urlscan.io logo urlscan.io
SecurityTrails logo

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Submission: On August 01 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 56 IPs in 7 countries across 45 domains to perform 213 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 16th 2020. Valid for: 2 years.
This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 104.20.59.209 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
36 104.26.13.6 13335 (CLOUDFLAR...)
5 2606:2800:234... 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
5 23.210.248.44 16625 (AKAMAI-AS)
1 11 151.101.114.137 54113 (FASTLY)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 212.71.236.31 63949 (LINODE-AP...)
1 185.3.92.12 63949 (LINODE-AP...)
5 35.190.64.11 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
11 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 35.188.71.214 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2.18.235.40 16625 (AKAMAI-AS)
3 172.217.23.166 15169 (GOOGLE)
1 35.190.76.239 15169 (GOOGLE)
6 216.58.212.162 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
15 2a00:1450:400... 15169 (GOOGLE)
2 34.249.13.97 16509 (AMAZON-02)
7 3.16.202.217 16509 (AMAZON-02)
1 2600:9000:205... 16509 (AMAZON-02)
4 99.86.0.120 16509 (AMAZON-02)
1 2620:116:800d... 16509 (AMAZON-02)
2 2.18.235.93 16625 (AKAMAI-AS)
1 3 104.111.238.139 16625 (AKAMAI-AS)
1 2.18.234.163 16625 (AKAMAI-AS)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 199.232.53.140 54113 (FASTLY)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2600:9000:205... 16509 (AMAZON-02)
1 130.211.23.194 15169 (GOOGLE)
1 52.52.244.32 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 185.64.189.112 62713 (AS-PUBMATIC)
6 213.19.162.41 3356 (LEVEL3)
4 104.16.190.66 13335 (CLOUDFLAR...)
4 185.33.221.87 29990 (ASN-APPNEX)
4 34.98.64.218 15169 (GOOGLE)
2 2a02:fa8:8806... 41041 (VCLK-EU-)
3 2a00:1450:400... 15169 (GOOGLE)
1 35.159.48.82 16509 (AMAZON-02)
5 35.226.36.58 15169 (GOOGLE)
1 213.19.162.77 26667 (RUBICONPR...)
2 104.111.230.142 16625 (AKAMAI-AS)
2 2.18.234.21 16625 (AKAMAI-AS)
1 2 52.28.32.108 16509 (AMAZON-02)
2 2.18.233.180 16625 (AKAMAI-AS)
2 2.18.232.130 16625 (AKAMAI-AS)
2 34.226.243.182 14618 (AMAZON-AES)
213 56
2    104.20.59.209 (United States)

ASN13335 (CLOUDFLARENET, US)
www.bleepingcomputer.com
1    2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
36    104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET, US)
www.bleepstatic.com
5    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cse.google.com
6    2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
5    23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com
s9.addthis.com
v1.addthisedge.com
s7.addthis.com
11    151.101.114.137 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
vid.connatix.com
img.connatix.com
3    2606:4700:20::ac43:443c (United States)

ASN13335 (CLOUDFLARENET, US)
a.pub.network
1    212.71.236.31 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-212-71-236-31.london.nodebalancer.linode.com
ecdn.analysis.fi
1    185.3.92.12 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-185-3-92-12.london.nodebalancer.linode.com
ecdn.firstimpression.io
5    35.190.64.11 (Mountain View, United States)

ASN15169 (GOOGLE, US)
dapperdiscussion.com
4    2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
11    2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
adservice.google.com
googleads.g.doubleclick.net
www.googletagservices.com
2    2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
d.pub.network
1    2606:4700:20::ac43:4acf (United States)

ASN13335 (CLOUDFLARENET, US)
freestar-io.videoplayerhub.com
1    2.18.235.40 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
3    172.217.23.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f6.1e100.net
ad.doubleclick.net
1    35.190.76.239 (Mountain View, United States)

ASN15169 (GOOGLE, US)
admiral.mgr.consensu.org
6    216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net
securepubads.g.doubleclick.net
2    2606:4700:20::681a:91b (United States)

ASN13335 (CLOUDFLARENET, US)
mrb.upapi.net
15    2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
cdn.ampproject.org
2    34.249.13.97 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
cdn.firstimpression.io
7    3.16.202.217 (Columbus, United States)

ASN16509 (AMAZON-02, US)
capi.connatix.com
1    2600:9000:2057:9a00:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
vendorlist.consensu.org
4    99.86.0.120 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-0-120.fra6.r.cloudfront.net
c.amazon-adsystem.com
1    2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
2    2.18.235.93 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
hbx.media.net
3    104.111.238.139 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-139.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    2.18.234.163 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-163.deploy.static.akamaitechnologies.com
s.ntv.io
2    2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)
graph.facebook.com
2    199.232.53.140 (United States)

ASN54113 (FASTLY, US)
www.reddit.com
1    2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
1    2600:9000:2057:9000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    130.211.23.194 (Mountain View, United States)

ASN15169 (GOOGLE, US)
backend.upapi.net
1    52.52.244.32 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-52-244-32.us-west-1.compute.amazonaws.com
jadserve.postrelease.com
1    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
6    213.19.162.41 (United Kingdom)

ASN3356 (LEVEL3, US)
fastlane.rubiconproject.com
4    104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)
dmx.districtm.io
cdn.districtm.io
4    185.33.221.87 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
4    34.98.64.218 (United States)

ASN15169 (GOOGLE, US)
freestar-d.openx.net
eu-u.openx.net
2    2a02:fa8:8806:16::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)
web.hb.ad.cpe.dotomi.com
3    2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com
1    35.159.48.82 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
tlx.3lift.com
5    35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
c.pub.network
1    213.19.162.77 (United Kingdom)

ASN26667 (RUBICONPROJECT, US)
beacon-eu-ams3.rubiconproject.com
2    104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
2    2.18.234.21 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
2    52.28.32.108 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-32-108.eu-central-1.compute.amazonaws.com
eb2.3lift.com
2    2.18.233.180 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
2    2.18.232.130 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com
acdn.adnxs.com
2    34.226.243.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-243-182.compute-1.amazonaws.com
mantodea.mantisadnetwork.com
Apex Domain
Subdomains		 Transfer
36 bleepstatic.com
www.bleepstatic.com
436 KB
20 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com
222 KB
18 connatix.com
cd.connatix.com
cds.connatix.com
capi.connatix.com
vid.connatix.com
img.connatix.com
473 KB
14 doubleclick.net
googleads.g.doubleclick.net
ad.doubleclick.net
securepubads.g.doubleclick.net
144 KB
12 pub.network
a.pub.network
d.pub.network
c.pub.network
249 KB
9 rubiconproject.com
fastlane.rubiconproject.com
beacon-eu-ams3.rubiconproject.com
eus.rubiconproject.com
14 KB
6 adnxs.com
ib.adnxs.com
acdn.adnxs.com
3 KB
5 ampproject.org
cdn.ampproject.org
108 KB
5 dapperdiscussion.com
dapperdiscussion.com
60 KB
5 twitter.com
platform.twitter.com
31 KB
4 openx.net
freestar-d.openx.net
eu-u.openx.net
946 B
4 districtm.io
dmx.districtm.io
cdn.districtm.io
494 B
4 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
188 B
4 amazon-adsystem.com
c.amazon-adsystem.com
30 KB
4 googletagservices.com
www.googletagservices.com
97 KB
4 gstatic.com
fonts.gstatic.com
44 KB
4 addthis.com
s9.addthis.com
s7.addthis.com Failed
191 KB
4 google.com
www.google.com
cse.google.com
adservice.google.com
2 KB
3 3lift.com
tlx.3lift.com
eb2.3lift.com
862 B
3 scorecardresearch.com
sb.scorecardresearch.com
3 KB
3 upapi.net
mrb.upapi.net
backend.upapi.net
233 KB
3 firstimpression.io
ecdn.firstimpression.io
cdn.firstimpression.io
189 KB
2 indexww.com
js-sec.indexww.com
2 mantisadnetwork.com
mantodea.mantisadnetwork.com Failed
2 dotomi.com
web.hb.ad.cpe.dotomi.com
1 KB
2 reddit.com
www.reddit.com
2 KB
2 facebook.com
graph.facebook.com
989 B
2 media.net
hbx.media.net
9 KB
2 consensu.org
admiral.mgr.consensu.org
vendorlist.consensu.org
18 KB
2 google-analytics.com
www.google-analytics.com
18 KB
2 bleepingcomputer.com
www.bleepingcomputer.com
17 KB
1 postrelease.com
jadserve.postrelease.com
599 B
1 quantcount.com
rules.quantcount.com
1 KB
1 ad-delivery.net
ad-delivery.net
631 B
1 ntv.io
s.ntv.io
96 KB
1 quantserve.com
secure.quantserve.com
8 KB
1 addthisedge.com
v1.addthisedge.com
855 B
1 moatads.com
z.moatads.com
1 KB
1 videoplayerhub.com
freestar-io.videoplayerhub.com
27 KB
1 google.de
adservice.google.de
168 B
1 analysis.fi
ecdn.analysis.fi
2 KB
1 googletagmanager.com
www.googletagmanager.com
33 KB
1 googleapis.com
fonts.googleapis.com
1 KB
0 sharethrough.com Failed
btlr.sharethrough.com Failed
0 casalemedia.com Failed
as-sec.casalemedia.com Failed
213 45
Domain Requested by
36 www.bleepstatic.com www.bleepingcomputer.com
pagead2.googlesyndication.com
s9.addthis.com
10 tpc.googlesyndication.com dapperdiscussion.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
www.bleepingcomputer.com
cdn.ampproject.org
7 img.connatix.com www.bleepingcomputer.com
7 capi.connatix.com cds.connatix.com
7 pagead2.googlesyndication.com www.bleepingcomputer.com
pagead2.googlesyndication.com
6 fastlane.rubiconproject.com a.pub.network
6 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.bleepingcomputer.com
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 c.pub.network a.pub.network
5 googleads.g.doubleclick.net pagead2.googlesyndication.com
www.bleepingcomputer.com
5 dapperdiscussion.com www.bleepingcomputer.com
dapperdiscussion.com
5 platform.twitter.com www.bleepingcomputer.com
platform.twitter.com
4 ib.adnxs.com a.pub.network
4 c.amazon-adsystem.com a.pub.network
c.amazon-adsystem.com
4 www.googletagservices.com a.pub.network
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
googleads.g.doubleclick.net
4 d.pub.network a.pub.network
4 fonts.gstatic.com www.bleepingcomputer.com
3 6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3 sb.scorecardresearch.com 1 redirects a.pub.network
www.bleepingcomputer.com
3 ad.doubleclick.net www.bleepingcomputer.com
dapperdiscussion.com
3 s7.addthis.com s9.addthis.com
3 a.pub.network www.bleepingcomputer.com
a.pub.network
2 acdn.adnxs.com a.pub.network
2 ads.pubmatic.com a.pub.network
2 eu-u.openx.net a.pub.network
2 cdn.districtm.io a.pub.network
2 eb2.3lift.com 1 redirects a.pub.network
2 js-sec.indexww.com a.pub.network
2 eus.rubiconproject.com www.bleepingcomputer.com
a.pub.network
2 mantodea.mantisadnetwork.com a.pub.network
2 web.hb.ad.cpe.dotomi.com a.pub.network
2 freestar-d.openx.net a.pub.network
2 dmx.districtm.io a.pub.network
2 hbopenbid.pubmatic.com a.pub.network
2 www.reddit.com s9.addthis.com
2 graph.facebook.com s9.addthis.com
2 hbx.media.net a.pub.network
hbx.media.net
2 cdn.firstimpression.io ecdn.firstimpression.io
2 mrb.upapi.net freestar-io.videoplayerhub.com
mrb.upapi.net
2 www.google-analytics.com www.googletagmanager.com
www.bleepingcomputer.com
2 cds.connatix.com www.bleepingcomputer.com
cds.connatix.com
2 www.google.com 2 redirects
2 www.bleepingcomputer.com dapperdiscussion.com
1 beacon-eu-ams3.rubiconproject.com www.bleepingcomputer.com
1 tlx.3lift.com a.pub.network
1 vid.connatix.com cds.connatix.com
1 jadserve.postrelease.com s.ntv.io
1 backend.upapi.net mrb.upapi.net
1 rules.quantcount.com secure.quantserve.com
1 ad-delivery.net www.bleepingcomputer.com
1 s.ntv.io a.pub.network
1 secure.quantserve.com a.pub.network
1 vendorlist.consensu.org dapperdiscussion.com
1 admiral.mgr.consensu.org dapperdiscussion.com
1 v1.addthisedge.com s9.addthis.com
1 z.moatads.com s9.addthis.com
1 freestar-io.videoplayerhub.com a.pub.network
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 ecdn.firstimpression.io www.bleepingcomputer.com
1 ecdn.analysis.fi www.bleepingcomputer.com
1 cd.connatix.com 1 redirects
1 s9.addthis.com www.bleepingcomputer.com
1 cse.google.com www.bleepingcomputer.com
1 www.googletagmanager.com www.bleepingcomputer.com
1 fonts.googleapis.com www.bleepingcomputer.com
0 btlr.sharethrough.com Failed a.pub.network
0 as-sec.casalemedia.com Failed a.pub.network
213 68
Subject Issuer Validity Valid
bleepingcomputer.com
Sectigo RSA Domain Validation Secure Server CA		 2020-05-16 -
2022-05-15		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-17 -
2021-07-17		 a year crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA		 2019-11-12 -
2020-11-18		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
odc-prod-01.oracle.com
DigiCert Secure Site ECC CA-1		 2020-07-22 -
2021-10-13		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2019-09-05 -
2020-10-19		 a year crt.sh
*.analysis.fi
Sectigo RSA Domain Validation Secure Server CA		 2020-05-17 -
2021-06-16		 a year crt.sh
*.firstimpression.io
Sectigo RSA Organization Validation Secure Server CA		 2019-11-06 -
2020-12-04		 a year crt.sh
dapperdiscussion.com
Let's Encrypt Authority X3		 2020-07-06 -
2020-10-04		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.pub.network
Go Daddy Secure Certificate Authority - G2		 2020-03-17 -
2021-05-16		 a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2021-03-17		 a year crt.sh
*.doubleclick.net
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
admiral.mgr.consensu.org
GTS CA 1D2		 2020-06-04 -
2020-09-02		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
vendorlist.consensu.org
Amazon		 2020-02-07 -
2021-03-07		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2019-10-07 -
2020-09-29		 a year crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2019-10-04 -
2020-10-07		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2020-02-25 -
2021-05-26		 a year crt.sh
sb.scorecardresearch.com
DigiCert Secure Site ECC CA-1		 2020-07-17 -
2021-06-02		 a year crt.sh
*.ntv.io
DigiCert SHA2 Secure Server CA		 2019-11-18 -
2021-02-16		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
*.reddit.com
DigiCert SHA2 Secure Server CA		 2020-04-06 -
2020-10-03		 6 months crt.sh
*.upapi.net
Let's Encrypt Authority X3		 2020-07-17 -
2020-10-15		 3 months crt.sh
*.postrelease.com
Amazon		 2020-02-28 -
2021-03-28		 a year crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA		 2019-02-22 -
2021-02-21		 2 years crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2020-06-24 -
2021-02-17		 8 months crt.sh
districtm.io
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2020-06-18 -
2021-08-17		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2020-03-30 -
2022-06-25		 2 years crt.sh
*.3lift.com
Amazon		 2020-07-04 -
2021-08-05		 a year crt.sh
misc-sni.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2020-03-02 -
2021-04-01		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2020-01-02 -
2021-04-02		 a year crt.sh
*.mantisadnetwork.com
Amazon		 2020-03-23 -
2021-04-23		 a year crt.sh

This page contains 33 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Frame ID: B78A97B4E23A8C0C0D4D0304A47D3DDF
Requests: 159 HTTP requests in this frame

Frame: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Frame ID: 74231C32EBE8A5BCE056480EAA95D50E
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200729/r20190131/zrt_lookup.html
Frame ID: D3122A63E187D24DB0372654F44BE746
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html?origin=https%3A%2F%2Fwww.bleepingcomputer.com
Frame ID: A3F802AA72957AA7C4B55A8F4DDC8841
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 2E663DB250CC56508A9B0DDC224B9772
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 25E7E6BF538BFBA67C910885A6E66E7E
Requests: 1 HTTP requests in this frame

