urlscan.io logo urlscan.io
SecurityTrails logo

www.f-secure.com Open in urlscan Pro
2a02:26f0:6c00:192::1361  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cgi.f-secure.com/cgi-bin/search.cgi?ul=v-descs&q=Trojan-Downloader%3aW32/Nadwn.B
Effective URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Submission: On October 10 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 5 countries across 8 domains to perform 27 HTTP transactions. The main IP is 2a02:26f0:6c00:192::1361, located in European Union and belongs to AKAMAI-ASN1, US. The main domain is www.f-secure.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on April 16th 2018. Valid for: 2 years.
This is the only time www.f-secure.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 193.110.109.54 16273 (F-SECURE-AS)
18 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 52.166.11.26 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.38.61.244 20940 (AKAMAI-ASN1)
1 2 63.140.43.94 15224 (OMNITURE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 209.167.231.17 7160 (NETDYNAMICS)
1 151.101.2.110 54113 (FASTLY)
1 162.247.242.19 23467 (NEWRELIC-...)
27 10
2    193.110.109.54 (Helsinki, Finland)

ASN16273 (F-SECURE-AS, FI)
PTR: cgi.f-secure.com
cgi.f-secure.com
18    2a02:26f0:6c00:192::1361 (European Union)

ASN20940 (AKAMAI-ASN1, US)
www.f-secure.com
2    52.166.11.26 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
addsearch.com
1    2a00:1450:4001:821::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.youtube.com
1    23.38.61.244 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-61-244.deploy.static.akamaitechnologies.com
img.en25.com
2    63.140.43.94 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: f-secure.com.ssl.ldc.d3.sc.omtrdc.net
www-stats-so.f-secure.com
1    2a00:1450:4001:81d::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
s.ytimg.com
2    209.167.231.17 (United States)

ASN7160 (NETDYNAMICS - Oracle Corporation, US)
PTR: e017.en25.com
s2484.t.eloqua.com
1    151.101.2.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
js-agent.newrelic.com
1    162.247.242.19 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-7.nr-data.net
bam.nr-data.net
Domain Requested by
18 www.f-secure.com www.f-secure.com
2 s2484.t.eloqua.com 1 redirects www.f-secure.com
2 www-stats-so.f-secure.com 1 redirects www.f-secure.com
2 addsearch.com www.f-secure.com
addsearch.com
2 cgi.f-secure.com 2 redirects
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com www.f-secure.com
1 s.ytimg.com www.youtube.com
1 img.en25.com www.f-secure.com
1 www.youtube.com www.f-secure.com
27 10
Subject Issuer Validity Valid
www.f-secure.com
DigiCert SHA2 Extended Validation Server CA		 2018-04-16 -
2020-04-28		 2 years crt.sh
www.addsearch.com
DigiCert SHA2 Extended Validation Server CA		 2017-12-29 -
2019-03-04		 a year crt.sh
*.google.com
Google Internet Authority G3		 2018-09-18 -
2018-12-11		 3 months crt.sh
*.en25.com
DigiCert SHA2 Secure Server CA		 2018-04-25 -
2019-07-25		 a year crt.sh
www-stats-so.f-secure.com
DigiCert SHA2 Secure Server CA		 2016-09-29 -
2019-10-04		 3 years crt.sh
*.t.eloqua.com
DigiCert SHA2 Secure Server CA		 2018-02-01 -
2019-02-01		 a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2018-10-03 -
2019-04-14		 6 months crt.sh
*.nr-data.net
GeoTrust RSA CA 2018		 2018-01-11 -
2020-03-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Frame ID: F208F7D09CAF55ACE36E8AFE55116D76
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://cgi.f-secure.com/cgi-bin/search.cgi?ul=v-descs&q=Trojan-Downloader%3aW32/Nadwn.B HTTP 302
    http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Trojan-Downloader:W32/Nadwn.B&orig=email&lan... HTTP 302
    https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^NREUM/i
Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

