
last-modified: Thu, 10 Aug 2023 07:43:29 GMT
server: BunnyCDN-LA1-999
cdn-fileserver: 389
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64d49521-91a0"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 7b5b9c1198fe1ba09b7f272248fc37a7
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3907eb96b143b65f3a396eea1805f95dfe5a0b0da75ffbdaad2eed1e9e2e1015

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 11 Nov 2023 15:37:28 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e5f47aaf7eabcee1ce2772f4fd77c75c252c80f9c48e4424e2f08b022aa0fa84

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ 470 KB
189 KB 49ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7da2c78aebbd6e2db645e5b97424ed43196e116ef824980565996bdc513550a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 12:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192495
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 03:03:27 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Nov 2024 12:31:00 GMT

GET
H3 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Ew-Y3tcoqK5.ttf
fonts.wp.com/s/montserrat/v25/ 193 KB
194 KB 7ms
7ms Font
font/ttf 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Ew-Y3tcoqK5.ttf

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

dcfe8df29e553fbd655212f94300cb1e704c6cd147fa7a98cb4bcd9eb92c6707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 11 Nov 2023 15:37:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 11 Jul 2022 19:01:59 GMT
server: nginx
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 197976
x-xss-protection: 0

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 999B 59 KB
33 KB 48ms
48ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=37ukd59kf6yp

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fd2a1fe522152d30d78da9b38fda8731d55faf3167d0a9d61332d8689a1eb0b2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-b-4ODz1agTYia9N-2WmnYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-b-4ODz1agTYia9N-2WmnYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 11 Nov 2023 15:37:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ Frame 999B 55 KB
24 KB 59ms
16ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=37ukd59kf6yp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 23:49:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56858
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 03:03:27 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Nov 2024 23:49:50 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ Frame 999B 470 KB
188 KB 58ms
15ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7da2c78aebbd6e2db645e5b97424ed43196e116ef824980565996bdc513550a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 12:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192495
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 03:03:27 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Nov 2024 12:31:00 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 999B 2 KB
2 KB 18ms
18ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 15:15:26 GMT
x-content-type-options: nosniff
age: 174122
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 16 Nov 2023 15:15:26 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 999B 15 KB
15 KB 20ms
19ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 02:58:03 GMT
x-content-type-options: nosniff
age: 45565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 10 Nov 2024 02:58:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 999B 15 KB
15 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 18:52:48 GMT
x-content-type-options: nosniff
age: 74680
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Nov 2024 18:52:48 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 999B 102 B
135 B 28ms
28ms Other
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=fGZmEzpfeSeqDJiApS_XZ4Y2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3772767ff67487697ff10935d55de63df2c7ee53435326b45577f86819e84c71

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=37ukd59kf6yp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 11 Nov 2023 15:37:29 GMT

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
289 B 105ms
105ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.16/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/ducklogs-new-malware-strain-spotted-in-the-wild/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Sat, 11 Nov 2023 15:37:30 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