Frame: https://admiral.mgr.consensu.org/portal.html
Frame ID: 85C2060C3C481927EC7091BCDA3657FF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1596066750&plat=1%3A32776%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&us_privacy=1---&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1596240697705&bpp=3&bdt=711&idt=193&shv=r20200729&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2565902735107&frm=20&pv=2&ga_vid=605872533.1596240698&ga_sid=1596240698&ga_hid=325435365&ga_fc=0&iag=0&icsg=149533591871488&dssz=48&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530587%2C21066624&oid=3&pvsid=4476189614669882&pem=936&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=214
Frame ID: 7DA420DABF2EB92349904A9F7CDC6E22
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html
Frame ID: D4ADAEA1EE934A3FB610855D86B9EFC0
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1288170397150711808&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&siteScreenName=BleepinComputer&theme=light&widgetsVersion=223fc1c4%3A1596143124634&width=550px
Frame ID: 6D9018F5BB7A32BF0ED7B782001EC2B3
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-1&frame=false&hideCard=false&hideThread=false&id=1287640814852677632&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&siteScreenName=BleepinComputer&theme=light&widgetsVersion=223fc1c4%3A1596143124634&width=550px
Frame ID: 2E6051B7C5904B1C7DA68E33C8BF8767
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
Frame ID: 37CFDAE50BA729BB8723D487E3B644BC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 30EC5BCB9A04D9D30A3F598AF77F9565
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Frame ID: 7DB95A9D164D7CDE8F2DCC4C9245D9F5
Requests: 15 HTTP requests in this frame

Frame: https://6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: A4920BBC74B0210E0739CF32E8100845
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstvZRGpsUInHo5chrZDagUWZc67Ml-0X5TFXm_VogVYVbgJClqXNOxwnXsnfGzQV5zt1sciVQDH3o_XBhC0gi2-Y4uRWr2g5d9jm0jS2pSn4QbM0qWXAHpXSwF0RFR-ZKjK8ZVFjqfULrIxNmggCB7-0Oo7RH4o2YQNRXPCbtpVV7NnnuPjt85DnSC4r3o6zi1F7a4qJf1psTBjq9rfkxkY9JSW-cKE9fiYYTQ2JOVIUEJ0Iu_iiyI1SYnqfPZQhp9TSrfQYmkfVInMdG9QdPpyzLH5ILPOvbTJz19scHLI_KT27uKfFKfK8FVvZb2rtGXmf_lJ&sig=Cg0ArKJSzJN3Iv4uW0WxEAE&urlfix=1&adurl=
Frame ID: 6490BDC247BC0CA319E03D7EE86A9C7A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 68FC87191709DEBE55C51260DAFF149B
Requests: 1 HTTP requests in this frame

Frame: https://6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: BF91E6EC248BADC2DFB895462D79E769
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=pl
Frame ID: CBC1AF93ABCA3339E580DCE49875DA78
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: BF3834066A624620D1DB7D9DA909C14C
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Frame ID: B69C22B6C7F865E73B7E44BAF3AAF729
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html?ccpa=1---
Frame ID: FD4AACE1F0D9BC1D66E0206EA4102222
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Frame ID: 59780FF0049DCD891C85CC0E1E069985
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 7CDE63B723F87D3B8562AC998CBC066A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 5E0113952A92186A53B933D406460BA2
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1596240701063&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F
Frame ID: 6343C1324EF6692BCE873DCAB39983F7
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 66A827C5B29AAD989DA5A69B835A3525
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1596240700927&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F
Frame ID: 8E5230051E81F46DEF3233F61D96873E
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Frame ID: 63772E249263C0EC0CCD17F7E6250D77
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 064F6B47DB3158400BBEABAAC707460D
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Frame ID: 45E76793EF88BE44D1ABDF88728C7876
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html?ccpa=1---
Frame ID: D7B182E07C55EB8045ED94750BCA39F5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 9B54BE4888AD51B64CBF156C38C838E0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

213
Requests

93 %
HTTPS

38 %
IPv6

45
Domains

68
Subdomains

56
IPs

7
Countries

2766 kB
Transfer

7719 kB
Size

21
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Request Chain 23
  • https://cd.connatix.com/connatix.playspace.js HTTP 302
  • https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Request Chain 107
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1596240698677&ns_c=UTF-8&cv=3.5&c8=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1596240698677&ns_c=UTF-8&cv=3.5&c8=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&c9=&cs_ak_ss=1
Request Chain 176
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 205
  • https://eb2.3lift.com/sync?us_privacy=1---& HTTP 302
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1

213 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/ 		73 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8a9585923b5ef5ed21453f5f4196884138aa668cf2359ecb2704496245be71a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.bleepingcomputer.com
:scheme
https
:path
/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sat, 01 Aug 2020 00:11:36 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=de838680a5cc8295b69e24c929b5888041596240696; expires=Mon, 31-Aug-20 00:11:36 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; SameSite=Lax; Secure session_id=68daf3cec4991d84c07cca6703f7c2b7; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=8856; expires=Mon, 31-Aug-2020 00:11:36 GMT; Max-Age=2592000; path=/;Secure
content-security-policy
upgrade-insecure-requests;
x-frame-options
SAMEORIGIN
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
0
last-modified
Wed, 29 Jul 2020 23:52:30 GMT
vary
Accept-Encoding,User-Agent
cf-cache-status
DYNAMIC
cf-request-id
0448f52c620000fa70e3233200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5bbb57c09a44fa70-AMS
content-encoding
br
css
fonts.googleapis.com/ 		15 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2dda7ea92135dcf21660d4d79391d303fc38f6a6524ae74bbe2986f1d2e990d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 01 Aug 2020 00:11:29 GMT
server
ESF
date
Sat, 01 Aug 2020 00:11:37 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 01 Aug 2020 00:11:37 GMT
bootstrap.css
www.bleepstatic.com/css/redesign/ 		111 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
4701
cf-polished
origSize=137522
status
200
cf-request-id
0448f52f2d0000bdd2e89f7200000001
last-modified
Fri, 23 Sep 2016 14:33:06 GMT
server
cloudflare
etag
W/"2184297232"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Tue, 30 Jun 2020 02:57:52 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c51da8bdd2-AMS
cf-bgj
minify
main.css
www.bleepstatic.com/css/redesign/ 		52 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/main.css?v=5.19.20.1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ceba3cc609ad8cc0e38c894672d63a3471cb5bba40bacd1d6e5fd9dbf7f0472

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
1132537
cf-polished
origSize=62303
status
200
cf-request-id
0448f52f2e0000bdd2e89f9200000001
last-modified
Tue, 19 May 2020 21:26:04 GMT
server
cloudflare
etag
W/"2769485951"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Fri, 26 Jun 2020 19:46:44 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c51daabdd2-AMS
cf-bgj
minify
home.css
www.bleepstatic.com/css/redesign/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/home.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
6357
cf-polished
origSize=14998
status
200
cf-request-id
0448f52f2e0000bdd2e89f8200000001
last-modified
Sat, 24 Mar 2018 16:18:00 GMT
server
cloudflare
etag
W/"2402535603"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Wed, 27 Mar 2019 21:45:08 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c51da9bdd2-AMS
cf-bgj
minify
news.css
www.bleepstatic.com/css/redesign/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/news.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d88c6a9ea4370abd8360a86f75308b72819b8e91f78e8d7a1455b3b4a74f8c1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
6214
cf-polished
origSize=32994
status
200
cf-request-id
0448f52f2e0000bdd2e89fa200000001
last-modified
Thu, 28 May 2020 21:11:10 GMT
server
cloudflare
etag
W/"3498984215"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Thu, 02 Jul 2020 21:12:09 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c51dabbdd2-AMS
cf-bgj
minify
jquery-1.11.1.min.js
www.bleepstatic.com/js/redesign/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
3602
status
200
cf-request-id
0448f52f2e0000bdd2e89fb200000001
last-modified
Thu, 23 Apr 2015 12:36:44 GMT
server
cloudflare
etag
W/"3647451394"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
5bbb57c51dadbdd2-AMS
expires
Tue, 10 Dec 2019 08:09:38 GMT
news.js
www.bleepstatic.com/js/redesign/ 		183 B
263 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/news.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
5900
cf-polished
origSize=247
status
200
cf-request-id
0448f52fcf0000bdd2e8a00200000001
last-modified
Wed, 16 Dec 2015 15:41:46 GMT
server
cloudflare
etag
W/"4218930423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
expires
Thu, 23 Apr 2020 05:25:20 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c61decbdd2-AMS
cf-bgj
minify
widgets.js
platform.twitter.com/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41A1) /
Resource Hash
6adaf62612623c674af2f597baf83ffa56f157a9ab69346be7c11a9569fdebbc

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 00:11:37 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Jul 2020 22:04:50 GMT
Server
ECS (fcn/41A1)
Age
524
Etag
"1dc37899f984d453c1d3d8179829f041+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
28825
js
www.googletagmanager.com/gtag/ 		85 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
67c6273ceb299667a34445adee98d58eec414eee14bc30e03a088e920a7f6d6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34092
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:11:37 GMT
logo.png
www.bleepstatic.com/images/site/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/logo.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
185650
cf-polished
origFmt=png, origSize=1882
status
200
content-disposition
inline; filename="logo.webp"
content-length
1152
cf-request-id
0448f52fcf0000bdd2e8a01200000001
last-modified
Sat, 04 Mar 2017 04:12:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 20:37:27 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c61dedbdd2-AMS
cf-bgj
imgq:85,h2pri
brand
cse.google.com/coop/cse/
Redirect Chain
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
pfe /
Resource Hash
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:05:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
pfe
age
383
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1181
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:35:14 GMT

Redirect headers

date
Sat, 01 Aug 2020 00:11:37 GMT
x-content-type-options
nosniff
server
sffe
status
302
content-type
text/html; charset=UTF-8
location
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
cache-control
private
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
266
x-xss-protection
0
Emotet1.jpg
www.bleepstatic.com/content/hl-images/2020/07/28/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2020/07/28/Emotet1.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02303adac8c1a472c979c0778cf14b9026f06ca2ec7e656c9e90c04ad3dfb31c

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
276581
cf-polished
qual=85, origFmt=jpeg, origSize=80233
status
200
content-disposition
inline; filename="Emotet1.webp"
content-length
41480
cf-request-id
0448f52fcf0000bdd2e8a02200000001
last-modified
Tue, 28 Jul 2020 18:52:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 27 Aug 2020 19:21:56 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c61deebdd2-AMS
cf-bgj
imgq:85,h2pri
Emotet%20phishing%20email%20using%20stolen%20attachments.png
www.bleepstatic.com/images/news/u/1109292/2020/ 		154 KB
155 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/news/u/1109292/2020/Emotet%20phishing%20email%20using%20stolen%20attachments.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ceeee8de71dda5a971db714219c3aa71f470d8ebb9031ad79b69ad8929d1163

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
274102
cf-polished
origFmt=png, origSize=289983
status
200
content-disposition
inline; filename="Emotet%20phishing%20email%20using%20stolen%20attachments.webp"
content-length
157854
cf-request-id
0448f52fd00000bdd2e8a03200000001
last-modified
Tue, 28 Jul 2020 20:01:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 27 Aug 2020 20:03:15 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c61defbdd2-AMS
cf-bgj
imgq:85,h2pri
stealer-module.jpg
www.bleepstatic.com/images/news/u/1109292/2020/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/news/u/1109292/2020/stealer-module.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1037cfec2a7fff8b6e0ba16fdba6da80d91b6fb3a00a2806c18b96f11a82569f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
276572
cf-polished
qual=85, origFmt=jpeg, origSize=150633
status
200
content-disposition
inline; filename="stealer-module.webp"
content-length
42076
cf-request-id
0448f52fd20000bdd2e8a04200000001
last-modified
Tue, 28 Jul 2020 19:10:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 27 Aug 2020 19:22:05 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c61df1bdd2-AMS
cf-bgj
imgq:85,h2pri
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		119 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0a8c12761327cd6864d140a4db0fe1e8965d71f26626015f8c8a427c69d03eb8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
43133
x-xss-protection
0
server
cafe
etag
2170127736980713183
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 01 Aug 2020 00:11:37 GMT
qualys-logo.png
www.bleepstatic.com/images/logos/companies/qualys/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/logos/companies/qualys/qualys-logo.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e9322d90411989f7e09ef5ad4a3465d6cb97c77741d1030b254cd50d7c7ffe5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
191776
cf-polished
origFmt=png, origSize=28795
status
200
content-disposition
inline; filename="qualys-logo.webp"
content-length
10050
cf-request-id
0448f52fd20000bdd2e8a05200000001
last-modified
Tue, 19 May 2020 21:36:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 18:55:20 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c61df2bdd2-AMS
cf-bgj
imgq:85,h2pri
twitter.png
www.bleepstatic.com/images/site/login/ 		282 B
562 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login/twitter.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
186706
cf-polished
origFmt=png, origSize=475
status
200
content-disposition
inline; filename="twitter.webp"
content-length
282
cf-request-id
0448f52fd20000bdd2e8a06200000001
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 20:19:51 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c61df3bdd2-AMS
cf-bgj
imgq:85,h2pri
bootstrap.js
www.bleepstatic.com/js/redesign/ 		44 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
4583
cf-polished
origSize=65813
status
200
cf-request-id
0448f52fd20000bdd2e8a07200000001
last-modified
Thu, 23 Apr 2015 12:36:43 GMT
server
cloudflare
etag
W/"3930092018"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
expires
Tue, 10 Dec 2019 08:11:55 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c61df4bdd2-AMS
cf-bgj
minify
blazy.min.js
www.bleepstatic.com/js/blazy/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
3350
status
200
cf-request-id
0448f52f990000bdd2e89fd200000001
last-modified
Thu, 16 Aug 2018 21:06:19 GMT
server
cloudflare
etag
W/"753357888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
5bbb57c5cdd4bdd2-AMS
expires
Wed, 29 Apr 2020 07:26:28 GMT
bleep.js
www.bleepstatic.com/js/redesign/ 		3 KB
836 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bleep.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
3602
cf-polished
origSize=3600
status
200
cf-request-id
0448f52fd20000bdd2e8a08200000001
last-modified
Mon, 01 Oct 2018 12:47:57 GMT
server
cloudflare
etag
W/"2696894447"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
expires
Wed, 22 Apr 2020 23:15:56 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c61df5bdd2-AMS
cf-bgj
minify
jquery.fancybox.js
www.bleepstatic.com/js/redesign/fancybox/ 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
5899
cf-polished
origSize=48706
status
200
cf-request-id
0448f52fd20000bdd2e8a09200000001
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"327140449"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
expires
Wed, 29 Apr 2020 08:11:43 GMT
cache-control
max-age=3024000
cf-ray
5bbb57c61df6bdd2-AMS
cf-bgj
minify
fixto.min.js
www.bleepstatic.com/js/fixto/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
5707
status
200
cf-request-id
0448f52fb10000bdd2e89fe200000001
last-modified
Sat, 13 Jun 2015 21:34:42 GMT
server
cloudflare
etag
W/"1740214911"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
5bbb57c5ede3bdd2-AMS
expires
Wed, 11 Dec 2019 05:46:52 GMT
addthis_widget.js
s9.addthis.com/js/300/ 		353 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s9.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
"5ed917ff-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Sat, 01 Aug 2020 00:11:37 GMT
x-host
s9.addthis.com
content-length
116324
connatix.playspace.dc.js
cds.connatix.com/p/40500/ Frame 7423
Redirect Chain
  • https://cd.connatix.com/connatix.playspace.js
  • https://cds.connatix.com/p/40500/connatix.playspace.dc.js
887 KB
216 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
434111f92941de50b73bd5d19dbc694b09492bcfe329fed0f5e3304d02b14587

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
age
50131
x-cache
HIT, HIT
status
200
content-length
221335
x-served-by
cache-dca17755-DCA, cache-hhn4061-HHN
access-control-allow-origin
*
last-modified
Fri, 31 Jul 2020 09:46:16 GMT
x-timer
S1596240698.539725,VS0,VE0
etag
"d06074061e0ec1c434f6dc0fe7ad2604"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 2007