27
Requests

100 %
HTTPS

30 %
IPv6

8
Domains

10
Subdomains

10
IPs

5
Countries

337 kB
Transfer

869 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cgi.f-secure.com/cgi-bin/search.cgi?ul=v-descs&q=Trojan-Downloader%3aW32/Nadwn.B HTTP 302
    http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Trojan-Downloader:W32/Nadwn.B&orig=email&lang=eng HTTP 302
    https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://www-stats-so.f-secure.com/b/ss/fsecure/1/H.27.5/s48545172758929?AQB=1&ndh=1&t=10%2F9%2F2018%208%3A27%3A4%203%200&fid=448D37B9047B8611-0541BBC158EA2C96&ce=UTF-8&ns=fsecure&pageName=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&g=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&cc=EUR&server=www.f-secure.com&events=event17&c1=%3Atrojan-downloader_generic.shtml&c2=undefined%20%28New%20Web%29&c3=undefined%20%28New%20Web%29&v5=undefined%20%28New%20Web%29&c6=trojan%20downloader_generic.shtml&v7=undefined%20%28New%20Web%29&c9=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&v9=%20web&c14=Direct&c18=1&c19=New&v22=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&c31=%20web&v32=Direct&v33=%2B1&v36=code%20version%20H.27.5%20-%2023-06-2016&c42=%20web&c43=undefined%20%28New%20Web%29&c65=4&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://www-stats-so.f-secure.com/b/ss/fsecure/1/H.27.5/s48545172758929?AQB=1&pccr=true&vidn=2DDEDBEC0531303E-400001208000499D&&ndh=1&t=10%2F9%2F2018%208%3A27%3A4%203%200&fid=448D37B9047B8611-0541BBC158EA2C96&ce=UTF-8&ns=fsecure&pageName=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&g=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&cc=EUR&server=www.f-secure.com&events=event17&c1=%3Atrojan-downloader_generic.shtml&c2=undefined%20%28New%20Web%29&c3=undefined%20%28New%20Web%29&v5=undefined%20%28New%20Web%29&c6=trojan%20downloader_generic.shtml&v7=undefined%20%28New%20Web%29&c9=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&v9=%20web&c14=Direct&c18=1&c19=New&v22=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&c31=%20web&v32=Direct&v33=%2B1&v36=code%20version%20H.27.5%20-%2023-06-2016&c42=%20web&c43=undefined%20%28New%20Web%29&c65=4&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Request Chain 24
  • https://s2484.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=2484&ref2=elqNone&tzo=0&ms=283&optin=disabled HTTP 302
  • https://s2484.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=2484&ref2=elqNone&tzo=0&ms=283&optin=disabled&elqCookie=1

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request trojan-downloader_generic.shtml
www.f-secure.com/v-descs/
Redirect Chain
  • http://cgi.f-secure.com/cgi-bin/search.cgi?ul=v-descs&q=Trojan-Downloader%3aW32/Nadwn.B
  • http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Trojan-Downloader:W32/Nadwn.B&orig=email&lang=eng
  • https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
49 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
31335e9e39c862e273dc0a78c30acc13f150dd4e3dab773568f6dca8380113d6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.f-secure.com
:scheme
https
:path
/v-descs/trojan-downloader_generic.shtml
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
server
Apache
accept-ranges
bytes
content-type
text/html
content-encoding
gzip
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=16070400; includeSubdomains
x-content-type-options
nosniff
x-ua-compatible
IE=edge
content-length
14116
date
Wed, 10 Oct 2018 08:27:03 GMT
vary
Accept-Encoding
set-cookie
country=DE; path=/; domain=f-secure.com

Redirect headers

Date
Wed, 10 Oct 2018 08:27:03 GMT
Server
Apache
Location
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Content-Length
248
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
descriptions.css
www.f-secure.com/sw-desc/css/ 		310 B
418 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/sw-desc/css/descriptions.css
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a3e8b02dd2bbce1365a411c966cfdcfc79c69628f6bf4278cd479a1536d280
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/sw-desc/css/descriptions.css
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 23 May 2018 07:38:23 GMT
server
Apache
date
Wed, 10 Oct 2018 08:27:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
accept-ranges
bytes
vary
Accept-Encoding
content-length
167
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
00-jquery-3.1.1.min.js
www.f-secure.com/documents/styleguide5/js/lib/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5/js/lib/00-jquery-3.1.1.min.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5/js/lib/00-jquery-3.1.1.min.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"15579ac"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=10014028
date
Wed, 10 Oct 2018 08:27:03 GMT
vary
Accept-Encoding
content-length
30085
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
logo-f-secure-black.svg
www.f-secure.com/documents/assets/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.f-secure.com/documents/assets/images/logo-f-secure-black.svg
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
391e27011fb127c8b30afd33cf00da2ba88d592456d227503dac9f5e261bcb3a
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/assets/images/logo-f-secure-black.svg
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
date
Wed, 10 Oct 2018 08:27:03 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
vary
Accept-Encoding
content-length
1762
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
/
addsearch.com/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://addsearch.com/js/?key=6156eca05ef73cc2babc21da4a20c344&categories=1xen
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
nginx /
Resource Hash
eb296bfe97ee4f83c0d1ffde6172cc06f19d2f8c5f4da31dd40fbd5e52ce1f0b