Verdicts & Comments Add Verdict or Comment

240 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cyble.com/	1969-12-31 23:59:59	Name: nitroCachedPage Value: 0
.cyble.com/	1970-01-21 01:44:37	Name: _ga_N9ZXY95EM4 Value: GS1.1.1699717046.1.0.1699717046.0.0.0
.cyble.com/	1970-01-21 01:44:37	Name: _ga_361856552 Value: GS1.1.1699717046.1.0.1699717046.0.0.0
www.clarity.ms/	1970-01-21 00:54:13	Name: CLID Value: 9750a67360db468b903e2f065922783c.20231111.20241110
cyble.com/	1970-01-21 01:44:37	Name: _omappvp Value: qB8KlDBcuO0zR9cPSc9ksxDeP4rtVYDcf6rY1cKcWo4MzniBsVv8uSoUPpdEj8J3NZq1nC8AkdQWXHDE45hN6PQlYchDezz2
cyble.com/	1970-01-20 16:08:38	Name: _omappvs Value: 1699717046560
.linkedin.com/	1970-01-20 18:18:13	Name: li_sugr Value: 337818d1-1221-4558-94f9-f6103d078ee9
.linkedin.com/	1970-01-21 00:54:13	Name: bcookie Value: "v=2&0bc3dcdd-63fa-4aac-840e-ccb31eaa6511"
.linkedin.com/	1970-01-20 16:10:03	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=3088:u=1:x=1:i=1699717046:t=1699803446:v=2:sig=AQGx4Rb05t3HEJfLiSBHh9eV0tkrKDby"
.cyble.com/	1970-01-21 00:54:13	Name: _clck Value: 1uzcyby\|2\|fgm\|0\|1410
.linkedin.com/	1970-01-20 16:51:49	Name: UserMatchHistory Value: AQIRP9Vr6iK7OQAAAYu_B-GjwwN7xEWCMnkKH6Y2FefPaoDXx-ZOMuS1P3Uedx1C3Q-AVeHdbMRI6A
.linkedin.com/	1970-01-20 16:51:49	Name: AnalyticsSyncHistory Value: AQLhpGOtXqVYOwAAAYu_B-Gjuw8moJbAg3l7JdFIleHoh_lu_0u3xsuga4TNT7UZh5aPaVJAb668LHPXz0h5tg
.cyble.com/	1970-01-20 18:18:13	Name: _gcl_au Value: 1.1.393356173.1699717047
.cyble.com/	1970-01-21 01:44:37	Name: _ga Value: GA1.2.732653862.1699717046
.cyble.com/	1970-01-20 16:10:03	Name: _gid Value: GA1.2.401737254.1699717047
.cyble.com/	1970-01-20 16:08:37	Name: _gat_UA-201575643-1 Value: 1
.doubleclick.net/	1970-01-20 16:08:37	Name: test_cookie Value: CheckForPermission
.www.linkedin.com/	1970-01-21 00:54:13	Name: bscookie Value: "v=1&202311111537269f5008db-eceb-4aa0-8e71-35be34c69042AQG5BEvwnkqirawNri-hfm238558LSPl"
.linkedin.com/	1970-01-20 20:27:49	Name: li_gc Value: MTswOzE2OTk3MTcwNDY7MjswMjHDW6VHmeumHS6f9BkxJCXrKl+EvrML4KnGcO78cnGfqA==
.hubspot.com/	1970-01-20 16:08:38	Name: __cf_bm Value: CMUlmXaetb3HXJQ02z4GZbaBhrBECjn22gSuFofX7hY-1699717046-0-ASyqAKCc7d7EIflsM/Z1CNYB6xrOVRGzJiAzBvV178WZZ4kiiin59OiK1Ol9c04EEjUyQoktF+mdZ2UTZ29EU08=
.cyble.com/	1970-01-21 00:54:13	Name: cb_user_id Value: null
.cyble.com/	1970-01-21 00:54:13	Name: cb_group_id Value: null
.cyble.com/	1970-01-21 00:54:13	Name: cb_anonymous_id Value: %22e2a6c162-bdbf-42b3-a356-e5031c0e0e14%22
.cyble.com/	1970-01-20 20:27:49	Name: messagesUtk Value: a7d7edb97f0c4f979ce70b2e3a385765
.labs.cyble.com/	1970-01-20 16:08:38	Name: __cf_bm Value: iwGTpVAoRos3YuX8.B3dtyyzW3wwaIH8l_67q.flK8A-1699717047-0-AX0zv73AKKsE56/aowLS+Ft5pcKf2emLxhAdPS6UUn81V5t+/7Jm/we+zq9r4UIgO4wudodYV24kdcn4OrXrZus=
.labs.cyble.com/	1969-12-31 23:59:59	Name: __cfruid Value: 0deb650a1ab930221d94c7b8887ecd0358fab6e7-1699717047
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 6a4efe1773ad27de
.cyble.com/	1970-01-20 20:27:49	Name: __hstc Value: 27441379.78016c474647e952a84a51cdf1cc4408.1699717047652.1699717047652.1699717047652.1
.cyble.com/	1970-01-20 20:27:49	Name: hubspotutk Value: 78016c474647e952a84a51cdf1cc4408
.cyble.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyble.com/	1970-01-20 16:08:38	Name: __hssc Value: 27441379.1.1699717047652
.cyble.com/	1970-01-20 16:10:03	Name: _clsk Value: 14049mf\|1699717047701\|1\|1\|p.clarity.ms/collect
.bing.com/	1970-01-21 01:30:13	Name: MUID Value: 1E9F45B1C49E6BF13E705677C5F56A37
.c.bing.com/	1970-01-20 16:18:41	Name: MR Value: 0
.c.bing.com/	1970-01-21 01:30:13	Name: SRM_B Value: 1E9F45B1C49E6BF13E705677C5F56A37
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 01:30:13	Name: MUID Value: 1E9F45B1C49E6BF13E705677C5F56A37
.c.clarity.ms/	1970-01-20 16:18:41	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 16:08:37	Name: ANONCHK Value: 0
cyble.com/	1970-01-20 16:51:49	Name: omSeen-r0hediyvvmvme9sqc9m4 Value: 1699717048617