Redirect headers

date
Sat, 01 Aug 2020 00:11:37 GMT
via
1.1 varnish
server
Varnish
age
0
x-served-by
cache-hhn4061-HHN
status
302
x-cache
HIT
location
https://cds.connatix.com/p/40500/connatix.playspace.dc.js
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
x-timer
S1596240697.386620,VS0,VE0
content-length
0
retry-after
0
x-cache-hits
0
pubfig.min.js
a.pub.network/bleepingcomputer-com/ 		314 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:443c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6bce7f1a16858ca7715b6681d16152caf6f3316025ed2a26f6a9a75dfae38c0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
x-guploader-uploadid
AAANsUmrVmsECJqMC5PwSsIwLWLEibf9GZf-CB6BstBqhVNbr3DoIACUlz0MTgfaWcL2Qwpae3cxGYPaGpjh8NeiszE
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
0448f52fcf00001f4d62001200000001
last-modified
Fri, 31 Jul 2020 19:11:48 GMT
server
cloudflare
etag
W/"0ea6ac62c66a29631576943ad82779de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=wI7f6g==, md5=DqasYsZqKWMVdpQ62Cd53g==
x-goog-generation
1596222708903450
cache-control
public, max-age=1800
x-goog-stored-content-length
322003
cf-ray
5bbb57c61b9f1f4d-FRA
expires
Fri, 31 Jul 2020 19:17:14 GMT
fab.js
ecdn.analysis.fi/static/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecdn.analysis.fi/static/js/fab.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.71.236.31 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
nb-212-71-236-31.london.nodebalancer.linode.com
Software
nginx/1.12.2 /
Resource Hash
affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 00:30:28 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Jul 2015 00:00:00 GMT
Server
nginx/1.12.2
ETag
"55a5a280-560"
Content-Type
application/javascript
Cache-Control
max-age=3600
Connection
close
Content-Length
1376
Expires
Sat, 01 Aug 2020 01:30:28 GMT
fi_client.js
ecdn.firstimpression.io/ 		618 KB
185 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecdn.firstimpression.io/fi_client.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.3.92.12 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
nb-185-3-92-12.london.nodebalancer.linode.com
Software
nginx/1.12.2 / PHP/7.3.11
Resource Hash
02972eb04adc926a442bafcf7080d1fe3262ad80cd6e02451e40b8678a776e5d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 00:10:19 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Thu, 01 Jan 2015 00:00:00 GMT
Server
nginx/1.12.2
X-Powered-By
PHP/7.3.11
ETag
4010e74a8e0c35e9d38a962efc23b604
Transfer-Encoding
chunked
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/javascript;charset=UTF-8
Cache-Control
max-age=3600
Access-Control-Allow-Credentials
true
Connection
close
X-XSS-Protection
0
Expires
Sat, 01 Aug 2020 01:10:19 GMT
v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
dapperdiscussion.com/ 		221 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.64.11 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
34a53443cad9286607cfa14ff981007f8e0c20953525e45144337d3be8a7de64
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
x-datacenter
gce-europe-west1
etag
"c701951c9d8f0bbbeacc930f7576105d0e0a806796ceb65d48ab23767701a7b8"
vary
Accept-Encoding, Accept-Language
x-hostname
hank
content-type
text/javascript; charset=utf-8
status
200
cache-control
private, must-revalidate, max-age=21600
date
Sat, 01 Aug 2020 00:11:37 GMT
timing-allow-origin
*
v2vkrpzjNyY_WxSqEzbeRN2M4LHJh_MULKWmhTVq243XzNKhLyQ9cKaL1JJlAW9qKVz_EbheXcUz91lDtbg
dapperdiscussion.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dapperdiscussion.com/v2vkrpzjNyY_WxSqEzbeRN2M4LHJh_MULKWmhTVq243XzNKhLyQ9cKaL1JJlAW9qKVz_EbheXcUz91lDtbg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.64.11 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
12e342927984fd4e5a7553f7f5b0cbbba31294b39d467af2e0993087b58ba909
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
gzip
x-datacenter
gce-europe-west1
etag
"3a30b607cd582ecbb773fb0cf172055d837aa9b821f7b84c20a2a69376e8de7b"
vary
Accept-Encoding, Accept-Language
x-hostname
hank
content-type
text/javascript; charset=utf-8
status
200
cache-control
private, must-revalidate, max-age=21600
date
Sat, 01 Aug 2020 00:11:37 GMT
timing-allow-origin
*
login_bg.png
www.bleepstatic.com/images/site/ 		126 B
592 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login_bg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=5.19.20.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
186058
cf-polished
origFmt=png, origSize=187
status
200
content-disposition
inline; filename="login_bg.webp"
content-length
126
cf-request-id
0448f52fd20000bdd2e8a0a200000001
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 20:30:39 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c61df7bdd2-AMS
cf-bgj
imgq:85,h2pri
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com

Response headers

date
Wed, 29 Jul 2020 23:10:45 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
176452
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Thu, 29 Jul 2021 23:10:45 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com

Response headers

date
Wed, 29 Jul 2020 22:18:12 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
179605
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11020
x-xss-protection
0
expires
Thu, 29 Jul 2021 22:18:12 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
nav_bg.png
www.bleepstatic.com/images/site/ 		72 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/nav_bg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=5.19.20.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
189758
cf-polished
origFmt=png, origSize=83
status
200
content-disposition
inline; filename="nav_bg.webp"
content-length
72
cf-request-id
0448f52ff50000bdd2e8a0b200000001
last-modified
Sat, 04 Mar 2017 07:57:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 19:28:59 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c65e06bdd2-AMS
cf-bgj
imgq:85,h2pri
20x20-printer.png
www.bleepstatic.com/images/site/ 		422 B
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=5.19.20.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
1212126
cf-polished
origFmt=png, origSize=824
status
200
content-disposition
inline; filename="20x20-printer.webp"
content-length
422
cf-request-id
0448f530010000bdd2e8a0c200000001
last-modified
Sat, 03 Oct 2015 03:18:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Sun, 16 Aug 2020 23:29:30 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e18bdd2-AMS
cf-bgj
imgq:85,h2pri
calendar.png
www.bleepstatic.com/images/site/ 		86 B
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/calendar.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
788352
cf-polished
origFmt=png, origSize=129
status
200
content-disposition
inline; filename="calendar.webp"
content-length
86
cf-request-id
0448f530010000bdd2e8a0d200000001
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 21 Aug 2020 21:12:25 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e1bbdd2-AMS
cf-bgj
imgq:85,h2pri
clock.png
www.bleepstatic.com/images/site/ 		252 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/clock.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
189839
cf-polished
origFmt=png, origSize=1316
status
200
content-disposition
inline; filename="clock.webp"
content-length
252
cf-request-id
0448f530010000bdd2e8a0e200000001
last-modified
Fri, 29 May 2015 07:08:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 19:27:38 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e1cbdd2-AMS
cf-bgj
imgq:85,h2pri
comment-light.png
www.bleepstatic.com/images/site/ 		96 B
321 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/comment-light.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
187566
cf-polished
origFmt=png, origSize=1034
status
200
content-disposition
inline; filename="comment-light.webp"
content-length
96
cf-request-id
0448f530020000bdd2e8a0f200000001
last-modified
Fri, 29 May 2015 07:08:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 20:05:30 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e1ebdd2-AMS
cf-bgj
imgq:85,h2pri
32x32-printer.png
www.bleepstatic.com/images/site/ 		256 B
563 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=5.19.20.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
191075
cf-polished
origFmt=png, origSize=618
status
200
content-disposition
inline; filename="32x32-printer.webp"
content-length
256
cf-request-id
0448f530020000bdd2e8a10200000001
last-modified
Fri, 02 Oct 2015 21:57:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 19:07:01 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e20bdd2-AMS
cf-bgj
imgq:85,h2pri
71f54ec34151fbdfe89e478d7b6e5ddf.jpg
www.bleepstatic.com/author/photos/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/author/photos/71f54ec34151fbdfe89e478d7b6e5ddf.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a6bfabe65ca353e4359be32e10d40b8b514590b536dd93499bc1067e4bf6329

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
935
cf-polished
origSize=6170, status=webp_bigger
status
200
content-length
4965
cf-request-id
0448f530020000bdd2e8a11200000001
last-modified
Wed, 02 Jan 2019 02:04:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Sat, 18 Apr 2020 08:24:56 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e21bdd2-AMS
cf-bgj
imgq:85
before-bg.png
www.bleepstatic.com/images/site/ 		116 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/before-bg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee9b2fe75e3a5637b840957e2f9aefedb394224a1846a731ad7ead76abf91d58

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
190931
cf-polished
origFmt=png, origSize=1026
status
200
content-disposition
inline; filename="before-bg.webp"
content-length
116
cf-request-id
0448f530030000bdd2e8a12200000001
last-modified
Fri, 29 May 2015 07:08:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 19:09:26 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e22bdd2-AMS
cf-bgj
imgq:85,h2pri
news-icon-01.png
www.bleepstatic.com/images/site/ 		240 B
431 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news-icon-01.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1af15b17fd7099b2d3a81a8b3aeffd94b26d2c1a58489c3903e11ec5a4896d3

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
180900
cf-polished
origFmt=png, origSize=1204
status
200
content-disposition
inline; filename="news-icon-01.webp"
content-length
240
cf-request-id
0448f530040000bdd2e8a13200000001
last-modified
Fri, 29 May 2015 07:09:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 21:56:36 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e23bdd2-AMS
cf-bgj
imgq:85,h2pri
link-icon.png
www.bleepstatic.com/images/site/comments/ 		494 B
656 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/comments/link-icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef3d32ea9a9fa05f8170d164890b55e15ce39157bb9ae7e96b047c1996d22a8b

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
788352
cf-polished
origFmt=png, origSize=787
status
200
content-disposition
inline; filename="link-icon.webp"
content-length
494
cf-request-id
0448f530040000bdd2e8a14200000001
last-modified
Fri, 25 Sep 2015 17:29:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 21 Aug 2020 21:12:25 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c66e24bdd2-AMS
cf-bgj
imgq:85,h2pri
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com

Response headers

date
Fri, 24 Jul 2020 13:57:42 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
641635
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11180
x-xss-protection
0
expires
Sat, 24 Jul 2021 13:57:42 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 09 Jul 2020 02:32:55 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
1978722
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11056
x-xss-protection
0
expires
Fri, 09 Jul 2021 02:32:55 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200729/r20190131/ 		223 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200729/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3d42fc1c349e1ff511ae471d2fce211a3787212180217093d826e2f30006a10d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
85405
x-xss-protection
0
server
cafe
etag
4188947787779617085
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 01 Aug 2020 00:11:37 GMT
h4-bg.png
www.bleepstatic.com/images/site/ 		38 B
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/h4-bg.png
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=5.19.20.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
186705
cf-polished
origFmt=png, origSize=72
status
200
content-disposition
inline; filename="h4-bg.webp"
content-length
38
cf-request-id
0448f530a20000bdd2e8a15200000001
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 20:19:52 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c76e6fbdd2-AMS
cf-bgj
imgq:85,h2pri
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200729/r20190131/ Frame D312 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200729/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200729/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 29 Jul 2020 21:56:39 GMT
expires
Wed, 12 Aug 2020 21:56:39 GMT
content-type
text/html; charset=UTF-8
etag
1809543571055990350
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4277
x-xss-protection
0
cache-control
public, max-age=1209600
age
180898
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
5876
date
Fri, 31 Jul 2020 22:33:41 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Sat, 01 Aug 2020 00:33:41 GMT
news_email_icon.png
www.bleepstatic.com/images/site/ 		126 B
597 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer
https://www.bleepstatic.com/css/redesign/home.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
187261
cf-polished
origFmt=png, origSize=1105
status
200
content-disposition
inline; filename="news_email_icon.webp"
content-length
126
cf-request-id
0448f530d00000bdd2e8a17200000001
last-modified
Fri, 29 May 2015 07:10:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 20:10:36 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c7be7ebdd2-AMS
cf-bgj
imgq:85,h2pri
news_footer_icon.png
www.bleepstatic.com/images/site/ 		110 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=5.19.20.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
181003
cf-polished
origFmt=png, origSize=186
status
200
content-disposition
inline; filename="news_footer_icon.webp"
content-length
110
cf-request-id
0448f530d00000bdd2e8a18200000001
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 28 Aug 2020 21:54:53 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c7be7fbdd2-AMS
cf-bgj
imgq:85,h2pri
cookie
d.pub.network/ 		36 B
472 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/cookie
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
a2d31b6e13761a6af96144fdfd33e9a498dee4f55f5dc298f3d8f190581cf681

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:38 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
gpt.js
www.googletagservices.com/tag/js/ 		48 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
95ee22ac071f1d8e36817b8c0ac32ea740c181c36d025a616203c3c3e4d1eb33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"588 / 244 of 1000 / last-modified: 1596233920"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
16638
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:11:37 GMT
gallery.js
freestar-io.videoplayerhub.com/ 		112 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freestar-io.videoplayerhub.com/gallery.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
975c84cb120f3e7e284dd6d5a2ce86a88c2c1bb5ca24415d58488d33ebaac033

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
via
1.1 363cad48d8e3402b6707734c1873c9d6.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6878
x-cache
Hit from cloudfront
status
200
content-encoding
br
content-type
application/javascript
cf-request-id
0448f5312e0000c2f97a829200000001
last-modified
Tue, 28 Jul 2020 20:14:29 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
vKf1gYudJRKtNzd61qn6VGAuYxXBUW0C
cache-control
max-age=86400
x-amz-cf-pop
ATL51-C1
cf-ray
5bbb57c84a6ec2f9-FRA
x-amz-cf-id
-NpnZ0spyIjHk7_UqPt31v5Iagij8xR52vY9Y3Po1V-5W4IgIOZRTQ==
prebid-analytics-3.22.0.js
a.pub.network/core/ 		405 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/prebid-analytics-3.22.0.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:443c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88b51739707b00a84e01765241550afc02caafa77177348c8c8e40405e0bb366

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
x-guploader-uploadid
AAANsUmwr-qoPdNQQCgfHw4bnYTe5S-xpHSSnoWd-HDJq5SQ1ECF4fk4lG-ePIBz13d-g0vMpjWs_0ainV_BnaHvsXc
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
4
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
0448f5314100001f4d6200c200000001
last-modified
Thu, 25 Jun 2020 19:05:23 GMT
server
cloudflare
etag
W/"f053eae5608f1e1fb57531b9a7f84448"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=lLoJ9w==, md5=8FPq5WCPHh+1dTG5p/hESA==
x-goog-generation
1593111923764694
cache-control
private, max-age=86400
x-goog-stored-content-length
414713
cf-ray
5bbb57c86f061f4d-FRA
expires
Sat, 31 Jul 2021 19:15:52 GMT
location
d.pub.network/ 		49 B
496 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/location
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ef52c6d7ef921438fa252b40c6c11a8cd1a661cc96f4c7c84f6037801aa9eebd

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:38 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html
platform.twitter.com/widgets/ Frame A3F8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html?origin=https%3A%2F%2Fwww.bleepingcomputer.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40E5) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
93829
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Sat, 01 Aug 2020 00:11:37 GMT
Etag
"9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified
Thu, 30 Jul 2020 21:53:52 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40E5)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5825
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 2E66 		0
0
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
D5503D14AA2F06AA
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=34943
accept-ranges
bytes
content-length
948
x-amz-id-2
JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 		2 KB
855 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
etag
-1659864586--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=47, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
678
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 25E7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 09 Sep 2019 15:34:57 GMT
etag
W/"5d767121-1115f"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
25412
date
Sat, 01 Aug 2020 00:11:37 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
292x176_trickbot-linux-header.jpg
www.bleepstatic.com/content/hl-images/2020/07/31/thumb/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2020/07/31/thumb/292x176_trickbot-linux-header.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1884da84cb77d5ec0b435fc4ea4dbd306f15b3248c5a9f2c9beea2bd2699bbfe

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
57667
cf-polished
origSize=11361, status=webp_bigger
status
200
content-length
10784
cf-request-id
0448f531f50000bdd2e8a23200000001
last-modified
Fri, 31 Jul 2020 04:56:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Sun, 30 Aug 2020 08:10:30 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c98eedbdd2-AMS
cf-bgj
imgq:85,h2pri
292x176_ccleaner-defender.jpg
www.bleepstatic.com/content/hl-images/2020/07/29/thumb/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2020/07/29/thumb/292x176_ccleaner-defender.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8170961c1532fa2d52bb9ed84c54ef5c28b80740c2769138a609cf86dd523095