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 10 Oct 2018 08:27:03 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
Vary
Accept-Encoding, User-Agent
Content-Type
application/javascript; charset=UTF-8
00-fs-bootstrap-v1.3.2-min.js
www.f-secure.com/documents/styleguide5/js/ 		93 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5/js/00-fs-bootstrap-v1.3.2-min.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
988ee579c6f24301b81b6708414bb58f2e8fb3fc012d8b1c4030139f634ae505
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5/js/00-fs-bootstrap-v1.3.2-min.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"8afa70f4"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=6805161
date
Wed, 10 Oct 2018 08:27:03 GMT
vary
Accept-Encoding
content-length
27112
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
01-pw-vendor-fsv5-v1.0.0-min.js
www.f-secure.com/documents/styleguide5_vendor/js/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5_vendor/js/01-pw-vendor-fsv5-v1.0.0-min.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
cc483b3cbdbbf4ebdd93b5f577d20fc263ec1e9d4abc334372b1b35d1cd5a11c
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5_vendor/js/01-pw-vendor-fsv5-v1.0.0-min.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"d680fc73"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=9079556
date
Wed, 10 Oct 2018 08:27:03 GMT
vary
Accept-Encoding
content-length
7523
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
02-labs-home-map.js
www.f-secure.com/documents/styleguide5_vendor/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5_vendor/js/02-labs-home-map.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
c1537f2c73fc0f388f16c9d7375dfc71eedfc12bed6079a218080a64c5c0110e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5_vendor/js/02-labs-home-map.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"5e7b3827"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=9319551
date
Wed, 10 Oct 2018 08:27:03 GMT
x-ua-compatible
IE=edge
vary
Accept-Encoding
content-length
2035
x-xss-protection
1; mode=block
expires
Sat, 26 Jan 2019 05:12:54 GMT
f-secure-web.min_4f79d8de16.js
www.f-secure.com/documents/fs-components/js/ 		1 KB
879 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/fs-components/js/f-secure-web.min_4f79d8de16.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
0be570dad193c8e32f3847553751a386071cac1e2cbe2ba67b3cfbf2ba06d013
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/fs-components/js/f-secure-web.min_4f79d8de16.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"c819f009"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=2580086
date
Wed, 10 Oct 2018 08:27:03 GMT
x-ua-compatible
IE=edge
vary
Accept-Encoding
content-length
599
x-xss-protection
1; mode=block
expires
Fri, 09 Nov 2018 05:08:29 GMT
fs-components-v1.3.0-min.js
www.f-secure.com/documents/fs-components/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/fs-components/js/fs-components-v1.3.0-min.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
60b94cffe82663449af7fc4f4a815a3e988dcb321731780e35681593510e0df4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/fs-components/js/fs-components-v1.3.0-min.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"623f821c"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=4011644
date
Wed, 10 Oct 2018 08:27:03 GMT
vary
Accept-Encoding
content-length
2216
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
cookieconsent.min.js
www.f-secure.com/documents/null/js/common/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/null/js/common/cookieconsent.min.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
c09249129425b769ff2f45e829bc1661d03a659ec13d2ef2be1ccacfbde138d0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/null/js/common/cookieconsent.min.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"15159f75"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=6137011
date
Wed, 10 Oct 2018 08:27:03 GMT
x-ua-compatible
IE=edge
vary
Accept-Encoding
content-length
5769
x-xss-protection
1; mode=block
expires
Thu, 20 Dec 2018 09:10:34 GMT
omniture.min_fcae753ec9.js
www.f-secure.com/documents/omniture/js/ 		114 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/omniture/js/omniture.min_fcae753ec9.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
c1e5ef03f0e74da3cc719bc818c2074d0d66f111d1245a2897ca47fec28225bc
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/omniture/js/omniture.min_fcae753ec9.js
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"55e4d3a4"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
public, max-age=6587624
date
Wed, 10 Oct 2018 08:27:03 GMT
vary
Accept-Encoding
content-length
36665
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
00-fs-bootstrap-v1.3.2-min.css
www.f-secure.com/documents/styleguide5/css/ 		228 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
495be716a9509e74006bfba4a0181b025d9b64b5f8d3361d2b07c5d968e6c2a2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"b305dcaa"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
cache-control
public, max-age=6807517
date
Wed, 10 Oct 2018 08:27:03 GMT
x-ua-compatible
IE=edge
vary
Accept-Encoding
content-length
36910
x-xss-protection
1; mode=block
expires
Fri, 28 Dec 2018 03:25:40 GMT
fs-components-v1.3.0-min.css
www.f-secure.com/documents/fs-components/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/fs-components/css/fs-components-v1.3.0-min.css
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
de1aeef58821dec1bfb478f84aef1bdf50aaf5084f7139b477039471f37ad540
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/fs-components/css/fs-components-v1.3.0-min.css
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"66a0f2a"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
cache-control
public, max-age=3271841
date
Wed, 10 Oct 2018 08:27:03 GMT
x-ua-compatible
IE=edge
vary
Accept-Encoding
content-length
2639
x-xss-protection
1; mode=block
expires
Sat, 17 Nov 2018 05:17:44 GMT
01-f-secure-web.min_35e8a96614.css
www.f-secure.com/documents/fs-components/css/ 		496 B
485 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/fs-components/css/01-f-secure-web.min_35e8a96614.css
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
6053ef246fcab3946d57890a2667148988019407737e9a8801bd4428251a3942
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/fs-components/css/01-f-secure-web.min_35e8a96614.css
pragma
no-cache
cookie
country=DE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
:scheme
https
:method
GET
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
etag
"efe53770"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
cache-control
public, max-age=2374498
date
Wed, 10 Oct 2018 08:27:03 GMT
vary
Accept-Encoding
content-length
234
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
FSSansWeb-Regular.woff2
www.f-secure.com/documents/styleguide5/css/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5/css/fonts/FSSansWeb-Regular.woff2
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
01cb4d89923f8badce615bcf182435e00fd766a3d3f10d3db1a9ced884618bf8
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5/css/fonts/FSSansWeb-Regular.woff2
pragma
no-cache
cookie
country=DE
origin
https://www.f-secure.com
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
Origin
https://www.f-secure.com