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
api.hubspot.com
api.omappapi.com
app.clearbit.com
app.hubspot.com
bam-cell.nr-data.net
blog.cyble.com
c.bing.com
c.clarity.ms
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
fonts-api.wp.com
fonts.googleapis.com
fonts.gstatic.com
fonts.wp.com
forms-na1.hsforms.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
i0.wp.com
js-agent.newrelic.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
labs.cyble.com
p.clarity.ms
perf-na1.hsforms.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.adroll.com
s0.wp.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
stats.wp.com
tag.clearbitscripts.com
to.getnitropack.com
track.hubspot.com
uploads-ssl.webflow.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
x.clearbitjs.com
13.107.42.14
151.101.194.137
162.247.243.30
18.66.112.117
18.66.112.19
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.152
20.122.63.128
2001:4860:4802:32::36
2400:52e0:1a01::987:1
2400:52e0:1a01::999:1
2600:9000:214f:9000:7:d7d6:3c40:93a1
2600:9000:2644:c00:6:9280:1080:93a1
2606:2c40::c73c:67e2
2606:4700:20::ac43:4bbf
2606:4700:4400::6812:22e5
2606:4700::6810:50ba
2606:4700::6810:8bce
2606:4700::6810:bb59
2606:4700::6810:e05d
2606:4700::6811:cff9
2606:4700::6811:f7a8
2606:4700::6812:7a0c
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:bdf::67
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:811::2008
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:831::2003
2a00:1450:400c:c0d::9b
2a02:26f0:3500:16::215:148d
2a05:d018:cc3:fe04:fcdb:3dce:d8d6:7d53
3.127.196.46
68.219.88.97
0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47
02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69
0427349d2020319a07c730eb5c5cb8ee988339b37ea834a0e0e19463d7ff324d
044ef4f8ed43bfa59c9793d62975bc7ff747731bb1d97bbf0e1c0c6db95cca31
04973f96fb9c6e41af1fc9486d48e8936d01498f8eedb266616bacd866e2e6c5
063746967871d4216965a4986fe8364aa66625bc5da5dd9d4c356d863b5c51da
079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
0c679efd167a32b0825de0591a02315d08db62c62fbf9f2178bdf55f195e83ef
0c91ab5b297f9f2fda85a197eeb47839100565b39ddea58772a161211e76f3ca
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
150a92a328e55d525a998e5bc69e9183ed1c582770a1fb4f679cb05dd6c84a17
15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b
168b0b3e4dad8dd251775a64bfd2eaaa3fec94b04971043eebc16665757ab151
17c637303b3f9d684a1cd953b7999c1c75dc76b644a82dccf29303710d3990af
1af623b7fa49e6d07f7fbaa58e70f51a790c4cd4c8abb452af6c7a12d327b137
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ccc47fe2259773bf33ee7831905071311322957e5b270f00ce7f855ebbf0216
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
220b328b851303eea8cf0c0bff31365783e87438e803e6d02bec6a5e0492f907
228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682
24cef64cc88d12267c974f045596734e2d5cd1cc061d4969f06c110b52206d16
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08
263c3a799ea39e2db3c3347bab23a9f98990d9d9633d2d8b833d8766c3dc2b36
263d6264b8a006bde843f733401522760c8a67452cbadfa35a4a69ce6aff7524
283547740fcb77b2440b432515bfb0437fcbcb49dae73c5835d0087dcfd54a31