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
cf-cache-status
HIT
age
102181
cf-polished
qual=85, origFmt=jpeg, origSize=6217
status
200
content-disposition
inline; filename="292x176_ccleaner-defender.webp"
content-length
3912
cf-request-id
0448f531f50000bdd2e8a24200000001
last-modified
Wed, 29 Jul 2020 18:01:59 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 29 Aug 2020 19:48:36 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5bbb57c98eefbdd2-AMS
cf-bgj
imgq:85,h2pri
favicon.ico
ad.doubleclick.net/ 		1 KB
470 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s22-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:31:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
70803
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Sat, 01 Aug 2020 04:31:34 GMT
collect
www.google-analytics.com/r/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j83&a=325435365&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&ul=en-us&de=UTF-8&dt=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1496210183&gjid=561754070&cid=605872533.1596240698&tid=UA-91740-1&_gid=1168879206.1596240698&_r=1&gtm=2ou7m1&z=1646244583
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:37 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
horizon_tweet.23850db1f381e00d7fe63ff5fc1a5a61.js
platform.twitter.com/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/horizon_tweet.23850db1f381e00d7fe63ff5fc1a5a61.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/418A) /
Resource Hash
7b9f890f6baf1dad6a28ae8d4bd8ea391a10fc2167ce3dd3b7f1197c897e2daa

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 00:11:37 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Jul 2020 21:53:39 GMT
Server
ECS (fcn/418A)
Age
93829
Etag
"5c0cf63375c56cdd7bb53755d42ba0f3+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
2195
portal.html
admiral.mgr.consensu.org/ Frame 85C2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://admiral.mgr.consensu.org/portal.html
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.76.239 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
admiral.mgr.consensu.org
:scheme
https
:path
/portal.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
server
nginx
date
Sat, 01 Aug 2020 00:11:38 GMT
content-type
text/html
last-modified
Thu, 16 Apr 2020 16:37:09 GMT
vary
Accept-Encoding
x-hostname
quest
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-security-policy
upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
content-encoding
gzip
via
1.1 google
alt-svc
clear
jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
5894
cf-polished
origSize=4895
status
200
cf-request-id
0448f532420000bdd2e8a25200000001
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"9108074"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Fri, 01 Nov 2019 06:12:37 GMT
cache-control
max-age=3024000
cf-ray
5bbb57ca0f06bdd2-AMS
cf-bgj
minify
font-awesome.css
www.bleepstatic.com/css/redesign/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
cf-cache-status
HIT
age
3392
cf-polished
origSize=26776
status
200
cf-request-id
0448f532420000bdd2e8a26200000001
last-modified
Tue, 03 May 2016 04:39:29 GMT
server
cloudflare
etag
W/"1700274315"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Fri, 12 Jun 2020 04:55:42 GMT
cache-control
max-age=3024000
cf-ray
5bbb57ca0f07bdd2-AMS
cf-bgj
minify
ads
googleads.g.doubleclick.net/pagead/ Frame 7DA4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1596066750&plat=1%3A32776%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&us_privacy=1---&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1596240697705&bpp=3&bdt=711&idt=193&shv=r20200729&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2565902735107&frm=20&pv=2&ga_vid=605872533.1596240698&ga_sid=1596240698&ga_hid=325435365&ga_fc=0&iag=0&icsg=149533591871488&dssz=48&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530587%2C21066624&oid=3&pvsid=4476189614669882&pem=936&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=214
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200729/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1596066750&plat=1%3A32776%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&us_privacy=1---&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1596240697705&bpp=3&bdt=711&idt=193&shv=r20200729&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2565902735107&frm=20&pv=2&ga_vid=605872533.1596240698&ga_sid=1596240698&ga_hid=325435365&ga_fc=0&iag=0&icsg=149533591871488&dssz=48&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530587%2C21066624&oid=3&pvsid=4476189614669882&pem=936&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=214
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 01 Aug 2020 00:11:37 GMT
server
cafe
content-length
34
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sat, 01-Aug-2020 00:26:37 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Sat, 01 Aug 2020 00:11:37 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		71 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200729/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a6a77d4af8485f801196e0abb887d745c1ebaf38df310027cf720ad7517e9b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1596194598985842"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27106
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:11:37 GMT
Bywktt
ad.doubleclick.net/ddm/adj/Amjc/ 		11 B
432 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/Amjc/Bywktt
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s22-in-f6.1e100.net
Software
cafe /
Resource Hash
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_2020072701.js
securepubads.g.doubleclick.net/gpt/ 		254 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
sffe /
Resource Hash
edf6ab3553d76573e5d5939c0c4a3ada737c98ee962379b25cbf23c96f17d732
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 27 Jul 2020 13:08:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
91625
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:11:38 GMT
org
mrb.upapi.net/ 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cbe764c713f70df139c5ccafc40a2c8ec1408258158ce78812554a631ed60a7

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
via
1.1 google
cf-cache-status
HIT
age
132
status
200
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0448f5328e00001f11b5ba5200000001
server
cloudflare
etag
W/"aae19330575e49893f2d7e94645e3623"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
cf-ray
5bbb57ca7f951f11-FRA
connatix.playspace.css
cds.connatix.com/p/40500/ 		97 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/40500/connatix.playspace.css
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
72018b2fb85742d3f3d5c47ba9cf426167c8a81647ec10c2297861735cd4c785

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
content-encoding
gzip
age
50132
x-cache
HIT, HIT
status
200
content-length
14283
x-served-by
cache-dca17720-DCA, cache-hhn4061-HHN
access-control-allow-origin
*
last-modified
Fri, 31 Jul 2020 09:46:16 GMT
x-timer
S1596240698.038481,VS0,VE0
etag
"ceafd8c478a5301ee6555166adb267df"
vary
Accept-Encoding
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 1932
container.html
tpc.googlesyndication.com/safeframe/1-0-23/html/ Frame D4AD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-23/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
1479
date
Thu, 23 Jul 2020 14:55:25 GMT
expires
Fri, 23 Jul 2021 14:55:25 GMT
last-modified
Tue, 10 Apr 2018 14:51:09 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
724573
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin
https://www.bleepingcomputer.com

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 09:36:00 GMT
server
cloudflare
age
2988
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
status
200
accept-ranges
bytes
cf-ray
5bbb57cc1db1d921-AMS
access-control-allow-origin
*
content-length
65452
cf-request-id
0448f5338f0000d9212fad5200000001
layers.33f5b85045a5f2308467.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.33f5b85045a5f2308467.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
W/"5ed917ff-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Sat, 01 Aug 2020 00:11:38 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77540
spc_fi.php
cdn.firstimpression.io/delivery/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.firstimpression.io/delivery/spc_fi.php?id=5971&url=%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&charset=UTF-8&wrapto=firstSpcFetch&ch=2&ref=www.bleepingcomputer.com&referer=&_firid=43580163&fiodpe=
Requested by
Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.13.97 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.1 / PHP/7.3.11
Resource Hash
db49b9f2ee839cc6c860d7c4794caec98b08c1b1b85bf609503fee7e1963f4a0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:38 GMT
content-encoding
gzip
server
nginx/1.16.1
x-powered-by
PHP/7.3.11
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript; charset=UTF-8
expires
0
code
mrb.upapi.net/ 		703 KB
223 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrb.upapi.net/code?w=5733492711227392&upapi=true
Requested by
Host: mrb.upapi.net
URL: https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7d78953de3bccc1406d9213473fa2c5d1354bb56265b762024b1eaf5d6a720b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
via
1.1 google
cf-cache-status
HIT
age
3598
status
200
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0448f5338d00001f11b5bb2200000001
server
cloudflare
etag
W/"9e17d58ef1556d6703f86e32d9007415"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
cf-ray
5bbb57cc19d01f11-FRA
story
capi.connatix.com/core/ Frame 7423 		725 B
877 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/story?v=40500
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.16.202.217 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
c350272c9e40547374eb75c935c649d92d8fe6b8f65fe17de63dfbe909991553

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Sat, 01 Aug 2020 00:11:38 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
transfer-encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
true
pubvendors.json
www.bleepingcomputer.com/.well-known/ 		0
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.bleepingcomputer.com/.well-known/pubvendors.json
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
cf-cache-status
DYNAMIC
last-modified
Fri, 15 May 2020 16:27:29 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"0-5a5b24a1cd4b5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent
content-type
application/json
status
200
content-security-policy
upgrade-insecure-requests;
accept-ranges
none
cf-ray
5bbb57cc8cabfa70-AMS
content-length
0
cf-request-id
0448f533d80000fa70e3278200000001
vendorlist.json
vendorlist.consensu.org/ 		99 KB
18 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://vendorlist.consensu.org/vendorlist.json
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:9a00:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
62b07f5b473f87a3ebe9738f063584774f835dcf8b0c423cab5f8515c93553f5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 30 Jul 2020 16:16:05 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
114934
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 30 Jul 2020 16:00:38 GMT
server
AmazonS3
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
reOIFJV51MP7DSnJY4Drcaf.WGBefbQC
via
1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
cache-control
max-age=604800
x-amz-cf-pop
FRA6-C1
content-type
application/json; charset=utf-8
x-amz-cf-id
LnCCVBYiRj4LBA40CBj8Dyl0UnwCF0hvYgqoZGRZfJnSU4Hq2kO7iQ==
index.html
platform.twitter.com/embed/ Frame 6D90 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/index.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1288170397150711808&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&siteScreenName=BleepinComputer&theme=light&widgetsVersion=223fc1c4%3A1596143124634&width=550px
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40FC) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
831
Cache-Control
public, max-age=1800
Content-Type
text/html; charset=utf-8
Date
Sat, 01 Aug 2020 00:11:38 GMT
Etag
"19e440132630a04d3dbfebbf011643a9"
Last-Modified
Wed, 29 Jul 2020 21:35:52 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40FC)
X-Cache
HIT
Content-Length
577
index.html
platform.twitter.com/embed/ Frame 2E60 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/index.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-1&frame=false&hideCard=false&hideThread=false&id=1287640814852677632&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&siteScreenName=BleepinComputer&theme=light&widgetsVersion=223fc1c4%3A1596143124634&width=550px
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40FC) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
831
Cache-Control
public, max-age=1800
Content-Type
text/html; charset=utf-8
Date
Sat, 01 Aug 2020 00:11:38 GMT
Etag
"19e440132630a04d3dbfebbf011643a9"
Last-Modified
Wed, 29 Jul 2020 21:35:52 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40FC)
X-Cache
HIT
Content-Length
577
apstag.js
c.amazon-adsystem.com/aax2/ 		102 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-0-120.fra6.r.cloudfront.net
Software
Server /
Resource Hash
7301462cb27dcb0cf467822211f6cdd478be091ed9d776b29f426ce78c4a414f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:09:35 GMT
content-encoding
gzip
server
Server
age
122
etag
b586b236f6b3db3c4ca9410451195336
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=900
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
AxmGv7uvVB5o7KXJAV2zPlZKW9k0yLmJlB11HWMT5c5pknxhsyGhsg==
via
1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
v2
d.pub.network/floors/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/floors/v2?key=535desktop
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
97ab7cb13314ed5e7b121741f1e35a62070e191055aaac8269dfe1f98f81a60e

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:38 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		720 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
187f239be41d541c6f3d1281845ea641c9a813b679aeb9853da05870c2c8730d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
quant.js
secure.quantserve.com/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8130c2c72afad9d94581ef93aaa00524093103c47c71fce52f606d5ff693c3ce
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
content-encoding
gzip
last-modified
Sat, 01-Aug-2020 00:11:38 GMT
etag
M0-2a172724
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
private, no-transform, max-age=604800
strict-transport-security
max-age=86400
content-length
8060
expires
Sat, 08 Aug 2020 00:11:38 GMT
bxl.js
hbx.media.net/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.bleepingcomputer.com&version=&https=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3e87b877eef97361e7a7a9a951798f0b609156cb148e2e0a2d761d6ac72a7022
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Sat, 01 Aug 2020 00:11:38 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=86400
content-length
8896
x-mnet-hl2
E
expires
Sun, 02 Aug 2020 00:11:38 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 00:11:38 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
884
Expires
Sun, 02 Aug 2020 00:11:38 GMT
load.js
s.ntv.io/serve/ 		327 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ntv.io/serve/load.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.163 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-163.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
64174c77b5a80870cf978e69f024e86c45f235a3f59c7041010074031b9fe2fb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 00:11:38 GMT
Content-Encoding
gzip
x-amz-request-id
B63996ABC76C38B7
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
x-amz-id-2
D2IDsa9Cf//vX76/gCPoLxMoj4dJ1NmIf+3PWeHf9g+le2Z0kukBig5TvWOooqBJEbfCWBazI4E=
Last-Modified
Thu, 30 Jul 2020 00:22:46 GMT
Server
AmazonS3
ETag
"089c54e1b3f2bf79c74b9194c7697ea2"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
48.008759e9efe1c1b693dd.js
s7.addthis.com/static/ 		281 B
486 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/48.008759e9efe1c1b693dd.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-119"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Sat, 01 Aug 2020 00:11:38 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
246
/
graph.facebook.com/ 		317 B
651 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_104n0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cd0139c28e426e4878e7a178d3536d1e795fb690dd537ff3b32a5ef20d6c10b2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
etag
"2cdea5d277adac28bd44fa5e61ce20a0812fa3ab"
status
200
x-fb-rev
1002451038
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
214
pragma
no-cache
x-fb-debug
T1Vy/qQ6rYAVCX/uckx1R+4sGd4LE/pjy4tAiC0r8R7A0xnCme8OKj22wzE60HEQA4jEVFtM2qOHeP/rWBW2fw==
x-fb-trace-id
CP+wIx57zZI
date
Sat, 01 Aug 2020 00:11:38 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AO6izL0HCnIXJVflaSWzk0d
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v3.1
expires
Sat, 01 Jan 2000 00:00:00 GMT
info.json
www.reddit.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&jsonp=_ate.cbs.rcb_2v6k0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.53.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
2344d19fa95a82ce668ff2a39e633dc1b0ce1899122a00ba1673026a8d7f67f0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
*
status
200
vary
accept-encoding
content-length
1761
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-moose
majestic
server
snooserv
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
application/javascript; charset=UTF-8
via
1.1 varnish
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
accept-ranges
bytes
expires
-1
/
graph.facebook.com/ 		155 B
338 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_i8wg0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7ab63179543fa3119ce2d1c8c1438a906e9ef9574e2ef0eab139439548e8a594
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
etag
"5710810c1d97d4c49d81bb868376c93d382e5881"
status
200
x-fb-rev
1002451038
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
155
pragma
no-cache
x-fb-debug
I5ECbaCQg/RB7/IcUL5sg1zMtRzBq//mIs3yzODUE7p4UaFJuNdesyh9Rw2n2rioLXrj+VzqYYqEiDxo2QLOzQ==
x-fb-trace-id
HGoiXuVSi2u
date
Sat, 01 Aug 2020 00:11:38 GMT
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
Ap227au5G1x7Zno5FiqBP3a
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v3.1
expires
Sat, 01 Jan 2000 00:00:00 GMT
info.json
www.reddit.com/api/ 		126 B
254 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&jsonp=_ate.cbs.rcb_6zq30
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.53.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
e3600960379c037a3f45c4b6cef63799b1a1c31d5f9826d5895182435b53935e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
via
1.1 varnish
x-content-type-options
nosniff
status
200
content-length
126
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-moose
majestic
server
snooserv
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
accept-ranges
bytes
expires
-1
favicon.ico
ad.doubleclick.net/ 		1 KB
167 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s22-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:31:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
70804
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Sat, 01 Aug 2020 04:31:34 GMT
px.gif
ad-delivery.net/ 		43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.3055544705505997
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
via
1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
2897
x-cache
Hit from cloudfront
status
200
content-type
image/gif
content-length
43
cf-request-id
0448f534c50000dfe77e064200000001
last-modified
Thu, 27 Jul 2017 18:59:05 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=86400
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
cf-ray
5bbb57ce0b97dfe7-FRA
x-amz-cf-id
83F5Uk2xfpYVdOHlTnZZL8Zam4oKODXSWmECvIjJHlsxNSnAteHcTg==
rules-p-UeXruRVtZz7w6.js
rules.quantcount.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:9000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 23:19:20 GMT
content-encoding
gzip
last-modified
Thu, 07 Dec 2017 17:06:25 GMT
server
AmazonS3
age
3139
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=3600
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
sQvns-6NpqnNoYRN7eQ4KREB0BL-04ImEGcd6VunXmJPp2tAR0akdg==
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-0-120.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 03:32:32 GMT
content-encoding
gzip
vary
Origin
age
74347
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Tue, 23 Jun 2020 10:10:39 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
SFMuKMVtpmMThffwZRcGr0r95bMvNKti257Xzm1KiF0tBBU9H7phPg==
pv
backend.upapi.net/ 		0
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://backend.upapi.net/pv?pid=C0BjMjG4n&br=chrome&sid=LB5szaTxel&w=5733492711227392&cv=824ca643-v2&r=false&upapi=true
Requested by
Host: mrb.upapi.net
URL: https://mrb.upapi.net/code?w=5733492711227392&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sat, 01 Aug 2020 00:11:38 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
https://www.bleepingcomputer.com
alt-svc
clear
content-length
0
via
1.1 google
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1596240698677&ns_c=UTF-8&cv=3.5&c8=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&c7=https...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1596240698677&ns_c=UTF-8&cv=3.5&c8=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&c7=http...
0
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1596240698677&ns_c=UTF-8&cv=3.5&c8=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&c9=&cs_ak_ss=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:38 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1596240698677&ns_c=UTF-8&cv=3.5&c8=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&c9=&cs_ak_ss=1
Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:38 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
checksync.php
hbx.media.net/ Frame 37CF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
Requested by
Host: hbx.media.net
URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.bleepingcomputer.com&version=&https=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
hbx.media.net
:scheme
https
:path
/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 02 Feb 2021 00:11:38 GMT; domain=.media.net; Path=/; sameSite=none; secure=true visitor-id=2392422989494759000V10; Expires=Sun, 01 Aug 2021 00:11:38 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=28374
expires
Sat, 01 Aug 2020 08:04:32 GMT
date
Sat, 01 Aug 2020 00:11:38 GMT
content-length
6793
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&pid=GLKuA3YMeHF5t&cb=0&ws=1600x1200&v=7.52.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_970x90_728x90_320x50_sticky%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-0-120.fra6.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA6-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
EnjeZbxEYTcqPi4kTrFDDrG-QkJC_HE1rSr05s8dDRKFy6sFlwEcmA==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&pid=GLKuA3YMeHF5t&cb=1&ws=1600x1200&v=7.52.00&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_3%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-0-120.fra6.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:38 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA6-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
wVeFrFfs9XOWGsUqnUizR7VpPUNz9ZpWvpAzaibdLqA9LLwLi_98wg==
t
jadserve.postrelease.com/ 		223 B
599 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&ntv_mvi&us_privacy=1---
Requested by
Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.52.244.32 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-244-32.us-west-1.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
1eab91f81bf81819c8832c3a70044b09fc8a6c73fd75df3eda4b0decda03da4f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:39 GMT
content-encoding
gzip
server
nginx/1.12.1
status
200
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/javascript;charset=UTF-8
content-length
184
expires
Mon, 1 Jan 1990 12:00:00 GMT
sr
capi.connatix.com/tr/ Frame 7423 		0
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=40500
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.16.202.217 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Sat, 01 Aug 2020 00:11:39 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
7f634825-7f95-4b05-b879-92e3174b0f00.bin
vid.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ Frame 7423 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/7f634825-7f95-4b05-b879-92e3174b0f00.bin
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
120dcbe30a56341ce4bae14bb2514822e3a16c6eaf1caf2eff576fe9c9228920