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
x-content-type-options
nosniff
server
Apache
status
200
date
Wed, 10 Oct 2018 08:27:03 GMT
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
* * * * *
content-length
24264
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
fsg-icon-regular.woff2
www.f-secure.com/documents/styleguide5/css/fonts/ 		60 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5/css/fonts/fsg-icon-regular.woff2
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
504c48c11e68073c4a3a6c078c8482c733825e5521e13584f5d3065b53e00523
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5/css/fonts/fsg-icon-regular.woff2
pragma
no-cache
cookie
country=DE
origin
https://www.f-secure.com
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
Origin
https://www.f-secure.com

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
x-content-type-options
nosniff
server
Apache
status
200
date
Wed, 10 Oct 2018 08:27:03 GMT
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
* * *
content-length
61584
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
/
addsearch.com/searchui/v3/ 		49 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://addsearch.com/searchui/v3/?key=6156eca05ef73cc2babc21da4a20c344&i=
Requested by
Host: addsearch.com
URL: https://addsearch.com/js/?key=6156eca05ef73cc2babc21da4a20c344&categories=1xen
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
nginx /
Resource Hash
789d993118465d98006bdb5667f81eb069cb29b47bea28d5cdb89267e91e3d23

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 10 Oct 2018 08:27:03 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
Vary
Accept-Encoding, User-Agent
Content-Type
application/javascript; charset=UTF-8
FSSansWeb-Bold.woff2
www.f-secure.com/documents/styleguide5/css/fonts/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5/css/fonts/FSSansWeb-Bold.woff2
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/documents/styleguide5/js/lib/00-jquery-3.1.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
b04e77b8cb106d30f236b14502bd7330fd58b58e181f2edbe70d63f4596a8560
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5/css/fonts/FSSansWeb-Bold.woff2
pragma
no-cache
cookie
country=DE
origin
https://www.f-secure.com
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
Origin
https://www.f-secure.com