295fbb5e54d72b6d4ce1706b49b105dde853dec01470192fd5c372e5b29b8837
29b67cf347a26c13a8ccf48116769f370373c0ec49a6753afd16bf0408e7df42
2b3ca18ab60a00c8559ed15c4b364dc59742457a540eae69b60b667884db4f86
2caa7723419d7c6ded5dc50d3a9518cfc31a806471197dd34d6605393e9bcaeb
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
3225cec6a018310497ea9ee116aa43b2a833464fed6156dceb9a3a4424bb8613
354142e53641e1e72a89609e46eff578e69d762290d65d84acaaf380751c20fa
3772767ff67487697ff10935d55de63df2c7ee53435326b45577f86819e84c71
382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53
3857b8ea601a609b4eefe5391232b41680ac7c303de5a021136608bda8ec92ea
3907eb96b143b65f3a396eea1805f95dfe5a0b0da75ffbdaad2eed1e9e2e1015
39badaa7254daebaccbfc900a8ab3e619aaa048a7306b182ecf19655fdaf3976
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
405767448d618a7a326a509bf3c8484414ddf0f9518dad53f90794e7796bdde8
418ba9866f7867d24cd94a10ea132a6e5a7ff9b4ec74e9e009b08b0e0693badb
4225ae63df8a0c865d40b02b055857a1283e908ca807dced41985e08972b6fec
4252a2cdfd3391e6f8bed901f0fdcf6c1779363f4c18a4489ca8070416bf333b
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
43c8d7eea6663dfa29e870ed4803e36bea95e068084fbaea1ce09c0e2f775c3f
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
445e6c05d7b739e170dd20ae0670401c985c0de787c83773f5177d01306c8fd2
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47e5ff66931402cb5755d7eed98a6d23ee556a7f8e9c1dd340d351c27f669a0f
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
4d6940b8d6231d123cedc7c9e3ca87fa1b740d9cc59c7f40dbf94de714098c2e
4e0444e1833b39198b3f37d6f556b0443dabff58bcd8e8b16530b0f980ea2b1b
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36
50609579a0013a9543bdf2f3b69b484dafea8e313a2ce1a65f5ae93a930991d6
51384f67c702c265bd5d21f3b1bbb9fc22bce41125daffbf058f13b28217d127
522dd061c8eb95afbacf1102f7b6fe29c8f7b0802cf7797130460153fa849417
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52984e532d02a87a060764ff400626a1b81cc316284a8ba1feab5d94697119a0
5405f21fd05a73a76a85b2021b366df4dcd00dd93ad956d671776622ea5e1ffc
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
54b504a934b8cc1b8bf548c18b209e1f490a9ed03e7d6905935743d488e02344
54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a
55054ee1484536892852a636c238f8364ce6a89e525f52605d67cb2bfe8f7f5a
594e58a370b6219afb761152e616c06147e70e8c8d040ef51058f238025633a1
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
5c756ba00bc22ff5690e08fc74aa2c70cde9b692a4acb7ca813a9dc7168c27d5
5c771b0f3654468975034601cec8742e7768614c03e92d1c438e666d28852790
60a6db28503da0b2c2f4e39da485b7649425cd481da5dee9ff33f6c68e9cb480
63bcc9a1cd3428ff4089bb4cb7f38809aa676fcd1dc599797051b6413456d3c9
6507a044d207a767ec2971e891b149b58d6d32a6ee1b18068a6d6dd36bc5fa9a
658f3a895bca2fee13e440e355fe44511cb4fd3bd72156b268f2950bb1003b30
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d8df80636365e2ceb28f46ce2b54a2fbd661b03a0282983f26c435d927d9657
707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a
71543675c131b841c82320e95d11ce0544414ac3c30dadf40d6c5ef5ff21ea8c
7219547ee25334cbac0fe4b3acf0bf631e48ebb622c71af038edaaa652c60875
745b79544835c8ee16198c039bdde0b6ec42333c0f830df5770bd4dcd60a6ac6