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
content-encoding
gzip
age
11468
x-cache
HIT, HIT
status
200
content-length
763
x-served-by
cache-bwi5134-BWI, cache-hhn4054-HHN
last-modified
Fri, 31 Jul 2020 20:58:41 GMT
x-timer
S1596240699.239204,VS0,VE0
etag
"c69992fe0f3a6b273aa823b5a919c68e"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 3
1.png
img.connatix.com/067e5169-ece3-4ce8-87ad-c7961b8bb396/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/067e5169-ece3-4ce8-87ad-c7961b8bb396/1.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
489caa649bc6af24b5de49c2db88c9ec21f992310412f0bdb136c2a9df3c6a87

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
via
1.1 varnish, 1.1 varnish
age
4165216
x-cache
HIT, HIT
fastly-io-info
ifsz=11996 idim=794x206 ifmt=png ofsz=6988 odim=794x206 ofmt=webp
status
200
fastly-stats
io=1
content-length
6988
x-served-by
cache-dca17768-DCA, cache-hhn4061-HHN
x-timer
S1596240699.131592,VS0,VE0
etag
"ZtgrrdcQwjijqgVjQ/zsHTfkgcr8y8OnGx9yjy8Yz/Q"
vary
Accept
x-amz-request-id
C0D2E8725F7C4E7F
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
1, 2
ao
capi.connatix.com/tr/ Frame 7423 		0
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ao?v=40500
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.16.202.217 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Sat, 01 Aug 2020 00:11:39 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
ps
capi.connatix.com/tr/ Frame 7423 		0
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ps?v=40500
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.16.202.217 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Sat, 01 Aug 2020 00:11:39 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
mq
capi.connatix.com/tr/ Frame 7423 		0
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/mq?v=40500
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.16.202.217 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Sat, 01 Aug 2020 00:11:39 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
a072fb3f-06d8-4efa-95fa-40c526f5d109.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/a072fb3f-06d8-4efa-95fa-40c526f5d109.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
afb482f6f087b3703d633b272cf8a490f112b28046299ab8b4850e215472ff1e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
via
1.1 varnish, 1.1 varnish
age
11582
x-cache
HIT, HIT
fastly-io-info
ifsz=73313 idim=1280x513 ifmt=jpeg ofsz=12042 odim=834x469 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
12065
x-served-by
cache-dca17750-DCA, cache-hhn4061-HHN
x-timer
S1596240699.420581,VS0,VE0
etag
"ibIietAWZehX2PxlMP2bvfglC6RfNuvmtzsEi71haAE"
vary
Accept
x-amz-request-id
A8E7B8F1A4BC3036
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
1, 2
afcfa47f-6611-4187-8cb3-2d0f0faebe8f.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/afcfa47f-6611-4187-8cb3-2d0f0faebe8f.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
90093d479af195770bf5b67e4a1639ce1df172a03fd281d08a48617511d515a2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
via
1.1 varnish, 1.1 varnish
age
11581
x-cache
HIT, HIT
fastly-io-info
ifsz=285075 idim=1600x800 ifmt=jpeg ofsz=56296 odim=834x469 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
56334
x-served-by
cache-dca17768-DCA, cache-hhn4061-HHN
x-timer
S1596240699.433650,VS0,VE0
etag
"2RYw9WFqMCbR70FdpwMtRwY/KKG+hyLjTHVBeyDShVk"
vary
Accept
x-amz-request-id
80A0ED0E105516BE
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
1, 2
60e6c71c-0d25-4d21-b23b-d9c1eaed0de3.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/60e6c71c-0d25-4d21-b23b-d9c1eaed0de3.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f53f425c5656789e2b0df38c0138dc77632f17ba6c6c1ef46a0ef52db3c50710

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
via
1.1 varnish, 1.1 varnish
age
11582
x-cache
HIT, HIT
fastly-io-info
ifsz=224863 idim=1600x807 ifmt=jpeg ofsz=33484 odim=834x469 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
33517
x-served-by
cache-dca17764-DCA, cache-hhn4061-HHN
x-timer
S1596240699.444524,VS0,VE0
etag
"Tj3wHmDQlSMi0upNkrns7/YYAwD/TPMYxIuZHjh8jfE"
vary
Accept
x-amz-request-id
FCD3C286E74358C6
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
4, 2
d69a072a-dd8c-4e62-b05f-95ba3f7a3ba9.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		109 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/d69a072a-dd8c-4e62-b05f-95ba3f7a3ba9.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c654d8afe796095f2af941fb39673bd83ca8558708fe05dfc4191b1a728c111f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
via
1.1 varnish, 1.1 varnish
age
11582
x-cache
HIT, HIT
fastly-io-info
ifsz=251656 idim=1280x450 ifmt=jpeg ofsz=112114 odim=800x450 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
112167
x-served-by
cache-dca17762-DCA, cache-hhn4061-HHN
x-timer
S1596240699.444512,VS0,VE0
etag
"ULQs9yoIkahCnbN7niUfVz4dsB4dr/Ix5lnQsFWtmCs"
vary
Accept
x-amz-request-id
5JBX1NFR7R8YEM2R
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
1, 2
04bf418d-3769-47bf-aac7-63e3ffc43d1d.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/04bf418d-3769-47bf-aac7-63e3ffc43d1d.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0624390cd57a0f664b409c136d3fc8e4b9ec6bc0d2a83e0fcf23405959033f1a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
via
1.1 varnish, 1.1 varnish
age
11582
x-cache
HIT, HIT
fastly-io-info
ifsz=21839 idim=1280x450 ifmt=jpeg ofsz=2852 odim=800x450 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
2875
x-served-by
cache-dca17764-DCA, cache-hhn4061-HHN
x-timer
S1596240699.448643,VS0,VE0
etag
"KoeYcec3Gc1rEyDhUlKNu+u/7KOmRDdxxJ/Y6lRvdQc"
vary
Accept
x-amz-request-id
BQBV9X5JAR1JCS4P
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
1, 2
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200729&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200729/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
209d7ccf14a495062cf7ad3295e18dd5a90395fe5bffb984ce94a9ef5436c4ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 01 Aug 2020 00:11:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5645
x-xss-protection
0
v2gasofkmlvbYviSxxY8KHSuiTeD0ft4MUZ1YVaXHm6g7PZpGU6NL3SJ169eyYuHrMZAaQ-ry7A4tK7sHQA
dapperdiscussion.com/ 		216 B
616 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dapperdiscussion.com/v2gasofkmlvbYviSxxY8KHSuiTeD0ft4MUZ1YVaXHm6g7PZpGU6NL3SJ169eyYuHrMZAaQ-ry7A4tK7sHQA
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.64.11 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
1b90b3eac89eaec3cc421635946e2d2d0c9f252e0d6bacd5ac6513a8fed7a28b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
x-datacenter
gce-europe-west1
status
200
date
Sat, 01 Aug 2020 00:11:39 GMT
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-hostname
hank
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length
216
expires
Sat, 01 Aug 2020 00:11:38 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200729/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1591403518460474"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:11:39 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 30EC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/210/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4590
date
Fri, 31 Jul 2020 22:50:31 GMT
expires
Sat, 31 Jul 2021 22:50:31 GMT
last-modified
Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4868
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
translator
hbopenbid.pubmatic.com/ 		0
122 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Sat, 01 Aug 2020 00:11:39 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://www.bleepingcomputer.com
fastlane.json
fastlane.rubiconproject.com/a/api/ 		260 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&gdpr=0&us_privacy=1---&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&tk_flint=pbjs_lite_v3.22.0&x_source.tid=b1039c31-add6-4c9b-869d-26f321a1f565&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.598371236747562
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
41b8a9f4402518c8f5ba3c2b433265af1033e9fa47e609590c2eeb109726a180

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:40 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
260
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
dmx.districtm.io/b/ 		0
432 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
cf-ray
5bbb57d61afc0b47-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0448f539d000000b47ce094200000001
prebid
ib.adnxs.com/ut/v3/ 		19 B
720 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:39 GMT
X-Proxy-Origin
194.99.105.99; 194.99.105.99; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.137:80
AN-X-Request-Uuid
3562bbe5-1fca-4e57-bf09-bff4e893d2e6
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		190 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=b1039c31-add6-4c9b-869d-26f321a1f565&nocache=1596240699723&gdpr=0&us_privacy=1---&pubcid=ff79cff0-674b-4e50-bb40-5b6dcf20c271&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90&divIds=bleepingcomputer_970x90_728x90_320x50_sticky&auid=540959250
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
OXGW/16.190.0 /
Resource Hash
3b308373a659653736436e9f035269321fdeacbd353d90ed0271830af2246e66

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:40 GMT
content-encoding
gzip
server
OXGW/16.190.0
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
176
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		192 B
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
ddef43233b61a1075f4a1d98a4e204510af84284bda4455716d988f00134c9a9

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:39 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
192
expires
0
display
mantodea.mantisadnetwork.com/prebid/ 		0
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
719 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:39 GMT
X-Proxy-Origin
194.99.105.99; 194.99.105.99; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.80:80
AN-X-Request-Uuid
cb175a29-a3d2-4caa-89b2-d808c77470d8
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cygnus
as-sec.casalemedia.com/ 		0
0
ads
securepubads.g.doubleclick.net/gampad/ 		41 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4476189614669882&correlator=2153275252645670&output=ldjh&impl=fifs&adsid=NT&eid=21066924%2C21065112&vrg=2020072701&us_privacy=1---&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200801&iu_parts=15184186%2Cbleepingcomputer_970x90_728x90_320x50_sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3Dtimeout&eri=1&cust_params=user-agent%3DChrome%26section%3Dnews&cookie_enabled=1&bc=31&abxe=1&lmt=1596066750&dt=1596240699776&dlt=1596240696994&idt=1322&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1110&adks=3056404191&ucis=1&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&dssz=67&icsg=43486576640&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&ga_vid=605872533.1596240698&ga_sid=1596240698&ga_hid=325435365&fws=512&ohw=0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
0f976ef0df458e73621f8650af6f1d51db998419ff1b75c9d53b10715964548a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:40 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10509
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
cygnus
as-sec.casalemedia.com/ 		0
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
720 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:39 GMT
X-Proxy-Origin
194.99.105.99; 194.99.105.99; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.147:80
AN-X-Request-Uuid
9c459ff0-4a2d-46ab-b142-aac939828c42
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
display
mantodea.mantisadnetwork.com/prebid/ 		0
0
translator
hbopenbid.pubmatic.com/ 		0
66 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Sat, 01 Aug 2020 00:11:39 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://www.bleepingcomputer.com
fastlane.json
fastlane.rubiconproject.com/a/api/ 		263 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&gdpr=0&us_privacy=1---&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&tk_flint=pbjs_lite_v3.22.0&x_source.tid=caf9aad7-d332-4525-9395-4bd7e177a080&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.2908618569486465
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e19d052cce1982535d03f956a57599ecf30bd87b112bc0c59708b8b4faa5213d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:40 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
263
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&gdpr=0&us_privacy=1---&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&tk_flint=pbjs_lite_v3.22.0&x_source.tid=a74db185-b0a2-4220-bfa9-1565ea27ad93&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9819432861239712
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
8755cd9307346b5061810dde8281e85cc0711e7e666cbe541eb5ba9a2e466004

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:40 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1---&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&tk_flint=pbjs_lite_v3.22.0&x_source.tid=21856f14-efc4-43a1-84fd-01e5a0463277&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.11364289187376109
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
72dd7991abf944e50a759a9528d4fb2289cc446074513da6ce4edf08aaa3c039

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:40 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
4048
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1---&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&tk_flint=pbjs_lite_v3.22.0&x_source.tid=925db005-3a94-4045-8bf2-1382e82e5380&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.417221015656863
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
a73b18d997ee4f8398b834abacbdd884ebbcac864649035f1635b4ae4068defa

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:40 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		263 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&gdpr=0&us_privacy=1---&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&tk_flint=pbjs_lite_v3.22.0&x_source.tid=397fc033-8e7e-444c-bc82-e6449880cd96&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8877943254174923
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.41 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
3538089bb08c3b19f65fbcb257e83542d65463b1d8c1272bf19ae74f9c737396

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:40 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
263
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
0
auction
tlx.3lift.com/header/ 		19 B
541 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=3.22.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&tmax=1200&gdpr=false&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.159.48.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:40 GMT
x-auction-status
12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12
status
200
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
719 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:39 GMT
X-Proxy-Origin
194.99.105.99; 194.99.105.99; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.40:80
AN-X-Request-Uuid
d7cbd6eb-fc3a-4a20-af33-c41e82995af1
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		466 B
656 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
c13aae6b0d0918926a8eaf07cf102989079d2e3ef81baeb1e9dadda1cf5a11ca

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:39 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
466
expires
0
arj
freestar-d.openx.net/w/1.0/ 		190 B
368 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=caf9aad7-d332-4525-9395-4bd7e177a080%2Ca74db185-b0a2-4220-bfa9-1565ea27ad93%2C21856f14-efc4-43a1-84fd-01e5a0463277%2C925db005-3a94-4045-8bf2-1382e82e5380%2C397fc033-8e7e-444c-bc82-e6449880cd96&nocache=1596240699847&gdpr=0&us_privacy=1---&pubcid=ff79cff0-674b-4e50-bb40-5b6dcf20c271&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250%7C728x90%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_300x250_300x600_160x600_Right_3%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF&auid=540959250%2C540959250%2C540959250%2C540959250%2C540959250
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
OXGW/16.190.0 /
Resource Hash
c690e7df7514ccc9065b57e3bd7e2cb8ec33895a0801694ae3e5862ad0b95052