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
x-content-type-options
nosniff
server
Apache
status
200
date
Wed, 10 Oct 2018 08:27:03 GMT
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
* * * * * *
content-length
25004
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
FSSansWeb-Light.woff2
www.f-secure.com/documents/styleguide5/css/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.f-secure.com/documents/styleguide5/css/fonts/FSSansWeb-Light.woff2
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/documents/styleguide5/js/lib/00-jquery-3.1.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:192::1361 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
10d060c97038541bacfb27e38150ba5515f8001ede5b9cddc1c6f936feae3e95
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/documents/styleguide5/css/fonts/FSSansWeb-Light.woff2
pragma
no-cache
cookie
country=DE
origin
https://www.f-secure.com
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.f-secure.com
referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.f-secure.com/documents/styleguide5/css/00-fs-bootstrap-v1.3.2-min.css
Origin
https://www.f-secure.com

Response headers

strict-transport-security
max-age=16070400; includeSubdomains
x-content-type-options
nosniff
server
Apache
status
200
date
Wed, 10 Oct 2018 08:27:03 GMT
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
* * * * * *
content-length
25188
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
player_api
www.youtube.com/ 		859 B
924 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/documents/omniture/js/omniture.min_fcae753ec9.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
cc267af1e1a68c1b7d8f53e6f7324b7b38afcec1ddfdb2fd6256e688e4e2ddd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 10 Oct 2018 08:27:03 GMT
x-content-type-options
nosniff
server
YouTube Frontend Proxy
content-type
application/javascript
status
200
cache-control
no-cache
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
859
x-xss-protection
1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
expires
Tue, 27 Apr 1971 19:44:06 EST
elqCfg.min.js
img.en25.com/i/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.en25.com/i/elqCfg.min.js?_=1539160023758
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/documents/styleguide5/js/lib/00-jquery-3.1.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.38.61.244 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-38-61-244.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
23818277c974e4ed1d48a04077c6a133bde3435f3d0bafe8dcca49150ebcb986
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 19 Jul 2018 18:05:34 GMT
ETag
"f19be4168b1fd41:0"
Vary
Accept-Encoding
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA"
Cache-Control
no-cache, no-store
Date
Wed, 10 Oct 2018 08:27:04 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
2118
Expires
Wed, 10 Oct 2018 08:27:04 GMT
Cookie set s48545172758929
www-stats-so.f-secure.com/b/ss/fsecure/1/H.27.5/
Redirect Chain
  • https://www-stats-so.f-secure.com/b/ss/fsecure/1/H.27.5/s48545172758929?AQB=1&ndh=1&t=10%2F9%2F2018%208%3A27%3A4%203%200&fid=448D37B9047B8611-0541BBC158EA2C96&ce=UTF-8&ns=fsecure&pageName=%3A%3Av-d...
  • https://www-stats-so.f-secure.com/b/ss/fsecure/1/H.27.5/s48545172758929?AQB=1&pccr=true&vidn=2DDEDBEC0531303E-400001208000499D&&ndh=1&t=10%2F9%2F2018%208%3A27%3A4%203%200&fid=448D37B9047B8611-0541B...
43 B
747 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www-stats-so.f-secure.com/b/ss/fsecure/1/H.27.5/s48545172758929?AQB=1&pccr=true&vidn=2DDEDBEC0531303E-400001208000499D&&ndh=1&t=10%2F9%2F2018%208%3A27%3A4%203%200&fid=448D37B9047B8611-0541BBC158EA2C96&ce=UTF-8&ns=fsecure&pageName=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&g=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&cc=EUR&server=www.f-secure.com&events=event17&c1=%3Atrojan-downloader_generic.shtml&c2=undefined%20%28New%20Web%29&c3=undefined%20%28New%20Web%29&v5=undefined%20%28New%20Web%29&c6=trojan%20downloader_generic.shtml&v7=undefined%20%28New%20Web%29&c9=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&v9=%20web&c14=Direct&c18=1&c19=New&v22=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&c31=%20web&v32=Direct&v33=%2B1&v36=code%20version%20H.27.5%20-%2023-06-2016&c42=%20web&c43=undefined%20%28New%20Web%29&c65=4&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.140.43.94 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
f-secure.com.ssl.ldc.d3.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www-stats-so.f-secure.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Cookie
country=DE; s_prop_42=%20web; s_prop_43=undefined%20%28New%20Web%29; s_cc=true; s_fid=448D37B9047B8611-0541BBC158EA2C96; s_vnum=1541752024060%26vn%3D1; s_invisit=true; s_nr=1539160024061-New; s_pv=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml; s_prop_14=Direct; s_cpmstack=%5B%5B%27Direct%27%2C%271539160024064%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2DDEDBEC0531303E-400001208000499D[CE]
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 10 Oct 2018 08:27:04 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.5.1
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 11 Oct 2018 08:27:04 GMT
Server
Omniture DC/2.0.0
xserver
www106
ETag
"3305320983282384896-5550758065898277085"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Set-Cookie
s_vi=[CS]v1|2DDEDBEC0531303E-400001208000499D[CE]; Expires=Fri, 9 Oct 2020 08:27:04 GMT; Domain=f-secure.com; Path=/
Keep-Alive
timeout=15
Expires
Tue, 09 Oct 2018 08:27:04 GMT