761c4ef72f1aa7bcaf50a6562e915e33d2713aefa1384d6ee1d77a3a07fb7be3
7754dd2599dac84ce144bf479b0fdb27c1bf255c7462dfecf2f3d69d9100e30b
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
79371284e1052bf1e88b017d78ece22e4a39bb58b520a3f3ee3c545b273ae8f7
7bd7eefaa2b36027b0fb0b4bfb805f93de0d8db06ce50c0164b6ae2fdbb8bc5b
7ca11be0a225dfbd8b93ceab545a5994ca4462227253ceb79a500fca04593515
7da2c78aebbd6e2db645e5b97424ed43196e116ef824980565996bdc513550a5
801d28764049db88df7f96a30172b3790f9578799a491942a8f0faf534bcce5b
80dd975a6a9a2990bd82dc0d70b88250ddab2c213a1afe4c36071a944a8f1e2f
81ca4e463dd4fdddc4c6472a1268e8a0b667ea8486185a3881a9feef60955de2
85016d81a1b51d8867123c56433b2e638844aac2e3dfe64fd79acc1f11c6f983
8566b5839e309fd46ee7189f1af0337ffce13dc6f751a148ac589164f89e9de8
8731d7ba8485239f3bf5c23da3962a8374f8a7c7129d3e552840f6f56800bba9
88aaa00ed63445a1d87d9d2c4473d0b8ed19a8365c8fdfa5b4ce13580229fcc7
8ad9a6bcdc20b0bb29576b861332e7b11719bd11af68024d7676724574070f05
8b715e2b510a6fe1970eb41598d51f6ee26ab7e0390d5a4e86eceda88145c352
8d221e56b16a1c51416da4631cbaa1473b6866ed4ced5e692359b3379ff3709b
8d7293476de0d15a9417a6f896f642845e90a174c74455e095f5f9a69768b51c
8d909883de81344e0fbcfef30e931872e92d9aeecdf85b6dcf6e0b28c078e98e
8e4e49412ad1d916f9fe1a2c6a0124bafe489ede5311fd5082ea359f92b8a8cb
8f927cd54d7ef0ffd667f6537f9a9f3ef56fd8f86b32c8dfd534c29da2f2242a
9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f
941b1493157dfb7316bcb3c7357a94e9ba173607d80559408620f4ab4c39c88d
945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965
97824daa6d5a75e1aa86b8148af2fa935276f4aa8abe1d050fd861d325a5686e
978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9caa8b4caa6b881da86068cbfe402e47f9f16fbbd6b96b46cd5e25b8d5618fa4
9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37
9d0d55a303bfd13b79a87721f65185e93f235e2d77fe398b2dca67ac519915f5
9d4d9f3c2c289eaec403660ec215bdc45e62b49f978807714bfc31ca7916c8fe
9ddaa48947691f4edbd85d83e34061cdf5eaabf0b10b59b3922d95233b8950ee
9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed
a0746aee5a2b0032d3d664b8383d97bb3e1f0dce11ececfa1258072a704b1a72
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4
a50d381748c22ce26c690586d18b41c72b4a9c71c0f1254e64fec18e2d0b039a
a61adcba5535446226b967547c5a240a0c58588d868a17890e04c990b67c5f82
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012
a8b2b184147a6b52a221baa07cb1e2906281d646afd0e460133835911689bb9b
ab2893642fc3a295af460bb6c27d6c0c425becfef2e1a90ebf25507a04b2fda7
abe9a73c251ad253776da6098f425db4e50bf094dc9edbadee1a6e15622c9b26
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b14289833de1c5b8da19bf0aa86278185dfdbb3113baca8b658fa0ee8a563dba
b18b7934fcad866d7a86f35e082d61323a9417ef10ded37e30c710dae0d38df4
b427c033491f4d078ec15060f313e298970ea7c5088c546187d328f43c5f3be7
b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8b88e3de37446ef3659a8a4329f4a01f32e8693c4b102b3df91fecb687d6fa9
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bd71f4fb37229dbdec8d1f0ac68279c3ca75ef139c5c13b3cd7dc7bd556550d4
bd75d8c46b85f9707565edbb53845948e0c94cb884b00f088ec8da8d99a3c160
c110d3e795d9bcb956d5c9ef500d23c7e480a259519d383d5c626293ee413815