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:40 GMT
content-encoding
gzip
server
OXGW/16.190.0
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
176
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 01 Aug 2020 00:11:39 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
cf-ray
5bbb57d63b2a0b47-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0448f539e400000b47ce096200000001
v2bitV7dFDsqCryvI6RiQZQoNJBda6c34C2DHbWMWWj87J-puZiR1pJvLNJd__tQDVHf5kpi3_FqPqa9SoA
dapperdiscussion.com/ 		3 B
36 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dapperdiscussion.com/v2bitV7dFDsqCryvI6RiQZQoNJBda6c34C2DHbWMWWj87J-puZiR1pJvLNJd__tQDVHf5kpi3_FqPqa9SoA
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.64.11 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
x-datacenter
gce-europe-west1
status
200
date
Sat, 01 Aug 2020 00:11:39 GMT
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
x-hostname
hank
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length
3
gen_204
pagead2.googlesyndication.com/pagead/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200729&jk=4476189614669882&bg=!FxSlFAxYwk-jlGPIDS0CAAAAhFIAAAAOmQGPpzIyW03pUUz8sYPrjMOtSit4n065CIkKd41NTmcdUKfXCfHmNUWxbVxSrGHeRNZ_jdC_H2KxHBYM4SRuxxkaf3et3lN_rvauwvcdTb76oL5fE2JTzxx87d2icKYqoRO9D0Dzs9RlWIIC3TrK-MoNMnmdCPWJPC8Njzfuxua5vi6-OMrrzzgj8tYDoMrfkdgTiIPlVl5_QqHo5x5KIKFZkFMSgRLAZOx9ux7wHyOPesn_K3JMtoUBN-3OYEvMub3sXgfbtZqeNKeBJ3O04D-nLjgxUoR_Q-Am-VYN5sPk0s3j8ClGt4FLmDe0Ms48Z1ITtrTzriwJUZ3j136-L-vvlo-1yGtN0AffsHyxM1Y-DseeFSKX06C98C1MDIVH0xXJUsnENt15Dv4rJ7ImKjHc9gGOfMLRrmXw3_Nb6JYi4nbcPsEEnFq-ERfWg9BKUf0b6mW_qqq73hI_B1CdehxtElbv4qQwZO-hW2wSty06ZXF7cfB8mKDA7MX7TfjF1IXqmRIHX0CE_4mebREl65Gn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubfig.messaging.2.1.2.js
a.pub.network/core/ 		196 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/pubfig.messaging.2.1.2.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:443c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:40 GMT
content-encoding
br
cf-cache-status
HIT
x-guploader-uploadid
AAANsUlu4TMWDeFveuRKDWCJWckX6HDqZEnqFaXWRqOSIu_Wh6Aahr8PeUBkHxruJx9MOeUV-WS3HzHWY_DUmxRRTXI
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
4
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
0448f53aa700001f4d62062200000001
last-modified
Thu, 21 May 2020 18:48:40 GMT
server
cloudflare
etag
W/"a191b1edb3810d2c6bbd73bfed144567"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ZRmSfw==, md5=oZGx7bOBDSxrvXO/7RRFZw==
x-goog-generation
1590086920350282
cache-control
private, max-age=1800
x-goog-stored-content-length
200438
cf-ray
5bbb57d77a571f4d-FRA
expires
Sat, 31 Jul 2021 19:15:50 GMT
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
a2d31b6e13761a6af96144fdfd33e9a498dee4f55f5dc298f3d8f190581cf681

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:40 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
amp4ads-v0.js
cdn.ampproject.org/rtv/012007210634000/ Frame 7DB9 		206 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
12712
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57364
x-xss-protection
0
server
sffe
date
Fri, 31 Jul 2020 20:39:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"da4645546e0fb9cb"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 31 Jul 2021 20:39:48 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7DB9 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66f14ced94dbd60cb3c1f8fc74f67f01d05b4cbeee93c877a2e86ad31847eb44
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
123652
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5902
x-xss-protection
0
server
sffe
date
Thu, 30 Jul 2020 13:50:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ed761c4f9176d72d"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 30 Jul 2021 13:50:48 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7DB9 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
12739
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29699
x-xss-protection
0
server
sffe
date
Fri, 31 Jul 2020 20:39:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ff583ae049a1bccf"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 31 Jul 2021 20:39:21 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7DB9 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
360a25e0b7ac5376a0c319d1eac76df31ffcce5b82faa2f3a0b3ef70f370d151
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
113915
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1786
x-xss-protection
0
server
sffe
date
Thu, 30 Jul 2020 16:33:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"fe8a226332f994d7"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 30 Jul 2021 16:33:05 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7DB9 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0847fb2a4b12a2cfd5b8775ebf0a1ca59c1d8c34894ee2f3f26e827969f39567
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
123652
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15001
x-xss-protection
0
server
sffe
date
Thu, 30 Jul 2020 13:50:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f044ff03265d7aa3"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 30 Jul 2021 13:50:48 GMT
truncated
/ Frame 7DB9 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9a02f5625ccb8af7800165a75bf1938cec65669e8df94bcd192baa386d787cb

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
10558153782905241568
tpc.googlesyndication.com/daca_images/simgad/ Frame 7DB9 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10558153782905241568
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
263cb75aae2d5f444da7f29e4a4c345664b88639e37e878fd5bed2f05aa7b52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 30 Jul 2020 17:32:45 GMT
x-content-type-options
nosniff
age
110335
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40436
x-xss-protection
0
last-modified
Thu, 30 Jan 2020 03:35:55 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 30 Jul 2021 17:32:45 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DB9 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 31 Jul 2020 11:08:58 GMT
x-content-type-options
nosniff
server
cafe
age
46962
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Sat, 01 Aug 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DB9 		295 B
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 31 Jul 2020 21:26:58 GMT
x-content-type-options
nosniff
server
cafe
age
9882
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Sat, 01 Aug 2020 21:26:58 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 7DB9 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=Cs6JLO7MkX7mrNOrK7_UPm9mmkAqs1PC7W-232N30CsCNtwEQASDa18U5YOnkyYXYGqABzoH_0wPIAQKpApftXfMPEqk-4AIAqAMByAMIqgS4Ak_Qa94EmbUOxd5n9cUuSKTXx_yxWybsy5ERLCvr-6gDgKUC3SEixtQGdn4EY3Qj4XAVNQJOzXrHyStMTiCa4acYm05X-68NYZ9W74cW1WAa7khGnD6uJFM_wyG4z0PYuDONlu6NUskSHnXZVBdp2wLl3_jYAyOcV0c93dybYjwfjciO8G2cuNOEHWIr73q8v4XpJpFaadXqmYLCWmoqRvedr35QpjDhHQ_UcydNOOydG9tqZR_IWAobQHJIT4ofSLmWe6QiWyDAnPB_PJlx6XjCPqZ4jaks8sULmq9WA6rgcYE8c9Aplxu3VLoq0EZxyW-K3ffIIHxBr5eRCoI2n0_eS8Y8KSQdrw1FrkmdTNczg4yQEzjTAOCp7_oL46LpKGmhxFWJVCsFvOgBEDVeg_gZPiKjqm_1L8AEvMvU1NoC4AQBkgUECAQYAZIFBAgFGASgBgKAB5r-gCyoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQtqQP0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoDyAsB2BMN&sigh=_4KaUMNfBqg&tpd=AGWhJmsbhkgGE_V9Z6FpnGxf8Wr346WjC4uVB5TWEt65UE29Bg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
si
googleads.g.doubleclick.net/pagead/drt/ Frame 7DB9
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date
Sat, 01 Aug 2020 00:11:40 GMT
x-content-type-options
nosniff
server
safe
status
302
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
246
x-xss-protection
0
10558153782905241568
tpc.googlesyndication.com/daca_images/simgad/ Frame 7DB9 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10558153782905241568
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
263cb75aae2d5f444da7f29e4a4c345664b88639e37e878fd5bed2f05aa7b52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 30 Jul 2020 17:32:45 GMT
x-content-type-options
nosniff
age
110335
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40436
x-xss-protection
0
last-modified
Thu, 30 Jan 2020 03:35:55 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 30 Jul 2021 17:32:45 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DB9 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 31 Jul 2020 11:08:58 GMT
x-content-type-options
nosniff
server
cafe
age
46962
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Sat, 01 Aug 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DB9 		295 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 31 Jul 2020 21:26:58 GMT
x-content-type-options
nosniff
server
cafe
age
9882
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Sat, 01 Aug 2020 21:26:58 GMT
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
a2d31b6e13761a6af96144fdfd33e9a498dee4f55f5dc298f3d8f190581cf681

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:40 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
ads
securepubads.g.doubleclick.net/gampad/ 		150 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4476189614669882&correlator=2153275252645670&output=ldjh&impl=fifs&adsid=NT&eid=21066924%2C21065112%2C676982996&vrg=2020072701&us_privacy=1---&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200801&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_300x250_300x600_160x600_Right_3%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6&prev_iu_szs=970x250%7C970x90%7C728x90%2C728x90%2C300x600%7C300x250%2C300x600%7C300x250%2C970x250%7C970x90%7C728x90%2C1x1&ists=1&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%26freestar_path%3D%252Fnews%252Fsecurity%252Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%252F%26freestar_domain%3Dbleepingcomputer.com%26fs_safeframe%3Dfalse%26custom_bidder_size%3Drubicon_300x600%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.01%26hb_adid%3D12314f95d45c3fb4%26hb_bidder%3Drubicon%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26fsbid%3D0&eri=1&cust_params=user-agent%3DChrome%26section%3Dnews&cookie=ID%3Db88b0df5f82950d6%3AT%3D1596240699%3AS%3DALNI_Ma7gQnlTaTH2hyqQQwYrKhKoCiPTg&bc=31&abxe=1&lmt=1596066750&dt=1596240701043&dlt=1596240696994&idt=1322&frm=20&biw=1600&bih=1200&oid=3&adxs=315%2C268%2C1082%2C1082%2C315%2C800&adys=146%2C5620%2C1368%2C2243%2C7228%2C7894&adks=1078295657%2C4047242158%2C1498267662%2C2397762747%2C389221393%2C2635258439&ucis=2%7C3%7C4%7C5%7C6%7C7&ifi=3&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&dssz=68&icsg=43486576640&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x280%7C834x90%7C306x600%7C306x600%7C1200x250%7C1600x7896&msz=1170x250%7C834x90%7C306x600%7C306x600%7C1170x250%7C1600x1&ga_vid=605872533.1596240698&ga_sid=1596240698&ga_hid=325435365&fws=0%2C0%2C0%2C512%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
eb27e83360e6afac706327aa61251ada4157b0b3f760a6e33217987da6282d29
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17658459157741804753/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17658459157741804753/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPPr3f_b-OoCFdLGuwgdjH4AVA&gqi=&layout=/sadbundle/%24csp%253Der3%24/17658459157741804753/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Logo_GpaSiriusSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Logo_GpaSiriusSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPfr3f_b-OoCFdLGuwgdjH4AVA&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Logo_GpaSiriusSingleIframe.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17658459157741804753/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17658459157741804753/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPPr3f_b-OoCFdLGuwgdjH4AVA&gqi=&layout=/sadbundle/%24csp%253Der3%24/17658459157741804753/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Logo_GpaSiriusSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Logo_GpaSiriusSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPfr3f_b-OoCFdLGuwgdjH4AVA&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Logo_GpaSiriusSingleIframe.html
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2
google-creative-id
-1,-2,138237452901,-2,-1,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36161
x-xss-protection
0
google-lineitem-id
-1,-2,4721361505,-2,-1,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
date
Sat, 01 Aug 2020 00:11:41 GMT
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
a2d31b6e13761a6af96144fdfd33e9a498dee4f55f5dc298f3d8f190581cf681

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:41 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
activeview
pagead2.googlesyndication.com/pcs/ Frame 7DB9 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv5DEkjvDXx0MDhxqpFxqU60qiuGrkYqS9Hf55xJ44a1j13SiZXLOqi5PGlB6zfoXliwxm_1ySFQ_lFbLQHZcR-WF6dEOcasc-wv8NZBdQ8Xd9MKh3di0eZaF-qvQ&sai=AMfl-YSx5mzaay6WRSx8XV65dgz1qei6c1_4SOxGrbJkwZi7RCLa8UomEwWdTq07tG4RFRIQoquWERye8MmoOLeBG3Rs3pJsigK2Itvtls3zvC2i-opqj0FBK1003ues&sig=Cg0ArKJSzEAAQ4tbx7fhEAE&cid=CAASF-Ro6M793fV-RfSCETvnA9SlbOKBQCNJ&id=ampim&o=315,1110&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=189&tls=1189&g=100&h=100&tt=1189&r=v&avms=ampa&adk=3056404191
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=4476189614669882&r=970x250%7C970x90%7C728x90&w=728&h=90&a=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame A492 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-37/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
2973
date
Sat, 01 Aug 2020 00:11:39 GMT
expires
Sun, 01 Aug 2021 00:11:39 GMT
last-modified
Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
2
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
securepubads.g.doubleclick.net/pcs/ Frame 6490 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstvZRGpsUInHo5chrZDagUWZc67Ml-0X5TFXm_VogVYVbgJClqXNOxwnXsnfGzQV5zt1sciVQDH3o_XBhC0gi2-Y4uRWr2g5d9jm0jS2pSn4QbM0qWXAHpXSwF0RFR-ZKjK8ZVFjqfULrIxNmggCB7-0Oo7RH4o2YQNRXPCbtpVV7NnnuPjt85DnSC4r3o6zi1F7a4qJf1psTBjq9rfkxkY9JSW-cKE9fiYYTQ2JOVIUEJ0Iu_iiyI1SYnqfPZQhp9TSrfQYmkfVInMdG9QdPpyzLH5ILPOvbTJz19scHLI_KT27uKfFKfK8FVvZb2rtGXmf_lJ&sig=Cg0ArKJSzJN3Iv4uW0WxEAE&urlfix=1&adurl=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 01 Aug 2020 00:11:41 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
render_post_ads_v1.html
googleads.g.doubleclick.net/pagead/ Frame 68FC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/render_post_ads_v1.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUliZn-01g3cLn1CIamh0drxPwrUdSUciKSUHyTkQIkprY5PhQMoJq-ovhfy; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Fri, 31 Jul 2020 17:57:17 GMT
expires
Sat, 01 Aug 2020 17:57:17 GMT
content-type
text/html; charset=UTF-8
etag
12223946614886178233
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4980
x-xss-protection
0
cache-control
public, max-age=86400
age
22464
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
xbfe_backfill.js
googleads.g.doubleclick.net/pagead/ Frame 6490 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4641cbdc542c4e83a5ee564b14236cf40fbd253c5019e0d24d1282082f3d5bbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 23:30:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2463
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5328
x-xss-protection
0
server
cafe
etag
3962153462257850825
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 01 Aug 2020 00:30:38 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6490 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-DDS3-_VufnJVz6RJ_hL7u23hl5B1xNq2dIRUbzxHez4hrKJ590GgopNhn4MkJ_xB3nHK3tRZrORCsiaCKRpHxNxs1BZQ&pr=8:ABDD4A2B4CE3479F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
79a52902-c614-4c8e-a6a6-4aecfd63eb04
beacon-eu-ams3.rubiconproject.com/beacon/d/ Frame 6490 		43 B
268 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-eu-ams3.rubiconproject.com/beacon/d/79a52902-c614-4c8e-a6a6-4aecfd63eb04?oo=0&accountId=16924&siteId=151312&zoneId=1006006&sizeId=10&e=6A1E40E384DA563BCC80621E4B8C0E283140010BD225E00BDE946DC716960DDC9E159E5B20E4AE8B96CF62096E62682D954C2C6DA264532870819E794AC4AA49FF9FE0FCEC25CBC6F57BD962AFDCF198AA57DCBD924C4BA399F709B23CBEBAF9B0D183C5E9048A956DFA3E94E7F357AD85A47E53726DA61826E0642BF1726BA641FF9A3FAF75111314E1CF13EF6C13C16B86727E3234FBDAA7306ED9F71BD127DC96B4ACBF2703B0FE58B485B9CE8430AB141ED2A5027DD48DF113C2C322EA05
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.77 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
Rubicon Project /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 01 Aug 2020 00:11:41 GMT
Cache-Control
private, max-age=0, no-cache
Server
Rubicon Project
Content-Type
image/webp
Content-Length
43
Expires
01 Jan 1970 10:00:00 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 6490 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a144a0ddb054805ab87d8603010836d660aa41bef7a38d962781cd3af6c4e864
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1596194598985842"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28389
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:11:41 GMT
container.html
6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame BF91 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-37/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
2973
date
Sat, 01 Aug 2020 00:11:39 GMT
expires
Sun, 01 Aug 2021 00:11:39 GMT
last-modified
Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
2
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 6490 		71 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a6a77d4af8485f801196e0abb887d745c1ebaf38df310027cf720ad7517e9b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1596194598985842"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27106
x-xss-protection
0
expires
Sat, 01 Aug 2020 00:11:41 GMT
usync.html
eus.rubiconproject.com/ Frame CBC1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=pl
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhOqmt03ZRUZWfOgZ1rOqUPHfhR8Tya9WQi+HKKRWt2j6qYTD2eRvLWSDhFgX3ng06hUEE9RUpasHbexkkvGuuYKBWI6L/JKS3dwHNbrrxlA==; ses2=; vis2=151312^1; ses10=151312^1; vis10=151312^1; ses15=; vis15=151312^1; khaos=KDAWHZB5-1W-G35X; audit=1|naVuGyos1qrddYnq15iwN5qpp78UDnSwI2/o9Yn2nZVvdQduUI4pdcmOZNlrfnQZ8Wf+CDJvEd7vQn6gbej9EcxuhZpbWKLt+/AMC2wiya8=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Wed, 29 Jul 2020 16:40:43 GMT
Content-Encoding
gzip
Content-Length
9469
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=45772
Expires
Sat, 01 Aug 2020 12:54:33 GMT
Date
Sat, 01 Aug 2020 00:11:41 GMT
Connection
keep-alive
Vary
Accept-Encoding
view
securepubads.g.doubleclick.net/pcs/ Frame 6490 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvC4E70D64dtmQjxcIi17SJAi_uU681OYSUtwOBO1zBFfMXXqMW3sneR-6RqILrKD9NDDJ3II-l5XsigSChkl_ttiu1X8SymEWkF4LezEfkMp_9KkqTwBns0WzFtrRvZuYSWQbVrn0eQfQp82buEdoj4R4A7bn3asfoyKzBtCtKVSsT_bsDZpg3MET0zVVvb20VInymZdGns2APfZlnqFc5GQSbNjbKJZEXLuH2HM1XXGZzPmKyC_JHm5jwYfVtVEITfJ18aWlkKZt6pzuhGRZ5SM9oHVUVP0ZirqCdZw_UJM4y9TW3eFVy13VBYafX2lZMv6s_7b0&sig=Cg0ArKJSzD2u0EMiAsYkEAE&urlfix=1&adurl=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 01 Aug 2020 00:11:41 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 6490 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
890baf1d8eca0bfd3ed08a5bf24e5231bb8fd8681684e45f812a5105bd5d2202