Redirect headers

Date
Wed, 10 Oct 2018 08:27:04 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.5.1
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
0
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 11 Oct 2018 08:27:04 GMT
Server
Omniture DC/2.0.0
xserver
www204
Location
https://www-stats-so.f-secure.com/b/ss/fsecure/1/H.27.5/s48545172758929?AQB=1&pccr=true&vidn=2DDEDBEC0531303E-400001208000499D&&ndh=1&t=10%2F9%2F2018%208%3A27%3A4%203%200&fid=448D37B9047B8611-0541BBC158EA2C96&ce=UTF-8&ns=fsecure&pageName=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&g=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&cc=EUR&server=www.f-secure.com&events=event17&c1=%3Atrojan-downloader_generic.shtml&c2=undefined%20%28New%20Web%29&c3=undefined%20%28New%20Web%29&v5=undefined%20%28New%20Web%29&c6=trojan%20downloader_generic.shtml&v7=undefined%20%28New%20Web%29&c9=https%3A%2F%2Fwww.f-secure.com%2Fv-descs%2Ftrojan-downloader_generic.shtml&v9=%20web&c14=Direct&c18=1&c19=New&v22=%3A%3Av-descs%3Atrojan%20downloader_generic.shtml&c31=%20web&v32=Direct&v33=%2B1&v36=code%20version%20H.27.5%20-%2023-06-2016&c42=%20web&c43=undefined%20%28New%20Web%29&c65=4&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Set-Cookie
s_vi=[CS]v1|2DDEDBEC0531303E-400001208000499D[CE]; Expires=Fri, 9 Oct 2020 08:27:04 GMT; Domain=f-secure.com; Path=/
Keep-Alive
timeout=15
Expires
Tue, 09 Oct 2018 08:27:04 GMT
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflIAAJll/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflIAAJll/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/player_api
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81d::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a599232b27762d0deef401c854b6c5f7f9f7b69c63a22fdf36b99bac156946fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 02 Oct 2018 11:32:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
680060
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
7696
x-xss-protection
1; mode=block
last-modified
Mon, 01 Oct 2018 20:08:25 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
expires
Wed, 10 Oct 2018 11:32:44 GMT
svrGP.aspx
s2484.t.eloqua.com/visitor/v200/
Redirect Chain
  • https://s2484.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=2484&ref2=elqNone&tzo=0&ms=283&optin=disabled
  • https://s2484.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=2484&ref2=elqNone&tzo=0&ms=283&optin=disabled&elqCookie=1
49 B
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2484.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=2484&ref2=elqNone&tzo=0&ms=283&optin=disabled&elqCookie=1
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.167.231.17 , United States, ASN7160 (NETDYNAMICS - Oracle Corporation, US),
Reverse DNS
e017.en25.com
Software
/
Resource Hash
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
Date
Wed, 10 Oct 2018 08:27:04 GMT
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA"
Cache-Control
private,no-cache, no-store
Content-Type
image/gif
Content-Length
49
Expires
-1