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c2e3d942841a2db58ec17b82d5a30909aa2ff162f8330da05b5abed1ea46c6f2
c391d5d280b0b950860203c4aea86b6aa48c587ba784a3438945670d8f418b12
c4fbf61bcc8a017d5d9cd2d95105bf88005bc0a3b6c18be6bfee8fc94d0adf52
c50793d6519f290cdf7ac7d324deac5cf3258db48ea4693e6316e0f85f917200
c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758
c6fd60d4ecfcac36ecdcb7456ecf170d8eef75c883a1e34a4dd7855d23966cd2
c7267d9f9b72944e2b3772a521fd1b8882ca17b124de63549fbf591167efbd25
c880dba8b9785ed12e3d0c9ed65ab16620e1769154264989633851a0653758a7
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cf7f9ade78374ff4a5fd3f995eca2cd383068587c0cf4dcdc2695d17932f2cc0
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d83aec48544d062dde1996c25831b736a6262a98fc15a037ee5c72b1f9f0aeb2
d9755b7eff734eeb6267db6515f0267fc66622cd873cd37f65761b3fcc94cac2
dbd6799bbdbc2fd53a96f503f454a90c5b5af94aef34b794aa6c017b77702341
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcfe8df29e553fbd655212f94300cb1e704c6cd147fa7a98cb4bcd9eb92c6707
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c524e3e761e7f83d82d0713c43a707f52e9d2bac9d3705a09857714e094fac
e5f47aaf7eabcee1ce2772f4fd77c75c252c80f9c48e4424e2f08b022aa0fa84
e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734
ea14d1b1233e6cbc9b1a156ac532f076f7adafc309726fca7bf8833f882ac872
ec685a46105296fe46c8744da4a11cf8118ba6c11271941766f7a546df6aa7c7
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
ee041148b4d2b4bfb2a9dbff837265a3484bb6ef80a18174ee45309237654c74
eef6905a10fc006637486692b9f493a373aabd7ec439fa81a99204ee389b2716
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8bfc9484e5389cc2e09db84c64a5f7cc8cb742d08c102e0727333a014a95f0
f103f62477c6a9676ce29ecbdf9c9493fad45111dd75a14cbfb0f5baf4096693
f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789
f19bda39706dbdf297fbcda17d6286e94a962b92a06cc8616e16314adebb0aec
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f650518059b9901bbf0175fde4089bda6ac93efef083514d37c3245a7f50abdf
f78ea821cda2bdf5e929eb21e09157a43dce4d1d0b8a43cfaee631216801bcf9
f834a029a78c0ab307009a4b634873883ed1e544d0e68ef28a5efa5b56d0f643
f9559fb7eb7556f21cc88d419722e9bf3147b01639b30df770820e08bd076861
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d
fa1af1cbf201b91b7b02cc4531ded17078f035ca5daec87e9767ca7edb4b3328
fa2adc8e591afce15ec4b4b22089c4faa15095f55b78eb007ff6a849ebaa6e5d
fd2a1fe522152d30d78da9b38fda8731d55faf3167d0a9d61332d8689a1eb0b2
fe2b279e27abcce2aaa29cb64e7424cced3465bd6837490093f8e4d26627b31b

cyble.com Open in urlscan Pro 192.0.78.152 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

198 Requests

98 %HTTPS

71 %IPv6

31 Domains

54 Subdomains

40 IPs

4 Countries

5432 kBTransfer

12548 kBSize

40 Cookies

29 Outgoing links

Page URL History

Redirected requests

198 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cyble.com Open in urlscan Pro
192.0.78.152 Public Scan

Screenshot
Live screenshot

Full Image

198
Requests

98 %
HTTPS

71 %
IPv6

31
Domains

54
Subdomains

40
IPs

4
Countries

5432 kB
Transfer

12548 kB
Size

40
Cookies

198 HTTP transactions
1 data transactions