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
a2d31b6e13761a6af96144fdfd33e9a498dee4f55f5dc298f3d8f190581cf681

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:41 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
lg.php
cdn.firstimpression.io/delivery/ 		1 B
261 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.firstimpression.io/delivery/lg.php?bannerid=62894&campaignid=482&zoneid=110163&loc=%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&cb=a6cae7370b&ficb=155132
Requested by
Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.13.97 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.1 / PHP/7.3.11
Resource Hash
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

Request headers

Accept
*/*
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 00:11:42 GMT
content-encoding
gzip
server
nginx/1.16.1
x-powered-by
PHP/7.3.11
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
expires
0
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
a2d31b6e13761a6af96144fdfd33e9a498dee4f55f5dc298f3d8f190581cf681

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:42 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
demand-source
d.pub.network/ 		61 B
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/demand-source
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
1640690e2fdd44bcc82155e440b8910ca1a8a08f3aecf6f5730f58b5063e0fb1

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Sat, 01 Aug 2020 00:11:43 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
v2gasofkmlvbYviSxxY8KHSuiTeD0ft4MUZ1YVaXHm6g7PZpGU6NL3SJ169eyYuHrMZAaQ-ry7A4tK7sHQA
dapperdiscussion.com/ 		166 B
249 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dapperdiscussion.com/v2gasofkmlvbYviSxxY8KHSuiTeD0ft4MUZ1YVaXHm6g7PZpGU6NL3SJ169eyYuHrMZAaQ-ry7A4tK7sHQA
Requested by
Host: dapperdiscussion.com
URL: https://dapperdiscussion.com/v2mojjRqxm0uSiopiD-aABaVl-1eYGn-9jdzP46hyVV260JPOwzzIpayjWhZBI5i-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.64.11 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
67a6cb5d31c38a270a8061f3f61e5834340f75a55b8c503b215cfb410d447699
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
x-datacenter
gce-europe-west1
status
200
date
Sat, 01 Aug 2020 00:11:44 GMT
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-hostname
hank
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length
166
expires
Sat, 01 Aug 2020 00:11:43 GMT
d65ce2fc-2e6f-48f3-a1d7-6e2054d1920e.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/d65ce2fc-2e6f-48f3-a1d7-6e2054d1920e.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9ac37816a4f81a0ac1f8e43e46159e8dfc3d9a9284fe4a3d0ce5f0bead46aaf4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 00:11:45 GMT
via
1.1 varnish, 1.1 varnish
age
11587
x-cache
HIT, HIT
fastly-io-info
ifsz=80823 idim=1250x465 ifmt=jpeg ofsz=18272 odim=827x465 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
18300
x-served-by
cache-dca17737-DCA, cache-hhn4061-HHN
x-timer
S1596240705.489040,VS0,VE1
etag
"jMLdM2mXouP2RoV7XyHwB/pvdrNWo4b7QZJw4OHRD6k"
vary
Accept
x-amz-request-id
9B0F2FA6780A1BB8
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
2, 1
st
capi.connatix.com/tr/ Frame 7423 		0
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=40500
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.16.202.217 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Sat, 01 Aug 2020 00:11:46 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
ixmatch.html
js-sec.indexww.com/um/ Frame BF38 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Host
js-sec.indexww.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Server
Apache
Last-Modified
Mon, 19 Jun 2017 19:18:19 GMT
ETag
"e20015-112-55254ff6a1972"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
211
Date
Sat, 01 Aug 2020 00:11:47 GMT
Connection
keep-alive
sync
eb2.3lift.com/ Frame B69C
Redirect Chain
  • https://eb2.3lift.com/sync?us_privacy=1---&
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.32.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-32-108.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?us_privacy=1---&&ld=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
tluid=3353909927852434423
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
date
Sat, 01 Aug 2020 00:11:47 GMT
content-type
text/html; charset=utf-8
content-length
467
set-cookie
sync=CgoIgQIQzvzwurouCgoIoQEQzvzwurouCgoI4gEQzvzwurouCgoI5gEQzvzwurouCgoI1gEQzvzwurouCgoIhwIQzvzwurouCgkIOhDO_PC6ui4KCQgLEM788Lq6LgoJCF8QzvzwurouCgkIHxDO_PC6ui4=; Max-Age=7776000; Expires=Fri, 30 Oct 2020 00:11:47 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=3353909927852434423; Max-Age=7776000; Expires=Fri, 30 Oct 2020 00:11:47 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

status
302
date
Sat, 01 Aug 2020 00:11:47 GMT
content-length
0
set-cookie
tluid=3353909927852434423; Max-Age=7776000; Expires=Fri, 30 Oct 2020 00:11:47 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location
/sync?us_privacy=1---&&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
index.html
cdn.districtm.io/ids/ Frame FD4A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html?ccpa=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html?ccpa=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
204
date
Sat, 01 Aug 2020 00:11:46 GMT
set-cookie
__cfduid=d1691ec140016343f85f019ce32dc3fc51596240706; expires=Mon, 31-Aug-20 00:11:46 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin
access-control-allow-methods
GET, HEAD, POST, OPTIONS
cf-request-id
0448f5557d00000b47ce161200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
5bbb580269520b47-AMS
pd
eu-u.openx.net/w/1.0/ Frame 5978 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
OXGW/16.190.0 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=ff79cff0-674b-4e50-bb40-5b6dcf20c271|1596240700
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=ff79cff0-674b-4e50-bb40-5b6dcf20c271|1596240700; Version=1; Expires=Sun, 01-Aug-2021 00:11:46 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1596240706|mOgegqnskin0vNomiygu; Version=1; Expires=Sun, 16-Aug-2020 00:11:46 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.190.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sat, 01 Aug 2020 00:11:46 GMT
content-type
text/html
content-length
546
content-encoding
gzip
via
1.1 google
alt-svc
clear
showad.js
ads.pubmatic.com/AdServer/js/ Frame 7CDE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Last-Modified
Tue, 14 Apr 2020 10:27:52 GMT
ETag
"13006b6-a4bb-5a33da6f1a023"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
15243
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=137411
Expires
Sun, 02 Aug 2020 14:21:58 GMT
Date
Sat, 01 Aug 2020 00:11:47 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 5E01 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Server
nginx/1.13.10
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
"573e714d-3e3"
Access-Control-Allow-Origin
*
Content-Type
text/html
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
506
Cache-Control
max-age=31536000
Expires
Sun, 01 Aug 2021 00:11:47 GMT
Date
Sat, 01 Aug 2020 00:11:47 GMT
Connection
keep-alive
iframe
mantodea.mantisadnetwork.com/prebid/ Frame 6343 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1596240701063&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.243.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-243-182.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

:method
GET
:authority
mantodea.mantisadnetwork.com
:scheme
https
:path
/prebid/iframe?tz=-120&buster=1596240701063&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
date
Sat, 01 Aug 2020 00:11:47 GMT
content-type
text/html; charset=utf-8
content-length
332
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
W/"14c-9r5Bjy6XDsnlA90RhdhNIIvVOvI"
ixmatch.html
js-sec.indexww.com/um/ Frame 66A8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Host
js-sec.indexww.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Server
Apache
Last-Modified
Mon, 19 Jun 2017 19:18:19 GMT
ETag
"e20015-112-55254ff6a1972"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
211
Date
Sat, 01 Aug 2020 00:11:47 GMT
Connection
keep-alive
iframe
mantodea.mantisadnetwork.com/prebid/ Frame 8E52 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1596240700927&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.243.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-243-182.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

:method
GET
:authority
mantodea.mantisadnetwork.com
:scheme
https
:path
/prebid/iframe?tz=-120&buster=1596240700927&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
date
Sat, 01 Aug 2020 00:11:47 GMT
content-type
text/html; charset=utf-8
content-length
332
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
W/"14c-9r5Bjy6XDsnlA90RhdhNIIvVOvI"
usync.html
eus.rubiconproject.com/ Frame 6377 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhOqmt03ZRUZWfOgZ1rOqUPHfhR8Tya9WQi+HKKRWt2j6qYTD2eRvLWSDhFgX3ng06hUEE9RUpasHbexkkvGuuYKBWI6L/JKS3dwHNbrrxlA==; ses2=; vis2=151312^1; ses10=151312^1; vis10=151312^1; ses15=; vis15=151312^1; khaos=KDAWHZB5-1W-G35X; audit=1|naVuGyos1qrddYnq15iwN5qpp78UDnSwI2/o9Yn2nZVvdQduUI4pdcmOZNlrfnQZ8Wf+CDJvEd7vQn6gbej9EcxuhZpbWKLt+/AMC2wiya8=; pux=1512%3D92761%262249%3D92761%262307%3D92761%263778%3D92761%26goog%3D92761%26idl%3D92761%26brx%3D92761%262249-DV360-Hosted%3D92761%26
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Wed, 29 Jul 2020 16:40:43 GMT
Content-Encoding
gzip
Content-Length
9469
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=45767
Expires
Sat, 01 Aug 2020 12:54:33 GMT
Date
Sat, 01 Aug 2020 00:11:46 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 064F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Server
nginx/1.13.10
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
"573e714d-3e3"
Access-Control-Allow-Origin
*
Content-Type
text/html
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
506
Cache-Control
max-age=31536000
Expires
Sun, 01 Aug 2021 00:11:47 GMT
Date
Sat, 01 Aug 2020 00:11:47 GMT
Connection
keep-alive
pd
eu-u.openx.net/w/1.0/ Frame 45E7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
OXGW/16.190.0 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=ff79cff0-674b-4e50-bb40-5b6dcf20c271|1596240700
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=ff79cff0-674b-4e50-bb40-5b6dcf20c271|1596240700; Version=1; Expires=Sun, 01-Aug-2021 00:11:46 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1596240706|mOgegqnskin0vNomiygu; Version=1; Expires=Sun, 16-Aug-2020 00:11:46 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.190.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sat, 01 Aug 2020 00:11:46 GMT
content-type
text/html
content-length
546
content-encoding
gzip
via
1.1 google
alt-svc
clear
index.html
cdn.districtm.io/ids/ Frame D7B1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html?ccpa=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html?ccpa=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

status
204
date
Sat, 01 Aug 2020 00:11:46 GMT
set-cookie
__cfduid=d1691ec140016343f85f019ce32dc3fc51596240706; expires=Mon, 31-Aug-20 00:11:46 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin
access-control-allow-methods
GET, HEAD, POST, OPTIONS
cf-request-id
0448f555af00000b47ce164200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
5bbb5802b98b0b47-AMS
showad.js
ads.pubmatic.com/AdServer/js/ Frame 9B54 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.22.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Response headers

Last-Modified
Tue, 14 Apr 2020 10:27:52 GMT
ETag
"13006b6-a4bb-5a33da6f1a023"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
15243
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=137411
Expires
Sun, 02 Aug 2020 14:21:58 GMT
Date
Sat, 01 Aug 2020 00:11:47 GMT
Connection
keep-alive
Vary
Accept-Encoding
st
capi.connatix.com/tr/ Frame 7423 		0
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=40500
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.playspace.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.16.202.217 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Sat, 01 Aug 2020 00:11:54 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Domain
mantodea.mantisadnetwork.com
URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=-120&buster=1596240699726&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&measurable=true&bids[0][bidId]=1993b16b3190f0e&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_970x90_728x90_320x50_sticky&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&property=5c3404d83e048a00261ad27f&foo
Domain
as-sec.casalemedia.com
URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2222f8ea5a3cc26e5%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2223fa32dc7393d6c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2224dd4547bf3b814%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%2C%22us_privacy%22%3A%221---%22%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1
Domain
as-sec.casalemedia.com
URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22298c72300f80de3%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2230855e528bed0d8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2231b7b5497d325e9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2232e0cd29a44c561%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2233ecf77d771e6c5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2234997fdd2a8b1fb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2235f2c5370e9b5b6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22367701ea39766bf%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2237e8e548da43ae2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22389ff16c002b025%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2239e30ab9283d4cb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%224046b9c07484563%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%2C%22us_privacy%22%3A%221---%22%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1
Domain
mantodea.mantisadnetwork.com
URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=-120&buster=1596240699829&secure=true&version=9&mobile=false&title=Emotet%20malware%20now%20steals%20your%20email%20attachments%20to%20attack%20contacts&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Femotet-malware-now-steals-your-email-attachments-to-attack-contacts%2F&measurable=true&bids[0][bidId]=481ffce54bbfe57&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=250&bids[1][bidId]=49da3e6593dac17&bids[1][config][property]=5c3404d83e048a00261ad27f&bids[1][config][zone]=bleepingcomputer_728x90_320x50_InContent_1&bids[1][sizes][0][width]=728&bids[1][sizes][0][height]=90&bids[2][bidId]=50694bff59123aa&bids[2][config][property]=5c3404d83e048a00261ad27f&bids[2][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_2&bids[2][sizes][0][width]=300&bids[2][sizes][0][height]=250&bids[2][sizes][1][width]=300&bids[2][sizes][1][height]=600&bids[3][bidId]=514a1b5bf2dd313&bids[3][config][property]=5c3404d83e048a00261ad27f&bids[3][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_3&bids[3][sizes][0][width]=300&bids[3][sizes][0][height]=250&bids[3][sizes][1][width]=300&bids[3][sizes][1][height]=600&bids[4][bidId]=52d189dfe5b2d5e&bids[4][config][property]=5c3404d83e048a00261ad27f&bids[4][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&bids[4][sizes][0][width]=728&bids[4][sizes][0][height]=90&bids[4][sizes][1][width]=970&bids[4][sizes][1][height]=90&bids[4][sizes][2][width]=970&bids[4][sizes][2][height]=250&property=5c3404d83e048a00261ad27f&foo
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=720e8f2d06b27a3&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=737b1d32a01fa8b&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=7468bdb63a5f269&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=uo4nuhxJikFrr3o47oeeZPL5&bidId=75551d288d7b4bb&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=6f2XVeWT9HhHNo9TDFzKK7JK&bidId=76833fcf7d3e9e1&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=uo4nuhxJikFrr3o47oeeZPL5&bidId=7711b86f8f35c69&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=6f2XVeWT9HhHNo9TDFzKK7JK&bidId=78227d6561f519a&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=79b03f5107f484&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=803a19c350b77c7&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.22.0&strVersion=3.2.1&secure=true&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D