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
Date
Wed, 10 Oct 2018 08:27:04 GMT
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA"
Location
//s2484.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=2484&ref2=elqNone&tzo=0&ms=283&optin=disabled&elqCookie=1
Cache-Control
private,no-cache, no-store
Content-Type
text/html; charset=utf-8
Content-Length
256
Expires
-1
nr-974.min.js
js-agent.newrelic.com/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-974.min.js
Requested by
Host: www.f-secure.com
URL: https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
de272e6c7c5237ae60a9f3e96379de2c5778af29343ff06678f767cccf7f7faa

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 10 Oct 2018 08:27:05 GMT
content-encoding
gzip
x-amz-request-id
697864CD6559CD82
x-cache
HIT
status
200
content-length
8756
x-amz-id-2
Syx6X8d+YlHmm1XMkWxU7/5ZeIc7p9fRkKj2AFDL2UDdy0lX+ziSb5nh/XK0+5rEfQJbtiGnpv4=
x-served-by
cache-hhn1539-HHN
last-modified
Wed, 28 Feb 2018 23:33:45 GMT
server
AmazonS3
x-timer
S1539160025.290383,VS0,VE0
etag
"634571f9ce8c2fed916ddca30914f48a"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
55
1fccd16bb0
bam.nr-data.net/1/ 		57 B
254 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/1fccd16bb0?a=26286576&sa=1&v=974.7d740e1&t=Unnamed%20Transaction&rst=2151&ref=https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml&be=561&fe=1577&dc=273&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1539160023150,%22n%22:0,%22f%22:397,%22dn%22:397,%22dne%22:427,%22c%22:427,%22s%22:432,%22ce%22:445,%22rq%22:445,%22rp%22:549,%22rpe%22:549,%22dl%22:551,%22di%22:834,%22ds%22:834,%22de%22:835,%22dc%22:2137,%22l%22:2137,%22le%22:2140%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-974.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.19 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS
bam-7.nr-data.net
Software
/
Resource Hash
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

Referer
https://www.f-secure.com/v-descs/trojan-downloader_generic.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| NREUM object| newrelic function| __nr_require function| $ function| jQuery object| addsearch_custdata object| AddSearchAsync undefined| materialForm object| input function| $f function| flowplayer function| flashembed object| DomReady function| html5media function| _ undefined| labHomeMap undefined| topNavigation undefined| fsModalVideo object| $header number| $navbarHeight number| $headerHeight boolean| isIOS boolean| isSafari object| isChrome object| cookieconsentlocales object| cookieconsent string| displayLanguage string| cname string| cvalue string| barCSSTransition function| createCookie function| readCookie function| s_doPlugins function| s_getLoadTime function| onYouTubePlayerReady function| s_YTp function| s_YTisa function| s_YTism function| s_YTgk function| onYouTubePlayerAPIReady function| s_YTdi function| s_YTei function| s_YTut function| s_YTdv function| s_YTv function| s_gi function| s_giqf function| YThtml5apiAdd function| fileDL function| stackingValue function| trackFormThankYou function| trackIE8PopupDialog function| getPartnerCountryName function| trackExternalDownload function| trackFormError function| checkExitLink function| trackLiveChat function| trackPartnerPin function| trackPartnerLocator function| checkStatus function| getSelectedCountry function| getCountryName function| getLanguageName function| trackPageView function| submitOmnitureData function| checkDuplicateButtonLink object| s object| s_YTO string| s_code string| s_objectID object| tag object| firstScriptTag boolean| isDownloadTracked object| _elqQ function| elqCall undefined| timer string| languageCode string| site string| corporateSite string| country boolean| isDownloadFlag boolean| isDialogOpenFlag string| sectionName string| dialogName string| pinCity string| subscribe string| linkInternalFilters object| isoCountries string| s_account string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| test number| s_loadT string| k string| j string| s_tnt object| s_i_0_fsecure string| addsearch_suid object| addsearch_searchsettings object| addsearch_i18n string| addsearch_html string| addsearch_social object| addsearchUtils object| addsearch object| YT object| YTConfig function| onYTReady object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| _elq