Verdicts & Comments Add Verdict or Comment

193 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| cnxps object| freestar object| apd_options function| admiral object| googletag function| __cmp function| __uspapi function| gtag object| dataLayer object| __twttrll object| twttr object| __twttr object| google_tag_manager object| adsbygoogle object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad boolean| _gfp_p_ function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| google_tag_data string| GoogleAnalyticsObject function| ga function| Blazy object| fixto function| validate_comment_box_not_empty function| cz_strip_tags function| cz_br2nl function| editForm string| loginhash boolean| main_nav_hide_flag number| scrollTop string| main_nav_hide_timer function| call_main_nav_hide number| cz_header_pos number| prevScrollTop object| jQuery11110747623240189988 object| fsdata function| load_script object| fsprebid function| loadDeferredStyles function| raf function| 4dm1r11545242527 function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| addthis_share object| addthis_config boolean| fifabAlready function| fi_fab function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| gaplugins object| gaGlobal object| gaData object| $jscomp undefined| commonInit function| visibilityEventsManager function| visibilityEventsManagerDOM function| scrollEventsManager function| DeviceDetector object| FI object| JSON_PIWIK object| _fipaq object| FIPiwik object| AnalyticsTracker function| fipbChunk object| fipb object| _pbjsGlobals object| __core-js_shared__ function| fiPrebidAnalyticsHandler function| fiQuery object| async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| closure_memoize_cache_ function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| _typeof function| ownKeys function| _objectSpread function| _defineProperty object| _0x46fe function| _0x506e object| BT object| BT_PAGEVIEW_MAP object| blockthrough object| BT_RETRY object| BT_REDIRECT_RULES object| cnx_usr_storage function| fsprebidChunk object| oattr boolean| __@@##MUH function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb function| a object| b boolean| c string| e undefined| f undefined| g undefined| h undefined| k string| m object| apstag object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks object| _qevents object| advBidxc object| _comscore boolean| SVGFEFuncCMYKElement boolean| YSVGFEFuncCMYKElement object| Fi object| __upo_d boolean| uponitAlreadyLoaded function| quantserve function| __qc object| ezt object| _qoptions undefined| firstSpcFetch boolean| apstagLOADED function| udm_ object| ns_p object| COMSCORE function| _mR function| _mD undefined| nQuery number| ntvLoadStart object| ntv object| prdom object| onFocusEvents function| ntvjQueryInit function| ntvExtends function| ntvAppendStylesheet function| ntvAppendScript function| ntvArticleTracker function| ntvGetElementViewability function| ntvViewableImpressionTracker object| PostRelease object| ntvToutAds boolean| onFocus object| GoogleGcLKhOms object| google_image_requests object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager

21 Cookies

Domain/Path Name / Value
.addthis.com/ Name: uvc
Value: 1%7C31
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
www.bleepingcomputer.com/ Name: ntv_as_us_privacy
Value: 1---
www.bleepingcomputer.com/ Name: _fsloc
Value: ?i=PL&c=Warsaw
www.bleepingcomputer.com/ Name: fi_utm
Value: direct%7Cdirect%7C%7C%7C%7C
www.bleepingcomputer.com/ Name: _fsuid
Value: f95094a2-71bd-4b16-a8a1-268636e9217c
.bleepingcomputer.com/ Name: _ga
Value: GA1.2.605872533.1596240698
www.bleepingcomputer.com/ Name: __atuvs
Value: 5f24b339480b8ed2000
www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts Name: fsbotchecked
Value: true
www.bleepingcomputer.com/ Name: fssts
Value: false
.bleepingcomputer.com/ Name: session_id
Value: 68daf3cec4991d84c07cca6703f7c2b7
www.bleepingcomputer.com/ Name: fitracking_12
Value: no
www.bleepingcomputer.com/ Name: _fssid
Value: cf5cb25d-59d5-43dc-baf9-45ef98c73400
.bleepingcomputer.com/ Name: _gid
Value: GA1.2.1168879206.1596240698
.bleepingcomputer.com/ Name: _gat_gtag_UA_91740_1
Value: 1
www.bleepingcomputer.com/ Name: lav
Value: 8856
www.bleepingcomputer.com/ Name: __atuvc
Value: 1%7C31
.media.net/ Name: gdpr_status
Value: 1
.bleepingcomputer.com/ Name: __cfduid
Value: de838680a5cc8295b69e24c929b5888041596240696
.media.net/ Name: visitor-id
Value: 2392422989494759000V10
www.bleepingcomputer.com/ Name: usprivacy
Value: 1---

5 Console Messages

Source Level URL
Text
console-api log URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1)
Message:
Video gallery initializing
console-api info URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js(Line 1)
Message:
%cPubfig background: #00C389; color: #fff; border-radius: 3px; padding: 3px pubfig.messaging.js - Init ========== LOADING MESSAGING ==========
console-api info URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 421)
Message:
Powered by AMP ⚡ HTML – Version 2007210634000 https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
console-api error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924(Line 6)
Message:
TypeError: Cannot read property 'attempt' of undefined
console-api error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js?21066924(Line 6)
Message:
TypeError: Cannot read property 'attempt' of undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6e86b1c7d1063165c37861961550b1cb.safeframe.googlesyndication.com
a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
admiral.mgr.consensu.org
ads.pubmatic.com
adservice.google.com
adservice.google.de
as-sec.casalemedia.com
backend.upapi.net
beacon-eu-ams3.rubiconproject.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.pub.network
capi.connatix.com
cd.connatix.com
cdn.ampproject.org
cdn.districtm.io
cdn.firstimpression.io
cds.connatix.com
cse.google.com
d.pub.network
dapperdiscussion.com
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
ecdn.firstimpression.io
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
graph.facebook.com
hbopenbid.pubmatic.com
hbx.media.net
ib.adnxs.com
img.connatix.com
jadserve.postrelease.com
js-sec.indexww.com
mantodea.mantisadnetwork.com
mrb.upapi.net
pagead2.googlesyndication.com
platform.twitter.com
rules.quantcount.com
s.ntv.io
s7.addthis.com
s9.addthis.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
tlx.3lift.com
tpc.googlesyndication.com
v1.addthisedge.com
vendorlist.consensu.org
vid.connatix.com
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.reddit.com
z.moatads.com
as-sec.casalemedia.com
btlr.sharethrough.com
mantodea.mantisadnetwork.com
s7.addthis.com
104.111.230.142
104.111.238.139
104.16.190.66
104.20.59.209
104.26.13.6
130.211.23.194
151.101.114.137
172.217.23.166
185.3.92.12
185.33.221.87
185.64.189.112
199.232.53.140
2.18.232.130
2.18.233.180
2.18.234.163
2.18.234.21
2.18.235.40
2.18.235.93
212.71.236.31
213.19.162.41
213.19.162.77
216.58.212.162
23.210.248.44
2600:9000:2057:9000:6:44e3:f8c0:93a1
2600:9000:2057:9a00:1:af78:4c0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:246
2606:4700:20::681a:91b
2606:4700:20::ac43:443c
2606:4700:20::ac43:4acf
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:800::2001
2a00:1450:4001:801::2002
2a00:1450:4001:801::2004
2a00:1450:4001:806::2008
2a00:1450:4001:815::200e
2a00:1450:4001:816::2001
2a00:1450:4001:818::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:81f::200a
2a00:1450:4001:824::2002
2a00:1450:4001:825::200e
2a02:fa8:8806:16::1460
2a03:2880:f01c:800e:face:b00c:0:2
3.16.202.217
34.226.243.182
34.249.13.97
34.98.64.218
35.159.48.82
35.188.71.214
35.190.64.11
35.190.76.239
35.226.36.58
52.28.32.108
52.52.244.32
99.86.0.120
02303adac8c1a472c979c0778cf14b9026f06ca2ec7e656c9e90c04ad3dfb31c
02972eb04adc926a442bafcf7080d1fe3262ad80cd6e02451e40b8678a776e5d
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0624390cd57a0f664b409c136d3fc8e4b9ec6bc0d2a83e0fcf23405959033f1a
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0847fb2a4b12a2cfd5b8775ebf0a1ca59c1d8c34894ee2f3f26e827969f39567
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0a8c12761327cd6864d140a4db0fe1e8965d71f26626015f8c8a427c69d03eb8
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
0f976ef0df458e73621f8650af6f1d51db998419ff1b75c9d53b10715964548a
1037cfec2a7fff8b6e0ba16fdba6da80d91b6fb3a00a2806c18b96f11a82569f
120dcbe30a56341ce4bae14bb2514822e3a16c6eaf1caf2eff576fe9c9228920
12e342927984fd4e5a7553f7f5b0cbbba31294b39d467af2e0993087b58ba909
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
1640690e2fdd44bcc82155e440b8910ca1a8a08f3aecf6f5730f58b5063e0fb1
187f239be41d541c6f3d1281845ea641c9a813b679aeb9853da05870c2c8730d
1884da84cb77d5ec0b435fc4ea4dbd306f15b3248c5a9f2c9beea2bd2699bbfe
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
1b90b3eac89eaec3cc421635946e2d2d0c9f252e0d6bacd5ac6513a8fed7a28b
1ceeee8de71dda5a971db714219c3aa71f470d8ebb9031ad79b69ad8929d1163
1e9322d90411989f7e09ef5ad4a3465d6cb97c77741d1030b254cd50d7c7ffe5
1eab91f81bf81819c8832c3a70044b09fc8a6c73fd75df3eda4b0decda03da4f
209d7ccf14a495062cf7ad3295e18dd5a90395fe5bffb984ce94a9ef5436c4ce
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
2344d19fa95a82ce668ff2a39e633dc1b0ce1899122a00ba1673026a8d7f67f0
263cb75aae2d5f444da7f29e4a4c345664b88639e37e878fd5bed2f05aa7b52c
2a6bfabe65ca353e4359be32e10d40b8b514590b536dd93499bc1067e4bf6329
2cbe764c713f70df139c5ccafc40a2c8ec1408258158ce78812554a631ed60a7
2dda7ea92135dcf21660d4d79391d303fc38f6a6524ae74bbe2986f1d2e990d5
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
34a53443cad9286607cfa14ff981007f8e0c20953525e45144337d3be8a7de64
3538089bb08c3b19f65fbcb257e83542d65463b1d8c1272bf19ae74f9c737396
360a25e0b7ac5376a0c319d1eac76df31ffcce5b82faa2f3a0b3ef70f370d151
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3b308373a659653736436e9f035269321fdeacbd353d90ed0271830af2246e66
3d42fc1c349e1ff511ae471d2fce211a3787212180217093d826e2f30006a10d
3e87b877eef97361e7a7a9a951798f0b609156cb148e2e0a2d761d6ac72a7022
41b8a9f4402518c8f5ba3c2b433265af1033e9fa47e609590c2eeb109726a180
434111f92941de50b73bd5d19dbc694b09492bcfe329fed0f5e3304d02b14587
4641cbdc542c4e83a5ee564b14236cf40fbd253c5019e0d24d1282082f3d5bbb
489caa649bc6af24b5de49c2db88c9ec21f992310412f0bdb136c2a9df3c6a87
4ceba3cc609ad8cc0e38c894672d63a3471cb5bba40bacd1d6e5fd9dbf7f0472
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d88c6a9ea4370abd8360a86f75308b72819b8e91f78e8d7a1455b3b4a74f8c1
62b07f5b473f87a3ebe9738f063584774f835dcf8b0c423cab5f8515c93553f5
64174c77b5a80870cf978e69f024e86c45f235a3f59c7041010074031b9fe2fb
66f14ced94dbd60cb3c1f8fc74f67f01d05b4cbeee93c877a2e86ad31847eb44
67a6cb5d31c38a270a8061f3f61e5834340f75a55b8c503b215cfb410d447699
67c6273ceb299667a34445adee98d58eec414eee14bc30e03a088e920a7f6d6d
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2
6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1
6a6a77d4af8485f801196e0abb887d745c1ebaf38df310027cf720ad7517e9b2
6adaf62612623c674af2f597baf83ffa56f157a9ab69346be7c11a9569fdebbc
6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
72018b2fb85742d3f3d5c47ba9cf426167c8a81647ec10c2297861735cd4c785
72dd7991abf944e50a759a9528d4fb2289cc446074513da6ce4edf08aaa3c039
7301462cb27dcb0cf467822211f6cdd478be091ed9d776b29f426ce78c4a414f
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7ab63179543fa3119ce2d1c8c1438a906e9ef9574e2ef0eab139439548e8a594
7b9f890f6baf1dad6a28ae8d4bd8ea391a10fc2167ce3dd3b7f1197c897e2daa
7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8130c2c72afad9d94581ef93aaa00524093103c47c71fce52f606d5ff693c3ce
8170961c1532fa2d52bb9ed84c54ef5c28b80740c2769138a609cf86dd523095
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
8755cd9307346b5061810dde8281e85cc0711e7e666cbe541eb5ba9a2e466004
88b51739707b00a84e01765241550afc02caafa77177348c8c8e40405e0bb366
890baf1d8eca0bfd3ed08a5bf24e5231bb8fd8681684e45f812a5105bd5d2202
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
90093d479af195770bf5b67e4a1639ce1df172a03fd281d08a48617511d515a2
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339
95ee22ac071f1d8e36817b8c0ac32ea740c181c36d025a616203c3c3e4d1eb33
975c84cb120f3e7e284dd6d5a2ce86a88c2c1bb5ca24415d58488d33ebaac033
97ab7cb13314ed5e7b121741f1e35a62070e191055aaac8269dfe1f98f81a60e
9ac37816a4f81a0ac1f8e43e46159e8dfc3d9a9284fe4a3d0ce5f0bead46aaf4
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
a144a0ddb054805ab87d8603010836d660aa41bef7a38d962781cd3af6c4e864
a1af15b17fd7099b2d3a81a8b3aeffd94b26d2c1a58489c3903e11ec5a4896d3
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2d31b6e13761a6af96144fdfd33e9a498dee4f55f5dc298f3d8f190581cf681
a73b18d997ee4f8398b834abacbdd884ebbcac864649035f1635b4ae4068defa
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460
afb482f6f087b3703d633b272cf8a490f112b28046299ab8b4850e215472ff1e
affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b7d78953de3bccc1406d9213473fa2c5d1354bb56265b762024b1eaf5d6a720b
b8a9585923b5ef5ed21453f5f4196884138aa668cf2359ecb2704496245be71a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c13aae6b0d0918926a8eaf07cf102989079d2e3ef81baeb1e9dadda1cf5a11ca
c350272c9e40547374eb75c935c649d92d8fe6b8f65fe17de63dfbe909991553
c654d8afe796095f2af941fb39673bd83ca8558708fe05dfc4191b1a728c111f
c690e7df7514ccc9065b57e3bd7e2cb8ec33895a0801694ae3e5862ad0b95052
c6bce7f1a16858ca7715b6681d16152caf6f3316025ed2a26f6a9a75dfae38c0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd0139c28e426e4878e7a178d3536d1e795fb690dd537ff3b32a5ef20d6c10b2
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
db49b9f2ee839cc6c860d7c4794caec98b08c1b1b85bf609503fee7e1963f4a0
ddef43233b61a1075f4a1d98a4e204510af84284bda4455716d988f00134c9a9
e19d052cce1982535d03f956a57599ecf30bd87b112bc0c59708b8b4faa5213d
e3600960379c037a3f45c4b6cef63799b1a1c31d5f9826d5895182435b53935e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
e9a02f5625ccb8af7800165a75bf1938cec65669e8df94bcd192baa386d787cb
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
eb27e83360e6afac706327aa61251ada4157b0b3f760a6e33217987da6282d29
edf6ab3553d76573e5d5939c0c4a3ada737c98ee962379b25cbf23c96f17d732
ee9b2fe75e3a5637b840957e2f9aefedb394224a1846a731ad7ead76abf91d58
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3d32ea9a9fa05f8170d164890b55e15ce39157bb9ae7e96b047c1996d22a8b
ef52c6d7ef921438fa252b40c6c11a8cd1a661cc96f4c7c84f6037801aa9eebd
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0
f53f425c5656789e2b0df38c0138dc77632f17ba6c6c1ef46a0ef52db3c50710
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955