15 Cookies

Domain/Path Name / Value
.f-secure.com/ Name: s_ppv
Value: 55
.f-secure.com/ Name: s_sq
Value: %5B%5BB%5D%5D
.f-secure.com/ Name: s_cpmstack
Value: %5B%5B%27Direct%27%2C%271539160024064%27%5D%5D
.f-secure.com/ Name: s_prop_14
Value: Direct
www.f-secure.com/ Name: s_prop14
Value: 1st visit
.f-secure.com/ Name: s_nr
Value: 1539160024061-New
.f-secure.com/ Name: s_invisit
Value: true
.f-secure.com/ Name: country
Value: DE
.f-secure.com/ Name: s_cc
Value: true
.f-secure.com/ Name: s_vnum
Value: 1541752024060%26vn%3D1
.f-secure.com/ Name: s_prop_42
Value: %20web
.f-secure.com/ Name: s_prop_43
Value: undefined%20%28New%20Web%29
.f-secure.com/ Name: s_fid
Value: 448D37B9047B8611-0541BBC158EA2C96
.f-secure.com/ Name: s_vi
Value: [CS]v1|2DDEDBEC0531303E-400001208000499D[CE]
.f-secure.com/ Name: s_pv
Value: %3A%3Av-descs%3Atrojan%20downloader_generic.shtml

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addsearch.com
bam.nr-data.net
cgi.f-secure.com
img.en25.com
js-agent.newrelic.com
s.ytimg.com
s2484.t.eloqua.com
www-stats-so.f-secure.com
www.f-secure.com
www.youtube.com
151.101.2.110
162.247.242.19
193.110.109.54
209.167.231.17
23.38.61.244
2a00:1450:4001:81d::200e
2a00:1450:4001:821::200e
2a02:26f0:6c00:192::1361
52.166.11.26
63.140.43.94
01cb4d89923f8badce615bcf182435e00fd766a3d3f10d3db1a9ced884618bf8
0be570dad193c8e32f3847553751a386071cac1e2cbe2ba67b3cfbf2ba06d013
10d060c97038541bacfb27e38150ba5515f8001ede5b9cddc1c6f936feae3e95
23818277c974e4ed1d48a04077c6a133bde3435f3d0bafe8dcca49150ebcb986
31335e9e39c862e273dc0a78c30acc13f150dd4e3dab773568f6dca8380113d6
391e27011fb127c8b30afd33cf00da2ba88d592456d227503dac9f5e261bcb3a
495be716a9509e74006bfba4a0181b025d9b64b5f8d3361d2b07c5d968e6c2a2
504c48c11e68073c4a3a6c078c8482c733825e5521e13584f5d3065b53e00523
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
6053ef246fcab3946d57890a2667148988019407737e9a8801bd4428251a3942
60b94cffe82663449af7fc4f4a815a3e988dcb321731780e35681593510e0df4
789d993118465d98006bdb5667f81eb069cb29b47bea28d5cdb89267e91e3d23
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
988ee579c6f24301b81b6708414bb58f2e8fb3fc012d8b1c4030139f634ae505
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a599232b27762d0deef401c854b6c5f7f9f7b69c63a22fdf36b99bac156946fc
b04e77b8cb106d30f236b14502bd7330fd58b58e181f2edbe70d63f4596a8560
c09249129425b769ff2f45e829bc1661d03a659ec13d2ef2be1ccacfbde138d0
c1537f2c73fc0f388f16c9d7375dfc71eedfc12bed6079a218080a64c5c0110e
c1e5ef03f0e74da3cc719bc818c2074d0d66f111d1245a2897ca47fec28225bc
cc267af1e1a68c1b7d8f53e6f7324b7b38afcec1ddfdb2fd6256e688e4e2ddd8
cc483b3cbdbbf4ebdd93b5f577d20fc263ec1e9d4abc334372b1b35d1cd5a11c
d5a3e8b02dd2bbce1365a411c966cfdcfc79c69628f6bf4278cd479a1536d280
de1aeef58821dec1bfb478f84aef1bdf50aaf5084f7139b477039471f37ad540
de272e6c7c5237ae60a9f3e96379de2c5778af29343ff06678f767cccf7f7faa
eb296bfe97ee4f83c0d1ffde6172cc06f19d2f8c5f4da31dd40fbd5e52ce1f0b
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab