www.guardicore.com Open in urlscan Pro
35.235.124.140 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Submission: On November 09 via api (November 9th 2020, 9:31:14 am UTC) from US

Summary HTTP 124 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 39 IPs in 6 countries across 30 domains to perform 124 HTTP transactions. The main IP is 35.235.124.140, located in Mountain View, United States and belongs to GOOGLE, US. The main domain is www.guardicore.com.
TLS certificate: Issued by Gandi Standard SSL CA 2 on May 3rd 2020. Valid for: 2 years.

This is the only time www.guardicore.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	35.235.124.140 35.235.124.140	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
3	50.19.229.101 50.19.229.101	14618 (AMAZON-AES) (AMAZON-AES)
5	13.224.93.83 13.224.93.83	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE)
3	104.109.70.122 104.109.70.122	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.111.11.182 23.111.11.182	33438 (HIGHWINDS2) (HIGHWINDS2)
3	13.224.93.32 13.224.93.32	16509 (AMAZON-02) (AMAZON-02)
6	18.232.28.189 18.232.28.189	14618 (AMAZON-AES) (AMAZON-AES)
3	23.111.11.71 23.111.11.71	33438 (HIGHWINDS2) (HIGHWINDS2)
3	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
1	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
2	13.224.93.36 13.224.93.36	16509 (AMAZON-02) (AMAZON-02)
1	13.224.93.51 13.224.93.51	16509 (AMAZON-02) (AMAZON-02)
4	2a02:26f0:eb:... 2a02:26f0:eb:385::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	13.224.93.123 13.224.93.123	16509 (AMAZON-02) (AMAZON-02)
2	99.86.7.64 99.86.7.64	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
1	34.232.79.176 34.232.79.176	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
2	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 3	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.252.252.123 34.252.252.123	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	2606:4700:20:... 2606:4700:20::ac43:45e2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY)
1	52.216.29.102 52.216.29.102	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:1b:... 2a04:4e42:1b::393	54113 (FASTLY) (FASTLY)
124	39

30 35.235.124.140 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 140.124.235.35.bc.googleusercontent.com

www.guardicore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staging-covuyicu.temp927.kinsta.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.19.229.101 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-229-101.compute-1.amazonaws.com

track.gaconnector.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.224.93.83 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-83.zrh50.r.cloudfront.net

chat.exceed.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.109.70.122 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-70-122.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.11.182 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.93.32 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-32.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.232.28.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-6-ue1.aws.pardot.com

go.guardicore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.111.11.71 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.220.145 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.93.36 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-36.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.93.51 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-51.zrh50.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:eb:385::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.93.123 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-123.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.7.64 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-64.fra6.r.cloudfront.net

webchat.exceed.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.232.79.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

prod.exceed.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:22::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.252.123 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-252-123.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:45e2 (United States)

ASN13335 (CLOUDFLARENET, US)

ipapi.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::622 (Ascension Island)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.29.102 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::393 (Ascension Island)

ASN54113 (FASTLY, US)

res.cloudinary.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	guardicore.com www.guardicore.com go.guardicore.com	2 MB
8	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	149 KB
8	exceed.ai chat.exceed.ai webchat.exceed.ai prod.exceed.ai	491 KB
8	googleapis.com fonts.googleapis.com maps.googleapis.com	128 KB
7	google.com www.google.com	1 KB
4	pardot.com go.pardot.com pi.pardot.com	112 KB
4	facebook.com www.facebook.com	619 B
4	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	1 KB
4	google.de www.google.de	777 B
4	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	4 KB
4	facebook.net connect.facebook.net	182 KB
4	bing.com bat.bing.com	17 KB
4	licdn.com snap.licdn.com	5 KB
4	omappapi.com a.omappapi.com api.omappapi.com	77 KB
4	google-analytics.com www.google-analytics.com	55 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	8 KB
3	gaconnector.com track.gaconnector.com	7 KB
3	kinsta.cloud staging-covuyicu.temp927.kinsta.cloud	2 KB
2	twitter.com analytics.twitter.com	815 B
2	t.co t.co	618 B
2	ads-twitter.com static.ads-twitter.com	4 KB
2	googleadservices.com www.googleadservices.com	23 KB
2	googletagmanager.com www.googletagmanager.com	107 KB
1	cloudinary.com res.cloudinary.com	14 KB
1	amazonaws.com s3.amazonaws.com	671 B
1	wistia.com fast.wistia.com	110 KB
1	gstatic.com www.gstatic.com	136 KB
1	ipapi.co ipapi.co	995 B
1	adnxs.com secure.adnxs.com	708 B
1	opmnstr.com a.opmnstr.com	62 KB
124	30

	Domain	Requested by
27	www.guardicore.com	www.guardicore.com
7	www.google.com	www.guardicore.com go.guardicore.com www.gstatic.com
6	maps.googleapis.com	chat.exceed.ai maps.googleapis.com
5	chat.exceed.ai	www.guardicore.com chat.exceed.ai
4	www.facebook.com	www.guardicore.com connect.facebook.net go.guardicore.com
4	www.google.de	www.guardicore.com go.guardicore.com
4	connect.facebook.net	www.guardicore.com connect.facebook.net
4	bat.bing.com	www.googletagmanager.com www.guardicore.com go.guardicore.com
4	snap.licdn.com	www.googletagmanager.com snap.licdn.com
4	www.google-analytics.com	www.guardicore.com www.google-analytics.com
3	px.ads.linkedin.com	1 redirects www.guardicore.com go.guardicore.com
3	a.omappapi.com	www.guardicore.com a.opmnstr.com
3	static.hotjar.com	www.guardicore.com www.googletagmanager.com
3	track.gaconnector.com	www.guardicore.com track.gaconnector.com go.guardicore.com
3	staging-covuyicu.temp927.kinsta.cloud	www.guardicore.com
2	pi.pardot.com	go.guardicore.com pi.pardot.com
2	go.pardot.com	go.guardicore.com
2	analytics.twitter.com	static.ads-twitter.com
2	t.co	www.guardicore.com go.guardicore.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	webchat.exceed.ai	chat.exceed.ai
2	vars.hotjar.com	static.hotjar.com
2	static.ads-twitter.com	www.googletagmanager.com
2	www.googleadservices.com	www.googletagmanager.com
2	script.hotjar.com	static.hotjar.com
2	go.guardicore.com	www.guardicore.com pi.pardot.com
2	www.googletagmanager.com	www.guardicore.com go.guardicore.com
2	fonts.googleapis.com	www.guardicore.com
1	res.cloudinary.com	www.guardicore.com
1	s3.amazonaws.com
1	fast.wistia.com	pi.pardot.com
1	www.gstatic.com	www.google.com
1	ipapi.co	chat.exceed.ai
1	in.hotjar.com	script.hotjar.com
1	www.linkedin.com	1 redirects
1	prod.exceed.ai	chat.exceed.ai
1	b.6sc.co	www.guardicore.com
1	api.omappapi.com	a.opmnstr.com
1	secure.adnxs.com	j.6sc.co
1	c.6sc.co	j.6sc.co
1	a.opmnstr.com	www.guardicore.com
1	j.6sc.co	www.guardicore.com
124	43

This site contains links to these domains. Also see Links.

Domain
guardicore.allbound.com
threatintelligence.guardicore.com
github.com
securityboulevard.com
www.welivesecurity.com
www.linkedin.com
twitter.com
www.facebook.com
linkedin.com
earlruby.org
www.youtube.com
customers.guardicore.com

Subject Issuer	Validity	Valid
*.guardicore.com Gandi Standard SSL CA 2	`2020-05-03` - `2022-05-09`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.temp927.kinsta.cloud Sectigo RSA Domain Validation Secure Server CA	`2020-07-29` - `2021-07-29`	a year	crt.sh
*.gaconnector.com Sectigo RSA Domain Validation Secure Server CA	`2019-08-06` - `2021-08-05`	2 years	crt.sh
*.exceed.ai Amazon	`2019-12-04` - `2021-01-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2020-01-07` - `2021-04-07`	a year	crt.sh
*.opmnstr.com Go Daddy Secure Certificate Authority - G2	`2019-04-11` - `2021-04-11`	2 years	crt.sh
*.hotjar.com Amazon	`2020-01-22` - `2021-02-22`	a year	crt.sh
go.guardicore.com Let's Encrypt Authority X3	`2020-10-30` - `2021-01-28`	3 months	crt.sh
*.omappapi.com Go Daddy Secure Certificate Authority - G2	`2020-03-16` - `2022-03-16`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
api.opmnstr.com Amazon	`2020-04-09` - `2021-05-09`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2020-10-27` - `2021-04-27`	6 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.google.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh
go.pardot.com DigiCert SHA2 Secure Server CA	`2019-12-26` - `2020-12-26`	a year	crt.sh
*.googleadservices.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2019-12-26` - `2020-12-26`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-23` - `2021-05-07`	6 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2020-08-04` - `2021-08-09`	a year	crt.sh
*.cloudinary.com Go Daddy Secure Certificate Authority - G2	`2020-05-27` - `2022-06-22`	2 years	crt.sh

This page contains 6 frames:

Primary Page: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Frame ID: 6D83CDF4F8D2821B1500532A337666AC
Requests: 91 HTTP requests in this frame

Frame: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Frame ID: 8BE10326C59B704315E6B9998F108484
Requests: 29 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 957A4604E6B46A2330787038595CB0D4
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5ndWFyZGljb3JlLmNvbTo0NDM.&hl=en&v=1AZgzF1o3OlP73CVr69UmL65&size=normal&cb=79hxsr7d30t2
Frame ID: 585A8F7A4638CC3846720EAEEC1D5A09
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: C13A41C7A34CF78CBC8EA7D88C8D30E4
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=1AZgzF1o3OlP73CVr69UmL65&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fkpsdydgy2r5
Frame ID: 9483E524D423E2954D4903B9B2EB88C2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

124
Requests

100 %
HTTPS

50 %
IPv6

30
Domains

43
Subdomains

39
IPs

6
Countries

3428 kB
Transfer

9566 kB
Size

24
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://guardicore.allbound.com/
Title: Partner Log-In

Search URL Search Domain Scan URL

URL: https://threatintelligence.guardicore.com/
Title: Cyber Threat Intelligence

Search URL Search Domain Scan URL

URL: https://github.com/guardicore/labs_campaigns/tree/master/FritzFrog
Title: Github repository

Search URL Search Domain Scan URL

URL: https://securityboulevard.com/2020/06/ssh-targeting-golang-bots-becoming-the-new-norm/
Title: IRCflu

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2016/12/20/new-linuxrakos-threat-devices-servers-ssh-scan/
Title: Rakos

Search URL Search Domain Scan URL

URL: https://github.com/guardicore/labs_campaigns/blob/master/FritzFrog/detect_fritzfrog.sh
Title: FritzFrog detection script

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/guardicore
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/guardicore
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/guardicore/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/&t=FritzFrog%3A%20A%20New%20Generation%20of%3Cbr%2F%3EPeer-to-Peer%20Botnets
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=FritzFrog%3A%20A%20New%20Generation%20of%3Cbr%2F%3EPeer-to-Peer%20Botnets&url=https://www.guardicore.com/?p=24914
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://linkedin.com/shareArticle?mini=true&title=FritzFrog%3A%20A%20New%20Generation%20of%3Cbr%2F%3EPeer-to-Peer%20Botnets&url=https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://earlruby.org/
Title: Earl Ruby

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCxu1wG7IO4tfW9HFqV08YOw/featured
Title: Youtube

Search URL Search Domain Scan URL

URL: https://customers.guardicore.com/
Title: Customer Portal

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=265698&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&time=1604914257049 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D265698%26url%3Dhttps%253A%252F%252Fwww.guardicore.com%252F2020%252F08%252Ffritzfrog-p2p-botnet-infects-ssh-servers%252F%26time%3D1604914257049%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=265698&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&time=1604914257049&liSync=true

124 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/ 100 KB
23 KB 867ms
334ms Document
text/html 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

140.124.235.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

3cda769850b7e6155d07c41864ee3a23b062826a1123ef62741fadc6da2896e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.guardicore.com
:scheme: https
:path: /2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
server: nginx
date: Mon, 09 Nov 2020 09:30:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=39c01088dbbd7f1ad4195837565a28ad; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-pingback: https://www.guardicore.com/xmlrpc.php
link: <https://www.guardicore.com/wp-json/>; rel="https://api.w.org/" <https://www.guardicore.com/wp-json/wp/v2/posts/24914>; rel="alternate"; type="application/json" <https://www.guardicore.com/?p=24914>; rel=shortlink
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
x-kinsta-cache: HIT
content-encoding: gzip
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfd9f95eeb43b6841cd1dcc6493a9cf483

GET
H2 200 autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
www.guardicore.com/wp-content/cache/autoptimize/css/ 832 KB
138 KB 345ms
341ms Stylesheet
text/css 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 91b314d1d6f84b49b65a2435232ea7325e3a57a4039442b9b3bcccc54f87818d

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:03 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 09:30:55 GMT
server: nginx
status: 200
etag: W/"5fa90c4f-d0097"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfbe3ce44180ca7f1d01075e119bd0b23d
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 autoptimize_5eda3958f985241d18a528c258ed43ce.css
www.guardicore.com/wp-content/cache/autoptimize/css/ 28 KB
6 KB 186ms
182ms Stylesheet
text/css 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_5eda3958f985241d18a528c258ed43ce.css
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: eebfbc9e23f08d221cff8a2a5be2b12269af2a43dcee1fc470a849306a3f7352

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:03 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 09:27:27 GMT
server: nginx
status: 200
etag: W/"5fa90b7f-6eeb"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf547deb6948031b9a54fd93be07ab0b0f
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 20ms
17ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700%7CRoboto%3A100%2C300%2C400%2C700&ver=5.5.3

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

54f1228c4a0a07016155305f2ef11f299378f7348b0e07334166fa489fb91bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Nov 2020 07:46:24 GMT
server: ESF
date: Mon, 09 Nov 2020 09:30:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Nov 2020 09:30:55 GMT

GET
H2 200 style.css
staging-covuyicu.temp927.kinsta.cloud/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 2 KB
886 B 713ms
173ms Stylesheet
text/css 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://staging-covuyicu.temp927.kinsta.cloud/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/style.css?ver=1
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2feb39bd405a8f0299a4115689da22f8165bcc61e8f5d9ed4a1c4cc5fd3a85ab

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
content-encoding: gzip
last-modified: Mon, 21 Sep 2020 10:57:25 GMT
server: nginx
status: 200
etag: W/"5f688715-6dd"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
x-robots-tag: noindex, nofollow, nosnippet, noarchive
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf306a3f24d0ecc8700b3f96e1326277ff
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
staging-covuyicu.temp927.kinsta.cloud/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/ 226 B
543 B 714ms
174ms Stylesheet
text/css 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://staging-covuyicu.temp927.kinsta.cloud/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.css?ver=1
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6d82524320851cd20cae529e3b2e8f44041aac4cff1d5352d115fb2f3819d742

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Mon, 21 Sep 2020 10:57:25 GMT
server: nginx
etag: "5f688715-e2"
status: 200
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-length: 226
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfbe2752c8c7ed14a63032629296746e95
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 autoptimize_single_6758f0f36e1898ae3a47daea1643854e.css
www.guardicore.com/wp-content/cache/autoptimize/css/ 121 KB
16 KB 190ms
188ms Stylesheet
text/css 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_single_6758f0f36e1898ae3a47daea1643854e.css?ver=5f9831dd4e8c4
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99609f305da56c09fadfff5a713e12310bc972884d55aed8d5df75aa536066da

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:03 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 09:27:27 GMT
server: nginx
status: 200
etag: W/"5fa90b7f-1e569"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf33867b0d5c4d4a975891eb4c6f6d148a
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.js Show response
www.guardicore.com/wp-includes/js/jquery/ 95 KB
34 KB 359ms
357ms Script
application/javascript 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:03 GMT
content-encoding: gzip
last-modified: Sun, 26 May 2019 13:11:48 GMT
server: nginx
status: 200
etag: W/"5cea9094-17a69"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf5b4d55cb15de6719f5ca0d4deb10b31c
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 script.js Show response
staging-covuyicu.temp927.kinsta.cloud/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 702 B
726 B 714ms
175ms Script
application/javascript 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://staging-covuyicu.temp927.kinsta.cloud/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/script.js?ver=1
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 66d18f6dc9983a817863220206f19b9b68ff7413f6f885bd2892c024fcc18252

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
content-encoding: gzip
last-modified: Mon, 21 Sep 2020 10:57:25 GMT
server: nginx
status: 200
etag: W/"5f688715-2be"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
x-robots-tag: noindex, nofollow, nosnippet, noarchive
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfd3d4dba1644c91e660115ac90f115b3c
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gaconnector.js Show response
track.gaconnector.com/ 7 KB
3 KB 337ms
107ms Script
text/plain 50.19.229.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track.gaconnector.com/gaconnector.js
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.19.229.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-19-229-101.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 52ef81f35cd6cfbb4ad081fd762c4bbcfb333cd29b733357ec263b1916ea1713

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:55 GMT
access-control-request-method: *
server: nginx/1.18.0
status: 200
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, GET
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
access-control-allow-headers: *
content-length: 2825
expires: Mon, 09 Nov 2020 10:30:55 GMT

GET
H2 200 exceedChatWidget.js Show response
chat.exceed.ai/ 5 KB
5 KB 148ms
54ms Script
application/javascript 13.224.93.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://chat.exceed.ai/exceedChatWidget.js?sequenceid=5db5ab29aecd914c45848970
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.83 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cbd5a09e4f66d3c6602521d5915c62ea9f6673ea50ca0147ab52c7ccd3f54ebc

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:55 GMT
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
last-modified: Tue, 03 Nov 2020 18:51:13 GMT
server: AmazonS3
x-amz-cf-pop: ZRH50-C1
etag: "c1f9c482e812e96494b6103b88cad97c"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 4655
x-amz-cf-id: NUn92zpQeeH7w9jKUXN92dsYHfk3wNd8lZFTJUv3fO0NmGtfUkMKeg==

GET
H2 200 en.png
www.guardicore.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ 600 B
868 B 177ms
177ms Image
image/png 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/en.png
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3f47c75fa68e49b1cdca50c61e9cd6603b57c521e5e6809df59a4a15e291a4ef

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Mon, 21 Sep 2020 10:57:23 GMT
server: nginx
etag: "5f688713-258"
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 600
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf57800d0c0261b54071334357544f6ed5
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 es.png
www.guardicore.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ 325 B
593 B 177ms
177ms Image
image/png 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/es.png
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: f71e440bd8074d59686f35d87b824c16f5310a34bab7fb017b0178bd726e35d3

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Mon, 21 Sep 2020 10:57:23 GMT
server: nginx
etag: "5f688713-145"
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 325
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf3a5b3f3c4064941331233b25d3bf5361
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 guardicore-logo-white-space.png
www.guardicore.com/wp-content/uploads/2019/02/ 5 KB
5 KB 180ms
174ms Image
image/png 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 08f2da7406d489243e2cca440f92ebee6472e71fa643c8ccb900bbd95fdb92f0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 13 Feb 2019 21:43:23 GMT
server: nginx
etag: "5c648f7b-13ad"
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 5037
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfa7895b0f8a2f604d63901851a5f87273
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Ophir-Harpaz-1-80x80.jpg
www.guardicore.com/wp-content/uploads/2019/04/ 68 KB
69 KB 180ms
174ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2019/04/Ophir-Harpaz-1-80x80.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 64b1e926728bc8f4cad4a2c65df158480e5f672f3b964feaeed99fadf4c47df0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Fri, 05 Apr 2019 08:33:24 GMT
server: nginx
etag: "5ca712d4-11142"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 69954
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf3686d08a470f6a98c5c11a7b7b3b7417
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 map-image.jpg
www.guardicore.com/wp-content/uploads/2020/08/ 146 KB
147 KB 180ms
174ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2020/08/map-image.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1ef6253a1856c4b212bd1ab29a69dc0dbeee4f56473aab3726716ceebaabafcd

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 19 Aug 2020 07:37:20 GMT
server: nginx
etag: "5f3cd6b0-2490f"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 149775
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf4ee1efe76d27cde85930b953d4c9ab9b
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 number-of-fritzfrog.jpg
www.guardicore.com/wp-content/uploads/2020/08/ 138 KB
139 KB 180ms
174ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2020/08/number-of-fritzfrog.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4215b73febfb95635539227324e96da15d044ace1b1a45301bf0e32e45b04b00

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 19 Aug 2020 07:39:49 GMT
server: nginx
etag: "5f3cd745-229c4"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 141764
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf9c83fc33a9ff049b977784aa41c8e10d
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 traffic.jpg
www.guardicore.com/wp-content/uploads/2020/08/ 89 KB
90 KB 181ms
176ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2020/08/traffic.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6412b40a1d7dfec4f4548e26661d38b3f90c1633ccb735fd9bd8c44a8f26a4b9

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 19 Aug 2020 07:46:19 GMT
server: nginx
etag: "5f3cd8cb-1650f"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 91407
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMff0721271889e69d3f8cd276927652b19
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frog-attack.jpg
www.guardicore.com/wp-content/uploads/2020/08/ 122 KB
122 KB 181ms
176ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2020/08/frog-attack.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: f61c2033c763b170c33b5dd5fad3d429d9ac6e8886c0e1f1486b3b34c1ccc91a

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 19 Aug 2020 07:48:00 GMT
server: nginx
etag: "5f3cd930-1e65c"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 124508
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf4c3cd21556bbddb34f7e07bf76833cec
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 worker.jpg
www.guardicore.com/wp-content/uploads/2020/08/ 161 KB
162 KB 185ms
181ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2020/08/worker.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0a3ceea781311cafd77281f8525498e36f8b674f0261a98ebfb418aa30698

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 19 Aug 2020 08:01:48 GMT
server: nginx
etag: "5f3cdc6c-284b4"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 165044
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf75fb4f6476f607ef173244442763d4bd
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 output.jpg
www.guardicore.com/wp-content/uploads/2020/08/ 130 KB
131 KB 342ms
337ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2020/08/output.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6c57aec349a90319a99b94b8b43e99b513c823024bdea72e8cf4d8ee67b2abdc

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 19 Aug 2020 08:08:31 GMT
server: nginx
etag: "5f3cddff-20983"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 133507
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf7031bdd820c101fcd33c39229a78698e
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 908
date: Mon, 09 Nov 2020 09:15:48 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Mon, 09 Nov 2020 11:15:48 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 183 KB
53 KB 19ms
15ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

980833e93c3d22cb6bf14adc99ad0518455b545d1e1b01d407fe83c9f258d985

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54434
x-xss-protection: 0
last-modified: Mon, 09 Nov 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Nov 2020 09:30:56 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 15 KB
7 KB 84ms
26ms Script
application/javascript 104.109.70.122
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.70.122 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-70-122.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 22:09:24 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5f6d1914-3a6c"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 6116

GET
H2 200 /
www.guardicore.com/ 3 KB
3 KB 717ms
714ms Image
image/png 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guardicore.com/?cta_securimage=Y&distortion=0.5&signature=&signatureColour=000000&mathOrText=text

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

140.124.235.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

791c07488ac44202e42b742b2fbab448b48f7ec699da4770961f73f5e40dec97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Mon, 09 Nov 2020 09:30:56GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
strict-transport-security: max-age=15768000; includeSubDomains
x-kinsta-cache: BYPASS
x-xss-protection: 1; mode=block
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf44c5b373cd10d58d48d04f98b9006771
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 210 KB
62 KB 57ms
15ms Script
application/javascript 23.111.11.182
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.11.182 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 1dc3d0ddeb900b0a56df76e80b0182ddf71c222d611ecfaf3ea133fa4b33b619

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
last-modified: Mon, 02 Nov 2020 17:33:06 GMT
server: NetDNA-cache/2.2
x-amz-request-id: F045BE600999E4DB
etag: W/"318f3675f3fd1e7ef694fb5638515bf8"
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
access-control-allow-origin: *
x-amz-id-2: W3BAXSzFnebZ1rBpuab5Imr5O+bRnDtpgj0xOz+DqlMkaKqCaKWqHlkDhOe24o/nJJcf/mYSEOk=
expires: Thu, 04 Nov 2021 09:30:56 GMT

GET
H2 200 autoptimize_1c556131606f4b6435c2a83c237290c4.js Show response
www.guardicore.com/wp-content/cache/autoptimize/js/ 695 KB
166 KB 502ms
499ms Script
application/javascript 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/cache/autoptimize/js/autoptimize_1c556131606f4b6435c2a83c237290c4.js
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 10202053ff9d3ee24997670f728a0f67e757e08beddedb88148180dee0d48c34

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 09:28:25 GMT
server: nginx
status: 200
etag: W/"5fa90bb9-adbcc"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMff15de68d0c445bd1b3e08f7733f33e58
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 track_pageview Show response
track.gaconnector.com/ 559 B
739 B 301ms
102ms XHR
text/plain 50.19.229.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track.gaconnector.com/track_pageview?gaconnector_id=2ed521ef-327c-85ce-4ff5-d0db9e668289&account_id=4f614d48eef0b665892780d0608acd04&referer=&GA_Client_ID=undefined&page_url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&gclid=&utm_campaign=&utm_term=&utm_content=&utm_source=&utm_medium=
Requested by: Host: track.gaconnector.com
URL: https://track.gaconnector.com/gaconnector.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.19.229.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-19-229-101.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 79a0be939284ef1ca5b68189455821955a74b07d8cb3f6484534943622946a21

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
access-control-request-method: *
server: nginx/1.18.0
status: 200
access-control-allow-methods: OPTIONS, GET
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 559

GET
H2 200 hotjar-1548397.js Show response
static.hotjar.com/c/ 10 KB
3 KB 129ms
47ms Script
application/javascript 13.224.93.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1548397.js?sv=6

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.32 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-93-32.zrh50.r.cloudfront.net

Software

Resource Hash

f96247787b9c442071dce74a2bc8d903f74b6db3b179500131099016f206ad13

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: ZRH50-C1
etag: W/01cbb46d3be7b0b190edb9fc45fd655a
status: 200
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
x-cache-hit: 1
vary: Accept-Encoding
x-amz-cf-id: cNWU4dhsQpGHGDu7mFVleBtVF4m4FLp_6MgbPBQS_HtS9VojRbB5cg==
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)

GET
H2 200 1.c7ea1c03.chunk.js.gz Show response
chat.exceed.ai/static/js/ 2 MB
293 KB 59ms
56ms Script
application/javascript 13.224.93.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://chat.exceed.ai/static/js/1.c7ea1c03.chunk.js.gz
Requested by: Host: chat.exceed.ai
URL: https://chat.exceed.ai/exceedChatWidget.js?sequenceid=5db5ab29aecd914c45848970
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.83 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f8c03fff95a665e5813b19151230a1cd566f97128691f487fa3e206cf6876af

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 05:52:47 GMT
content-encoding: gzip
last-modified: Tue, 03 Nov 2020 18:51:15 GMT
server: AmazonS3
age: 13090
etag: "0c9e67e413615870febefee7772e3d48"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 299013
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-id: CQkGWH6ieTXLVR822wjVBnUVqhwjM45gOWqOf00qUXWP0ooBjHazFQ==

GET
H2 200 main.242df04b.chunk.js.gz Show response
chat.exceed.ai/static/js/ 32 KB
8 KB 54ms
51ms Script
application/javascript 13.224.93.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://chat.exceed.ai/static/js/main.242df04b.chunk.js.gz
Requested by: Host: chat.exceed.ai
URL: https://chat.exceed.ai/exceedChatWidget.js?sequenceid=5db5ab29aecd914c45848970
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.83 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e56ec12f1615bfbf4603d62731684bddb62445174406fd231ffd06fd82edae8b

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 08 Nov 2020 21:47:05 GMT
content-encoding: gzip
last-modified: Tue, 03 Nov 2020 18:51:15 GMT
server: AmazonS3
age: 42232
etag: "8b198b2951be3be98f82a65cce2dc6c3"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 8043
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-id: cTRNr3oSJkSRGn_Ks9SXXDM3MgqWhTHdrTBwO05n_0dk3ZPv36h_BA==

GET
H2 200 1.203e6ef6.chunk.css.gz
chat.exceed.ai/static/css/ 91 KB
12 KB 48ms
42ms Stylesheet
text/css 13.224.93.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://chat.exceed.ai/static/css/1.203e6ef6.chunk.css.gz
Requested by: Host: chat.exceed.ai
URL: https://chat.exceed.ai/exceedChatWidget.js?sequenceid=5db5ab29aecd914c45848970
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.83 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f6b79f26397ecc2f38878da52bf2f8612e06af9f3de945bfd2b805ef0e49563

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 05:53:12 GMT
content-encoding: gzip
last-modified: Tue, 03 Nov 2020 18:51:15 GMT
server: AmazonS3
age: 13065
etag: "d8dd7c73492260879e4447bcf21f005c"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 12058
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-id: mnhDLWkq5HS5WRJB3ZFE5nFHKhRgDnsRAB5bskmpj882FQQBd4bwIw==

GET
H2 200 main.71cb3c1c.chunk.css.gz
chat.exceed.ai/static/css/ 6 KB
2 KB 48ms
42ms Stylesheet
text/css 13.224.93.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://chat.exceed.ai/static/css/main.71cb3c1c.chunk.css.gz
Requested by: Host: chat.exceed.ai
URL: https://chat.exceed.ai/exceedChatWidget.js?sequenceid=5db5ab29aecd914c45848970
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.83 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4e9d6fc08dda63087bc377a7a48f037ef533824eefdbe03511258af3eb9c9b93

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 08 Nov 2020 21:47:05 GMT
content-encoding: gzip
last-modified: Tue, 03 Nov 2020 18:51:15 GMT
server: AmazonS3
age: 42232
etag: "3fb2c42cf65c7a89938d36f310b30de9"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 1694
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-id: w8SMMotYjxDbC9_XOSrctCda9xB8Y4jbw0kLTlLFcugoLhd5geD_2g==

GET
H/1.0 200
OK Cookie set b4jzh Show response
go.guardicore.com/l/503441/2018-03-16/ Frame 8BE1 7 KB
3 KB 877ms
559ms Document
text/html 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: ac2ec780c7106d765cf8d5a2c1d607893f92eac7cf33a7f6141c5442e66cada5

Request headers

Host: go.guardicore.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Response headers

Date: Mon, 09 Nov 2020 09:30:56 GMT
Set-Cookie: pardot=4tuktst4macl7lnt346nue76vq; path=/ visitor_id503441=332687887; expires=Wed, 29-Dec-2021 09:30:57 GMT; Max-Age=35856000; path=/; SameSite=None; secure visitor_id503441-hash=0ff9c98197bee07acdf4ebf31e010003eb8ef0d19998985469edceb6bf19ac70931097429bec9c96bbab02389ebd406e816faa33; expires=Wed, 29-Dec-2021 09:30:57 GMT; Max-Age=35856000; path=/; SameSite=None; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/34/217
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2526
Content-Type: text/html; charset=utf-8
X-Pardot-Route: 32427ff3465437d362f61c790f7d2406
Server: PardotServer
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
Connection: keep-alive

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 210 KB
62 KB 62ms
15ms Script
application/javascript 23.111.11.71
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.11.71 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 1dc3d0ddeb900b0a56df76e80b0182ddf71c222d611ecfaf3ea133fa4b33b619

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
last-modified: Mon, 02 Nov 2020 17:33:06 GMT
server: NetDNA-cache/2.2
x-amz-request-id: CFC943F893C1226F
etag: W/"318f3675f3fd1e7ef694fb5638515bf8"
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
access-control-allow-origin: *
x-amz-id-2: qfw7iiF8ornPtAVyW2Au49hc//gtK1VntkXOorYZFeBuFjNWbswvnS4EE9kQJ4pCmB5gX8RKgMs=
expires: Thu, 04 Nov 2021 09:30:56 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ 2 KB
894 B 48ms
31ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1a2c13de08efab2836f482fe649c9853eafcf3af4363edb804d44fe38ecc8f3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Nov 2020 08:14:20 GMT
server: ESF
date: Mon, 09 Nov 2020 09:30:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Nov 2020 09:30:56 GMT

GET
H2 200 fritzfrog-cover.jpg
www.guardicore.com/wp-content/uploads/2020/08/ 119 KB
119 KB 470ms
470ms Image
image/jpeg 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2020/08/fritzfrog-cover.jpg
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6bc4cd3d234983b4d7790520e9f273c1f0f0ca4b9e017c5792845f99dc960905

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 19 Aug 2020 08:15:08 GMT
server: nginx
etag: "5f3cdf8c-1dc17"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 121879
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf7dcf8a37bb22988f24e3f15997d9adaa
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Graphik-Regular-Web.woff2
www.guardicore.com/wp-content/themes/guardicore/fonts/ 36 KB
36 KB 462ms
461ms Font
application/font-woff2 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/themes/guardicore/fonts/Graphik-Regular-Web.woff2
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6967697799a1a3fc3be15926cc5725b4c614549d3c3ad8c50d9ee0b2644f369a

Request headers

Origin: https://www.guardicore.com
Referer: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Sun, 28 Jul 2019 08:42:07 GMT
server: nginx
etag: "5d3d5fdf-8ead"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 36525
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfb6ce45ffd4f7170d4aee2bc2675c1f63
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Graphik-Bold-Web.woff2
www.guardicore.com/wp-content/themes/guardicore/fonts/ 37 KB
37 KB 457ms
456ms Font
application/font-woff2 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/themes/guardicore/fonts/Graphik-Bold-Web.woff2
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05c18ebd88d804db7eb7c2f9907d9fcea7f3922a7920beb591d647134fd05ddb

Request headers

Origin: https://www.guardicore.com
Referer: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Sun, 28 Jul 2019 08:42:00 GMT
server: nginx
etag: "5d3d5fd8-93b5"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 37813
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfc796d658f188cee17da80f1d45d1fedb
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Graphik-Semibold-Web.woff2
www.guardicore.com/wp-content/themes/guardicore/fonts/ 40 KB
40 KB 458ms
456ms Font
application/font-woff2 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/themes/guardicore/fonts/Graphik-Semibold-Web.woff2
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff2262ade95af945a2e89a5075ad4f962f06c13a18ff4c5d5d2a5841a1591455

Request headers

Origin: https://www.guardicore.com
Referer: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Sun, 28 Jul 2019 08:42:09 GMT
server: nginx
etag: "5d3d5fe1-9f89"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 40841
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf6ac488d1f47d4a2793b2f22b6cf46d8e
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 entypo-fontello.woff
www.guardicore.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/ 46 KB
47 KB 458ms
457ms Font
application/font-woff 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5473c7abfe3f735a00bbb767225e326c503c3ce9ea390d9f79be66ebd234d746

Request headers

Origin: https://www.guardicore.com
Referer: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Sun, 12 Apr 2020 14:10:48 GMT
server: nginx
etag: "5e932168-b90c"
status: 200
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 47372
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf477f7be85941d3c5b95ffa670e3a5fa1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Graphik-Light-Web.woff2
www.guardicore.com/wp-content/themes/guardicore/fonts/ 33 KB
33 KB 458ms
457ms Font
application/font-woff2 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/themes/guardicore/fonts/Graphik-Light-Web.woff2
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 358b041f779c4c2f82af83d25ddab61f5fd3fb3ba16350087788ffe16005ef21

Request headers

Origin: https://www.guardicore.com
Referer: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Sun, 28 Jul 2019 08:42:04 GMT
server: nginx
etag: "5d3d5fdc-8355"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 33621
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfe03a163bf3c427f0afb63983f4d416a9
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Graphik-RegularItalic-Web.woff2
www.guardicore.com/wp-content/themes/guardicore/fonts/ 38 KB
38 KB 458ms
458ms Font
application/font-woff2 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/themes/guardicore/fonts/Graphik-RegularItalic-Web.woff2
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7b4c47b439d9a25e184671127d1aa619065edba8f4e7de808e541319912ad6cd

Request headers

Origin: https://www.guardicore.com
Referer: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Sun, 28 Jul 2019 08:42:08 GMT
server: nginx
etag: "5d3d5fe0-9791"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 38801
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf653c4da7d9491622d2df4cc77a0fe9f4
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Graphik-Black-Web.woff2
www.guardicore.com/wp-content/themes/guardicore/fonts/ 36 KB
36 KB 456ms
456ms Font
application/font-woff2 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guardicore.com/wp-content/themes/guardicore/fonts/Graphik-Black-Web.woff2
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7097dcd10d86f191aa861da8955d905aec92109707bbe2b5c2ee12b181df86e8

Request headers

Origin: https://www.guardicore.com
Referer: https://www.guardicore.com/wp-content/cache/autoptimize/css/autoptimize_ca9b4c328a0326b5d73add243b16ebc3.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Sun, 28 Jul 2019 08:41:59 GMT
server: nginx
etag: "5d3d5fd7-8ed1"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 36561
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfc5739e040aa120b0e2d9490a36b33624
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 122 KB
37 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-NDF824T&cid=1679922896.1604914257

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c69162f1d1837c62e999d470302e1bf80cc8f38b3dd25bacbb028ffe6b638dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37256
x-xss-protection: 0
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Nov 2020 09:30:56 GMT

GET
H2 200 im-op1-banner.png
www.guardicore.com/wp-content/uploads/2019/09/ 63 KB
64 KB 377ms
376ms Image
image/png 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2019/09/im-op1-banner.png
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1a74087f01c6bf2309a2f5d7ddb8c2309f5fac988dccd6a72e283ef5eb70a347

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Wed, 18 Sep 2019 09:37:36 GMT
server: nginx
etag: "5d81fae0-fd20"
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 64800
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMf047f791ce67f6819039bddaae987909a
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 threat-intelligence-banner.png
www.guardicore.com/wp-content/uploads/2019/07/ 21 KB
22 KB 377ms
377ms Image
image/png 35.235.124.140
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guardicore.com/wp-content/uploads/2019/07/threat-intelligence-banner.png
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.235.124.140 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.124.235.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4b9a7bdede208dc634debc53edee3ab4c7412e97063bd350c4726fb7625b532f

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:04 GMT
last-modified: Tue, 30 Jul 2019 09:43:34 GMT
server: nginx
etag: "5d401146-55e7"
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 21991
x-edge-location-klb: 7T6a1sW2rXG586Q0acIULBMfe8ecbd3a730cff6e3f1eb819cb125998
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
374 B 80ms
23ms XHR
text/plain 104.109.70.122
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.70.122 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-70-122.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2409ad320b628fead9ea22d57d8d0a1bb6b46a351df47e7bf7d3de6839324285

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:56 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.guardicore.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
708 B 49ms
15ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 09:30:56 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.136:80
AN-X-Request-Uuid: 0688ec2b-7a3c-43e6-aaa2-26daf550a4de
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.guardicore.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 modules.8d61e969c7deff2570c5.js Show response
script.hotjar.com/ 362 KB
71 KB 128ms
48ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.8d61e969c7deff2570c5.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1548397.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-93-36.zrh50.r.cloudfront.net

Software

Resource Hash

cffc573bb349054cbbe8ff16713e646774262ae4810202c7421dae2bf5f8a38e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 06 Nov 2020 15:35:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 237339
x-cache: Hit from cloudfront
status: 200
content-length: 72516
access-control-allow-origin: *
last-modified: Fri, 06 Nov 2020 15:31:31 GMT
etag: "8a26168d6b1bbbe3b048a7e671a8ab78"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: BGhDGHdJIcVav6svKosBSIUK1uhG4jFRtu6WmkHogjt7z3EgWY43SA==

GET
H2 200 70380 Show response
api.omappapi.com/v2/embed/ 42 KB
7 KB 213ms
133ms XHR
application/json 13.224.93.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/70380?d=guardicore.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-51.zrh50.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 4e7e8a199519e1dee678d0affc72d862470054cd2e380362825705bbf40e4a42

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: ZRH50-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
status: 200
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 79104
x-user-agent: standard--
last-modified: Mon, 26 Oct 2020 09:36:51 GMT
server: Pagely Gateway/1.5.1
etag: W/"bf324e3b716d9ab8d7f81bd5634d59de"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
access-control-allow-origin: *
x-amz-cf-id: GBIBR6IeE85AT9NVUUZSgIhLjyrAtQa254hr0ONYuZDN40Gd0zr3mw==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 7ms
7ms Script
application/x-javascript 2a02:26f0:eb:385::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:385::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:56 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=15687
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
11 KB 33ms
33ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11472
x-xss-protection: 0
server: cafe
etag: 8286593240961886057
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 09 Nov 2020 09:30:56 GMT

GET
H2 200 hotjar-956284.js Show response
static.hotjar.com/c/ 3 KB
2 KB 47ms
47ms Script
application/javascript 13.224.93.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-956284.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.32 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-93-32.zrh50.r.cloudfront.net

Software

Resource Hash

0843148b0ea1cfac2063cc2459f6130e14ad55908201f6a2540e119123eb2b7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20
x-cache: Hit from cloudfront
status: 200
content-length: 1518
access-control-allow-origin: *
cache-control: max-age=60
etag: W/893933e3078f97d98af2b7c22cb4e7a1
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: zeKdph9PafMq6OitqhZlP7n85Tzkc2Y56ypMmOI1IFKhHTLrfmA1yQ==

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
8 KB 29ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 31729DF66CFB44548DF9D3F89D67B525 Ref B: FRAEDGE1415 Ref C: 2020-11-09T09:30:56Z
status: 200
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 70ms
23ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
age: 43097
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4077-HHN
last-modified: Wed, 21 Oct 2020 21:46:56 GMT
x-timer: S1604914257.784882,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 88 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: ESTDysU5NOfr3WnRCa3KcZAgxIFbMgj+zjKFkKihblCZLbXaLDEpHLKk3iGTAMYgSDQttgwbjl0XrU6vNcIupw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 09 Nov 2020 09:30:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 278ms
227ms Image
image/gif 104.109.70.122
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=0d8c67340d4aad8b32bfb9bcc7aa4ded&svisitor=&visitor=c63903f7-a0dc-4f5c-871a-898a58f2e1b6&session=e31be4e9-2eb3-4d8f-8dae-8f36c56d8ef6&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Guardicore%20Labs%20uncovers%20a%20sophisticated%2C%20multifunctional%20P2P%20botnet%20written%20in%20Golang%20and%20targeting%20SSH%20servers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22FritzFrog%3A%20A%20New%20Generation%20of%20Peer-to-Peer%20Botnets%20%7C%20Guardicore%20Labs%22%7D&cb=14256737&r=&thirdParty=%7B%7D&pageURL=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.109.70.122 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-70-122.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:57 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 19:02:58 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502962-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 957A 0
0 129ms
38ms Document
text/html 13.224.93.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1548397.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-123.zrh50.r.cloudfront.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Response headers

status: 200
content-type: text/html
content-length: 851
date: Mon, 05 Oct 2020 13:02:45 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Mon, 05 Oct 2020 11:02:22 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: D4aYw3XjCOkg82muno-w2Mmbz6fm_kh4gDf5Q5TmB1-J_F5xvZmVxA==
age: 3011291

GET
H2 200 Pling.wav Show response
webchat.exceed.ai/ 85 KB
85 KB 97ms
32ms XHR
audio/wav 99.86.7.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.exceed.ai/Pling.wav
Requested by: Host: chat.exceed.ai
URL: https://chat.exceed.ai/static/js/1.c7ea1c03.chunk.js.gz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.64 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-64.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b8d1b8b5769d718b79f7fe7708fadbb640890c53c550fe4b74420b51ee81f0a4

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 08 Nov 2020 10:15:23 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346b.cloudfront.net (CloudFront)
age: 83734
x-cache: Hit from cloudfront
status: 200
content-length: 86612
last-modified: Wed, 30 Oct 2019 17:51:30 GMT
server: AmazonS3
etag: "52833ca4dea690f2ca7ae128c96020d6"
access-control-max-age: 3
access-control-allow-methods: GET, HEAD
content-type: audio/wav
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: aBjmT62vVjTaPeIovwHiAMycBsNW4HawTBp_erCWOioErE8PSBkzHA==

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 127 KB
42 KB 57ms
35ms Script
text/javascript 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&libraries=places

Requested by

Host: chat.exceed.ai
URL: https://chat.exceed.ai/static/js/main.242df04b.chunk.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

22df025b68462c63877709c2d13749d25499125ddb0292ce3a9cf5ee09ead42c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
server-timing: gfet4t7; dur=20
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42172
x-xss-protection: 0
expires: Mon, 09 Nov 2020 10:00:56 GMT

GET
H2 200 Pling.wav Show response
webchat.exceed.ai/ 85 KB
85 KB 84ms
55ms XHR
audio/wav 99.86.7.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.exceed.ai/Pling.wav
Requested by: Host: chat.exceed.ai
URL: https://chat.exceed.ai/static/js/1.c7ea1c03.chunk.js.gz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.64 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-64.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b8d1b8b5769d718b79f7fe7708fadbb640890c53c550fe4b74420b51ee81f0a4

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 08 Nov 2020 10:15:23 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346b.cloudfront.net (CloudFront)
age: 83734
x-cache: Hit from cloudfront
status: 200
content-length: 86612
last-modified: Wed, 30 Oct 2019 17:51:30 GMT
server: AmazonS3
etag: "52833ca4dea690f2ca7ae128c96020d6"
access-control-max-age: 3
access-control-allow-methods: GET, HEAD
content-type: audio/wav
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: s_0UuYyYHJ318ZT2NLIxtVhx_ALech1DMPzlVuUF0QffCtw-0auM1Q==

GET
H2 200 widgetSettings Show response
prod.exceed.ai/api/webchat/5db5ab29aecd914c45848970/ 654 B
1 KB 324ms
109ms XHR
application/json 34.232.79.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.exceed.ai/api/webchat/5db5ab29aecd914c45848970/widgetSettings

Requested by

Host: chat.exceed.ai
URL: https://chat.exceed.ai/exceedChatWidget.js?sequenceid=5db5ab29aecd914c45848970

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.232.79.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

487914926695e5b4686ee19d62d5ca04ad98579893aa0a5251467a42c4ebf0be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:57 GMT
x-content-type-options: nosniff
status: 200
x-frame-options: DENY
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type: application/json
access-control-allow-origin: https://www.guardicore.com
access-control-max-age: 1209600
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization
content-length: 654
x-xss-protection: 1; mode=block
expires: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-53878132-1&cid=1679922896.1604914257&jid=912052683&gjid=690511541&_gid=716451584.1604914257&_u=aGDAgEADQAAAAE~&z=872250457

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 09 Nov 2020 09:30:56 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.guardicore.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
47 B 14ms
14ms XHR
text/plain 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=413538220&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&ul=en-us&de=UTF-8&dt=FritzFrog%3A%20A%20New%20Generation%20of%20Peer-to-Peer%20Botnets%20%7C%20Guardicore%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Page%20Entrance&ea=Page%20Entrance&_u=aGDAAEADQAAAAG~&jid=458360955&gjid=420947636&cid=1679922896.1604914257&tid=UA-53878132-1&_gid=716451584.1604914257&_r=1&gtm=2wgas1WDRGX6B&cd1=64.124.12.162&z=57434851

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.guardicore.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 6ms
6ms Image
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=413538220&t=pageview&_s=1&dl=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&ul=en-us&de=UTF-8&dt=FritzFrog%3A%20A%20New%20Generation%20of%20Peer-to-Peer%20Botnets%20%7C%20Guardicore%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQ~&jid=912052683&gjid=690511541&cid=1679922896.1604914257&tid=UA-53878132-1&_gid=716451584.1604914257&gtm=2wgas1WDRGX6B&z=27811121

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Nov 2020 13:15:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72940
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 8ms
7ms Script
application/x-javascript 2a02:26f0:eb:385::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:385::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=36666
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 204 0
bat.bing.com/action/ 0
93 B 32ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=25022092&Ver=2&mid=d0e860e3-a114-41d3-8982-1eb7d9b178a1&sid=454686d0226e11eb9f543952facb8aab&vid=4546f190226e11eba57451c7fa72da48&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=FritzFrog%3A%20A%20New%20Generation%20of%20Peer-to-Peer%20Botnets%20%7C%20Guardicore%20Labs&p=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&r=&evt=pageLoad&msclkid=N&sv=1&rn=314368
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 09 Nov 2020 09:30:56 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: CC53008C4F424738B5834D4F6A938D84 Ref B: FRAEDGE1415 Ref C: 2020-11-09T09:30:56Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/814034752/ 2 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/814034752/?random=1604914256899&cv=9&fst=1604914256899&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&tiba=FritzFrog%3A%20A%20New%20Generation%20of%20Peer-to-Peer%20Botnets%20%7C%20Guardicore%20Labs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c53c56a2496fb8c8225d12e66d8dad3fd5c066d84e1296fd5b5fd7f2d3f0c2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1069
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1037209429778134 Show response
connect.facebook.net/signals/config/ 234 KB
69 KB 42ms
41ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1037209429778134?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

20830a7a0a16e40221b0bbd3c541bbc7b6b568284b27d864c3c80c904cf118f0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-trip-id: 664085054
pragma: public
x-fb-debug: 62BIGDOkynziOeXmQMkgry1kR2/lHokRu/TIi5U2F3b9gyFDjUxLlJ2aKnaHNc97w5GWaPEc2Tfu7BeXdTrEMA==
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY
date: Mon, 09 Nov 2020 09:30:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
vary: Accept-Encoding
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 webfont.js Show response
a.omappapi.com/app/js/webfont/1.5.18/ 16 KB
7 KB 35ms
35ms Script
application/javascript 23.111.11.71
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.11.71 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
last-modified: Mon, 28 Sep 2020 20:09:04 GMT
server: NetDNA-cache/2.2
x-amz-request-id: 8B671F9707D00D47
etag: W/"593e60ad549e46f8ca9a60755336c7df"
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
access-control-allow-origin: *
x-amz-id-2: 9npExxaRtT8FoDZ8IPP3v09WxPX+jM5XRWDOXVCxOLy9yio6KNer03zES7p0TYj/qrNd1piwzkM=
expires: Thu, 04 Nov 2021 09:30:56 GMT

GET
H2 200 soundeffects.lib.js Show response
a.omappapi.com/app/js/ 1 KB
955 B 35ms
35ms Script
application/javascript 23.111.11.71
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/soundeffects.lib.js
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.11.71 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 828b6889aeb6a5b43bbff8ae0775491031206ea7df02aaa063c9b39cefd82340

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:56 GMT
content-encoding: gzip
last-modified: Fri, 01 Jun 2018 13:14:22 GMT
server: NetDNA-cache/2.2
x-amz-request-id: D838CA3920C7910D
etag: W/"4ff5c9f3587b5b77cdbbba2d1467fe3b"
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
x-amz-meta-s3b-last-modified: 20180601T131405Z
access-control-allow-origin: *
x-amz-id-2: 8eV1pl/mnItQ9Q8eJhmO9/XG2xXrkWu0HhTM5Js8kJpIhFQXIutiSzdrNxa6ATdycfYDW6LZDDU=
expires: Thu, 04 Nov 2021 09:30:56 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 19ms
18ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-53878132-1&cid=1679922896.1604914257&jid=912052683&_u=aGDAgEADQAAAAE~&z=1584220041

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 17ms
17ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-53878132-1&cid=1679922896.1604914257&jid=912052683&_u=aGDAgEADQAAAAE~&z=1584220041

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 41ms
14ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-53878132-1&cid=1679922896.1604914257&jid=458360955&gjid=420947636&_gid=716451584.1604914257&_u=aGDAAEADQAAAAG~&z=294842408

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 09 Nov 2020 09:30:57 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.guardicore.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 179ms
136ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Mon, 09 Nov 2020 09:30:57 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: effb86df4b17c33f8b138f033205dcf6
x-transaction: 00fd4e5b00b31b00
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=265698&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&time=1604914257049
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D265698%26url%3Dhttps%253A%252F%252Fwww.guardicore.com%252F2020%252F08%252Ffritzfr...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=265698&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&time=1604914257049&liSync=true

0
40 B

177ms
176ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=265698&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&time=1604914257049&liSync=true
Requested by: Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: vDvrqwPNRRYA4k812CoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: EpjopAPNRRaQcseUYysAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: B71C974EAB9D49F0A500F80106AF294C Ref B: VIEEDGE1712 Ref C: 2020-11-09T09:30:57Z
x-frame-options: sameorigin
date: Mon, 09 Nov 2020 09:30:56 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=265698&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&time=1604914257049&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/814034752/ 42 B
111 B 54ms
38ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/814034752/?random=1604914256899&cv=9&fst=1604912400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&frm=0&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&tiba=FritzFrog%3A%20A%20New%20Generation%20of%20Peer-to-Peer%20Botnets%20%7C%20Guardicore%20Labs&async=1&fmt=3&is_vtc=1&random=255289430&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/814034752/ 42 B
111 B 51ms
35ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/814034752/?random=1604914256899&cv=9&fst=1604912400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&frm=0&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&tiba=FritzFrog%3A%20A%20New%20Generation%20of%20Peer-to-Peer%20Botnets%20%7C%20Guardicore%20Labs&async=1&fmt=3&is_vtc=1&random=255289430&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
472 B 32ms
31ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-53878132-1&cid=1679922896.1604914257&jid=458360955&_u=aGDAAEADQAAAAG~&z=713254724

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
472 B 30ms
29ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-53878132-1&cid=1679922896.1604914257&jid=458360955&_u=aGDAAEADQAAAAG~&z=713254724

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
263 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1037209429778134&ev=PageView&dl=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&rl=&if=false&ts=1604914257086&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1604914257085.995523899&it=1604914256908&coo=false&rqm=GET

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 09 Nov 2020 09:30:57 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1548397/ 178 B
321 B 175ms
45ms XHR
application/json 34.252.252.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1548397/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.8d61e969c7deff2570c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.252.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-252-123.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: br
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-credentials: true

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 184ms
141ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o0jty&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 120
pragma: no-cache
last-modified: Mon, 09 Nov 2020 09:30:57 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: ff3c7a35699a546b8029d4fa4a44a15c
x-transaction: 001ac42f0054b5a7
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 json Show response
ipapi.co/ 719 B
995 B 249ms
226ms Fetch
application/json 2606:4700:20::ac43:45e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/json?key=HZ477dc7gH8EB5Abh3sH07Q5pMcWleYgvISuZsOnznvaiUSHIK

Requested by

Host: chat.exceed.ai
URL: https://chat.exceed.ai/static/js/main.242df04b.chunk.js.gz

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::ac43:45e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b20f5c44739d5a0cdef48f4f47eeec932f90ca2e24cb0ce91795ec813b73f449

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: br
allow: OPTIONS, OPTIONS, POST, HEAD, GET
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Host, Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gBB0ACgQKhiZqkO9MoN5ek%2BWHnoWVW666OAU2LKgJlXMgf5FiDXiiSEiFxKU1hfn1nvMeUmbC8BujsSWSD68ngTbfpIDwSw5kDflUMSQmQowmEL7bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.guardicore.com
cf-ray: 5ef6849c78100746-FRA
cf-request-id: 064df135d2000007465b144000000001

GET
H/1.1 200
OK form.css
go.pardot.com/css/ Frame 8BE1 31 KB
8 KB 408ms
100ms Stylesheet
text/css 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.pardot.com/css/form.css?ver=2020-10-19
Requested by: Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 338de273f529e717971d06587c95a880c0c4240b0cd24e79e14ac07a9522cd1d

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:57 GMT
Content-Encoding: gzip
X-Pardot-Route: 32427ff3465437d362f61c790f7d2406
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
Last-Modified: Thu, 29 Oct 2020 18:21:08 GMT
Server: PardotServer
ETag: "7bd2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7657
Expires: Wed, 09 Nov 2022 09:30:57 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.pardot.com/js/ Frame 8BE1 341 KB
99 KB 520ms
205ms Script
application/javascript 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.pardot.com/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:57 GMT
Content-Encoding: gzip
X-Pardot-Route: 32427ff3465437d362f61c790f7d2406
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
Last-Modified: Thu, 29 Oct 2020 18:21:57 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Wed, 09 Nov 2022 09:30:57 GMT

GET
H3-Q050 200 api.js Show response
www.google.com/recaptcha/ Frame 8BE1 850 B
739 B 20ms
20ms Script
text/javascript 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0bf897707835ef8d47aa7188075757f98d13185292bd7b8eccb3659e2c19ed93

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 558
x-xss-protection: 1; mode=block
expires: Mon, 09 Nov 2020 09:30:57 GMT

GET
H2 200 gaconnector.js Show response
track.gaconnector.com/ Frame 8BE1 7 KB
3 KB 109ms
108ms Script
text/plain 50.19.229.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track.gaconnector.com/gaconnector.js
Requested by: Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.19.229.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-19-229-101.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 52ef81f35cd6cfbb4ad081fd762c4bbcfb333cd29b733357ec263b1916ea1713

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
access-control-request-method: *
server: nginx/1.18.0
status: 200
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, GET
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
access-control-allow-headers: *
content-length: 2825
expires: Mon, 09 Nov 2020 10:30:57 GMT

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ Frame 8BE1 183 KB
54 KB 45ms
31ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B

Requested by

Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

980833e93c3d22cb6bf14adc99ad0518455b545d1e1b01d407fe83c9f258d985

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54434
x-xss-protection: 0
last-modified: Mon, 09 Nov 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Nov 2020 09:30:57 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
54 B 13ms
12ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsPqq7YDzLcjMptL

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 09 Nov 2020 09:30:57 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.guardicore.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 8BE1 965 B
761 B 8ms
8ms Script
application/x-javascript 2a02:26f0:eb:385::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:385::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=15686
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H3-Q050 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame 8BE1 30 KB
12 KB 45ms
31ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11472
x-xss-protection: 0
server: cafe
etag: 8286593240961886057
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 09 Nov 2020 09:30:57 GMT

GET
H2 200 hotjar-956284.js Show response
static.hotjar.com/c/ Frame 8BE1 3 KB
2 KB 40ms
40ms Script
application/javascript 13.224.93.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-956284.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.32 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-93-32.zrh50.r.cloudfront.net

Software

Resource Hash

0843148b0ea1cfac2063cc2459f6130e14ad55908201f6a2540e119123eb2b7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21
x-cache: Hit from cloudfront
status: 200
content-length: 1518
access-control-allow-origin: *
cache-control: max-age=60
etag: W/893933e3078f97d98af2b7c22cb4e7a1
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: rgi1vdviq-F5wjzmyejBtvSc8t5jNJpTZSSw9T7lhcdy0pDSB7_1hQ==

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 8BE1 27 KB
8 KB 31ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 6AC4B92922A44FB6A8D8A7EB2FB7C917 Ref B: FRAEDGE1415 Ref C: 2020-11-09T09:30:57Z
status: 200
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 8BE1 5 KB
2 KB 23ms
22ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDRGX6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:57 GMT
content-encoding: gzip
age: 43098
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4077-HHN
last-modified: Wed, 21 Oct 2020 21:46:56 GMT
x-timer: S1604914258.973971,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 8BE1 3 KB
2 KB 30ms
30ms Script
application/x-javascript 2a02:26f0:eb:385::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:385::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=36664
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H3-Q050 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/814034752/ Frame 8BE1 2 KB
2 KB 56ms
38ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/814034752/?random=1604914257889&cv=9&fst=1604914257889&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&ig=1&frm=2&url=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&ref=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78642051eabdd4fb677a9f7efb5f7345fc06fece36901c809ec17031d79e0460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.8d61e969c7deff2570c5.js Show response
script.hotjar.com/ Frame 8BE1 362 KB
71 KB 41ms
40ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.8d61e969c7deff2570c5.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-956284.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-93-36.zrh50.r.cloudfront.net

Software

Resource Hash

cffc573bb349054cbbe8ff16713e646774262ae4810202c7421dae2bf5f8a38e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 06 Nov 2020 15:35:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 237341
x-cache: Hit from cloudfront
status: 200
content-length: 72516
access-control-allow-origin: *
last-modified: Fri, 06 Nov 2020 15:31:31 GMT
etag: "8a26168d6b1bbbe3b048a7e671a8ab78"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: AOHFhE1tZlsH7GH_-ltOXJs3tONBpwegDb4anLxkAxPtF3ZJep1T6w==

GET
H2 200 adsct
t.co/i/ Frame 8BE1 43 B
170 B 139ms
138ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o0jty&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&tw_document_href=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F

Requested by

Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Mon, 09 Nov 2020 09:30:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: effb86df4b17c33f8b138f033205dcf6
x-transaction: 0077703700c73122
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 collect
px.ads.linkedin.com/ Frame 8BE1 0
63 B 176ms
175ms Image
application/javascript 2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=265698&url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&time=1604914258018
Requested by: Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:58 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: eMQeuQPNRRbAgDAp2CoAAA==

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/ Frame 8BE1 344 KB
136 KB 28ms
8ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd828162a2e54e24de6f167733fea047e61317ac2f573b83b75589bcbe00e6af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.guardicore.com
Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:25:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 324
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138367
x-xss-protection: 0
last-modified: Mon, 02 Nov 2020 19:55:46 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Nov 2021 09:25:34 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ Frame 8BE1 31 B
164 B 147ms
143ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o0jty&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 122
pragma: no-cache
last-modified: Mon, 09 Nov 2020 09:30:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: ff3c7a35699a546b8029d4fa4a44a15c
x-transaction: 00b15a5d00959330
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ Frame 8BE1 0
93 B 34ms
32ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=25022092&Ver=2&mid=b9218bd7-14f7-426f-8d7f-45284140de0b&sid=454686d0226e11eb9f543952facb8aab&vid=4546f190226e11eba57451c7fa72da48&vids=0&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&r=&lt=1643&evt=pageLoad&ifm=1&msclkid=N&sv=1&rn=782182
Requested by: Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 09 Nov 2020 09:30:57 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 184A9C0898A84B97AE86E095A647989C Ref B: FRAEDGE1415 Ref C: 2020-11-09T09:30:58Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/814034752/ Frame 8BE1 42 B
88 B 23ms
22ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/814034752/?random=1604914257889&cv=9&fst=1604912400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&frm=2&url=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&ref=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&async=1&fmt=3&is_vtc=1&random=1004948604&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/814034752/ Frame 8BE1 42 B
88 B 24ms
23ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/814034752/?random=1604914257889&cv=9&fst=1604912400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&frm=2&url=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&ref=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&async=1&fmt=3&is_vtc=1&random=1004948604&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:30:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame 585A 0
0 32ms
31ms Document
text/html 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5ndWFyZGljb3JlLmNvbTo0NDM.&hl=en&v=1AZgzF1o3OlP73CVr69UmL65&size=normal&cb=79hxsr7d30t2

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pd/gkD57uHaX6UEi69aFUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5ndWFyZGljb3JlLmNvbTo0NDM.&hl=en&v=1AZgzF1o3OlP73CVr69UmL65&size=normal&cb=79hxsr7d30t2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 09 Nov 2020 09:30:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-pd/gkD57uHaX6UEi69aFUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11130
server: GSE
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame C13A 0
0 39ms
38ms Document
text/html 13.224.93.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-956284.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-123.zrh50.r.cloudfront.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Response headers

status: 200
content-type: text/html
content-length: 851
date: Mon, 05 Oct 2020 13:02:45 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Mon, 05 Oct 2020 11:02:22 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: UyJiMqHl15vrzwpJaSJl8gH4D2kuTW0pq9dpS-0zZ9zKhIOnHgZp4Q==
age: 3011293

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 8BE1 88 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: ESTDysU5NOfr3WnRCa3KcZAgxIFbMgj+zjKFkKihblCZLbXaLDEpHLKk3iGTAMYgSDQttgwbjl0XrU6vNcIupw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 09 Nov 2020 09:30:58 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 1037209429778134 Show response
connect.facebook.net/signals/config/ Frame 8BE1 234 KB
68 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1037209429778134?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

20830a7a0a16e40221b0bbd3c541bbc7b6b568284b27d864c3c80c904cf118f0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 69778
x-xss-protection: 0
pragma: public
x-fb-debug: 62BIGDOkynziOeXmQMkgry1kR2/lHokRu/TIi5U2F3b9gyFDjUxLlJ2aKnaHNc97w5GWaPEc2Tfu7BeXdTrEMA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 09 Nov 2020 09:30:58 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 8BE1 44 B
151 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1037209429778134&ev=PageView&dl=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&rl=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&if=true&ts=1604914258276&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1604914257085.995523899&it=1604914258251&coo=false&rqm=GET

Requested by

Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 09 Nov 2020 09:30:58 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame 8BE1 5 KB
2 KB 399ms
100ms Script
application/javascript 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.guardicore.com
URL: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:30:58 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
Last-Modified: Fri, 13 Mar 2020 17:27:21 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Wed, 09 Nov 2022 09:30:58 GMT

GET
H3-Q050 200 bframe
www.google.com/recaptcha/api2/ Frame 9483 0
0 19ms
18ms Document
text/html 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=1AZgzF1o3OlP73CVr69UmL65&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fkpsdydgy2r5

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q86Wp1C66236h8IWteZnQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=1AZgzF1o3OlP73CVr69UmL65&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fkpsdydgy2r5
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 09 Nov 2020 09:30:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-q86Wp1C66236h8IWteZnQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1172
server: GSE
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame 8BE1 4 KB
3 KB 225ms
225ms Script
text/javascript 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=332687887&visitor_id_sign=0ff9c98197bee07acdf4ebf31e010003eb8ef0d19998985469edceb6bf19ac70931097429bec9c96bbab02389ebd406e816faa33&pi_opt_in=&campaign_id=58324&account_id=504441&title=&url=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&referrer=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 00f25ebf339f02764b0d39b32922e637f7fd5e96e21e333eb714444aeec2159c

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 09:30:58 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
X-Pardot-Rsp: 16/91/54
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1738
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.guardicore.com/ Frame 8BE1 52 B
973 B 195ms
194ms Script
text/javascript 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.guardicore.com/analytics?conly=true&pi_form=true&visitor_id=332687887&visitor_id_sign=0ff9c98197bee07acdf4ebf31e010003eb8ef0d19998985469edceb6bf19ac70931097429bec9c96bbab02389ebd406e816faa33&pi_opt_in=&campaign_id=58324&account_id=504441&title=&url=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&referrer=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=332687887&visitor_id_sign=0ff9c98197bee07acdf4ebf31e010003eb8ef0d19998985469edceb6bf19ac70931097429bec9c96bbab02389ebd406e816faa33&pi_opt_in=&campaign_id=58324&account_id=504441&title=&url=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&referrer=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 09:30:59 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
X-Pardot-Rsp: 16/113/243
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 52
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ Frame 8BE1 606 KB
110 KB 22ms
6ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=332687887&visitor_id_sign=0ff9c98197bee07acdf4ebf31e010003eb8ef0d19998985469edceb6bf19ac70931097429bec9c96bbab02389ebd406e816faa33&pi_opt_in=&campaign_id=58324&account_id=504441&title=&url=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&referrer=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

96b1d1374abc786b3e47687f95eb2efeb62fd3393a75436e66c63c0c12938e67

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:59 GMT
content-encoding: br
vary: Accept-Encoding
age: 860
x-cache: HIT, HIT
status: 200
content-length: 112483
x-served-by: cache-dca17746-DCA, cache-hhn4074-HHN
access-control-allow-origin: *
x-browser-version: 83
last-modified: Thu, 05 Nov 2020 13:27:25 GMT
x-timer: S1604914259.025764,VS0,VE0
etag: "5fa3fdbd-1b763"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 59

GET
H2 200 /
www.facebook.com/tr/ Frame 8BE1 44 B
151 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1037209429778134&ev=Microdata&dl=https%3A%2F%2Fgo.guardicore.com%2Fl%2F503441%2F2018-03-16%2Fb4jzh%3FWebpage_Name%3D%2Flabs%2F%26Referral_URL%3D%2Flabs%2F&rl=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&if=true&ts=1604914259780&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1604914257085.995523899&it=1604914258251&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.guardicore.com/l/503441/2018-03-16/b4jzh?Webpage_Name=/labs/&Referral_URL=/labs/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:30:59 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 09 Nov 2020 09:30:59 GMT

GET
H3-Q050 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/42/9/ 75 KB
28 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/42/9/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&libraries=places

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbe862fecc8d22f26c0071a1283d1ee6302d0ee20663afe46caabbe16d11d59e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 08 Nov 2020 19:49:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49290
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28123
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 04:29:25 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Nov 2021 19:49:32 GMT

GET
H3-Q050 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/42/9/ 147 KB
54 KB 36ms
22ms Script
text/javascript 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/42/9/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&libraries=places

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6f4d404865d30f5860c0ff6e39f0afb1f2a6465fb01b95cf34aaf225d768e61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 07 Nov 2020 10:37:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 14 Oct 2020 04:29:25 GMT
server: sffe
age: 168789
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55295
x-xss-protection: 0
expires: Sun, 07 Nov 2021 10:37:53 GMT

GET
H3-Q050 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ 62 B
133 B 44ms
43ms Script
text/javascript 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&4sAIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&callback=_xdc_._g3sj6e&key=AIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&token=103332

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/42/9/common.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

897e7715a1454862e9a11dedb32ac824b02ace768a44d21d9e814335e5809491

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:31:02 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=30
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 stats.js Show response
maps.googleapis.com/maps-api-v3/api/js/42/9/ 4 KB
2 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/42/9/stats.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&libraries=places

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e051ede6c9577ddcb12adc60b2c41a4783484588eb02c5f2b185769cec71414f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 04 Nov 2020 00:57:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 14 Oct 2020 04:29:25 GMT
server: sffe
age: 462786
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1725
x-xss-protection: 0
expires: Thu, 04 Nov 2021 00:57:56 GMT

GET
H3-Q050 204 gen_204
maps.googleapis.com/maps/ 0
158 B 15ms
15ms Image
image/gif 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.googleapis.com/maps/gen_204?target=api&ev=api_alreadyloaded&client=&key=AIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&cad=src:apiv3,token:8ce6iwjfce,ts:acii5t

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 09:31:02 GMT
server: mafe
x-frame-options: SAMEORIGIN
content-type: image/gif
status: 204
cache-control: no-cache, must-revalidate
server-timing: gfet4t7; dur=1
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK x.svg
s3.amazonaws.com/static.frontend.exceed.ai/ 311 B
671 B 434ms
120ms Image
image/svg+xml 52.216.29.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/static.frontend.exceed.ai/x.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.29.102 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: ac11a69407aeaac27f7c75939b4a14a5f58b380e3eacf4c4cddcc0973b52ae7d

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 09:31:04 GMT
Last-Modified: Wed, 06 Nov 2019 09:37:55 GMT
Server: AmazonS3
x-amz-request-id: E58581704EBD4B8F
ETag: "4a3c1161b81f906ccb7e41df6b548811"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 311
x-amz-id-2: XffPUOyGTUbWCoRNPPhMcOVf2wwqnfdn4hOtUItpLoT60ORlA0f8cP0w/W9FbQ+LPcVeo7nJJOk=

GET
H2 200 ugtatx4ewm5fcway2v8w.jpg
res.cloudinary.com/exceed/image/upload/v1591779066/WebUpload/ 14 KB
14 KB 23ms
9ms Image
image/jpeg 2a04:4e42:1b::393
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.cloudinary.com/exceed/image/upload/v1591779066/WebUpload/ugtatx4ewm5fcway2v8w.jpg

Requested by

Host: www.guardicore.com
URL: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:1b::393 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

4f5ce28b648decbe34002be5a98606a6954f091efc19c265a142fa9001fc9965

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 09:31:03 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 08:51:07 GMT
server: Cloudinary
status: 200
etag: "5b12c350597f7c6f4370bf296bf3b289"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=2;cpu=1;start=2020-11-09T09:31:03.355Z;desc=hit,rtt;dur=5
accept-ranges: bytes
timing-allow-origin: *
content-length: 14032

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.guardicore.com/	1970-01-19 13:48:48	Name: _gd_session Value: e31be4e9-2eb3-4d8f-8dae-8f36c56d8ef6
go.guardicore.com/	1970-01-19 23:46:10	Name: visitor_id503441 Value: 332687887
go.guardicore.com/	1969-12-31 23:59:59	Name: pardot Value: 4tuktst4macl7lnt346nue76vq
www.guardicore.com/	1970-01-19 13:48:34	Name: _hjIncludedInSessionSample Value: 1
.guardicore.com/	1970-01-19 22:34:10	Name: _hjid Value: e48aa9bb-a58d-4655-9a8b-bd0c512f3324
.guardicore.com/	1970-01-19 13:48:36	Name: _hjFirstSeen Value: 1
.guardicore.com/	1970-01-19 13:48:34	Name: _dc_gtm_UA-53878132-1 Value: 1
.guardicore.com/	1970-01-19 13:50:00	Name: _uetsid Value: 454686d0226e11eb9f543952facb8aab
.guardicore.com/	1970-01-19 13:48:34	Name: _gat_UA-53878132-1 Value: 1
.guardicore.com/	1970-01-19 15:58:10	Name: _fbp Value: fb.1.1604914257085.995523899
www.guardicore.com/	1970-01-20 07:19:46	Name: _gd_visitor Value: c63903f7-a0dc-4f5c-871a-898a58f2e1b6
.guardicore.com/	1970-01-19 13:48:36	Name: _hjAbsoluteSessionInProgress Value: 0
go.guardicore.com/	1970-01-19 23:46:10	Name: visitor_id503441-hash Value: 0ff9c98197bee07acdf4ebf31e010003eb8ef0d19998985469edceb6bf19ac70931097429bec9c96bbab02389ebd406e816faa33
www.guardicore.com/	1970-01-19 13:48:34	Name: _hjIncludedInPageviewSample Value: 1
www.guardicore.com/	1970-01-20 07:19:46	Name: _gd_svisitor Value: 6fb510029a350000500ca95f20020000876f0100
www.guardicore.com/	1970-01-19 13:58:39	Name: _an_uid Value: 0
.guardicore.com/	1970-01-19 14:11:58	Name: _uetvid Value: 4546f190226e11eba57451c7fa72da48
.guardicore.com/	1970-01-19 15:58:10	Name: _gcl_au Value: 1.1.486053091.1604914257
www.guardicore.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 39c01088dbbd7f1ad4195837565a28ad
www.guardicore.com/	1970-01-19 13:48:34	Name: _omappvs Value: 1604914256675
.guardicore.com/	1969-12-31 23:59:59	Name: _hjTLDTest Value: 1
.guardicore.com/	1970-01-19 13:50:00	Name: _gid Value: GA1.2.716451584.1604914257
.guardicore.com/	1970-01-20 07:19:46	Name: _ga Value: GA1.2.1679922896.1604914257
www.guardicore.com/	1970-01-23 13:47:07	Name: _omappvp Value: 0h9aI90jnb5cbFCU8lbdUrjodkAksNqdzsDnbBj24UPSDS96jeeElOAc5nNIMytRLenuhXVRWoLAVcmv57fTi6LEqOCnJXBn

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://track.gaconnector.com/gaconnector.js(Line 1) Message: Messaging child iframes
console-api	log	URL: https://track.gaconnector.com/gaconnector.js(Line 1) Message: https://track.gaconnector.com/track_pageview?gaconnector_id=2ed521ef-327c-85ce-4ff5-d0db9e668289&account_id=4f614d48eef0b665892780d0608acd04&referer=&GA_Client_ID=undefined&page_url=https%3A%2F%2Fwww.guardicore.com%2F2020%2F08%2Ffritzfrog-p2p-botnet-infects-ssh-servers%2F&gclid=&utm_campaign=&utm_term=&utm_content=&utm_source=&utm_medium=
console-api	error	URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGLBCC_jHCOsqTy3_apMPykcsXxZ1FoKg&libraries=places(Line 152) Message: You have included the Google Maps JavaScript API multiple times on this page. This may cause unexpected errors.
console-api	log	URL: https://track.gaconnector.com/gaconnector.js(Line 1) Message: Adding receiveGaConnectorId listener

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
a.opmnstr.com
analytics.twitter.com
api.omappapi.com
b.6sc.co
bat.bing.com
c.6sc.co
chat.exceed.ai
connect.facebook.net
fast.wistia.com
fonts.googleapis.com
go.guardicore.com
go.pardot.com
googleads.g.doubleclick.net
in.hotjar.com
ipapi.co
j.6sc.co
maps.googleapis.com
pi.pardot.com
prod.exceed.ai
px.ads.linkedin.com
res.cloudinary.com
s3.amazonaws.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
staging-covuyicu.temp927.kinsta.cloud
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
track.gaconnector.com
vars.hotjar.com
webchat.exceed.ai
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.guardicore.com
www.linkedin.com
104.109.70.122
104.244.42.133
104.244.42.67
13.224.93.123
13.224.93.32
13.224.93.36
13.224.93.51
13.224.93.83
151.101.112.157
172.217.23.162
18.232.28.189
185.33.220.145
23.111.11.182
23.111.11.71
2606:4700:20::ac43:45e2
2620:1ec:22::14
2620:1ec:c11::200
2a00:1450:4001:801::200e
2a00:1450:4001:806::200a
2a00:1450:4001:809::2003
2a00:1450:4001:809::2004
2a00:1450:4001:819::2004
2a00:1450:4001:819::200a
2a00:1450:4001:81a::2008
2a00:1450:4001:81a::200e
2a00:1450:4001:81d::2002
2a00:1450:4001:81d::2003
2a00:1450:400c:c00::9b
2a02:26f0:eb:385::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::393
2a04:4e42:1b::622
2a05:f500:11:101::b93f:9005
34.232.79.176
34.252.252.123
35.235.124.140
50.19.229.101
52.216.29.102
99.86.7.64
00f25ebf339f02764b0d39b32922e637f7fd5e96e21e333eb714444aeec2159c
05c18ebd88d804db7eb7c2f9907d9fcea7f3922a7920beb591d647134fd05ddb
0843148b0ea1cfac2063cc2459f6130e14ad55908201f6a2540e119123eb2b7b
08f2da7406d489243e2cca440f92ebee6472e71fa643c8ccb900bbd95fdb92f0
0bf897707835ef8d47aa7188075757f98d13185292bd7b8eccb3659e2c19ed93
0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711
10202053ff9d3ee24997670f728a0f67e757e08beddedb88148180dee0d48c34
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1a2c13de08efab2836f482fe649c9853eafcf3af4363edb804d44fe38ecc8f3f
1a74087f01c6bf2309a2f5d7ddb8c2309f5fac988dccd6a72e283ef5eb70a347
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1dc3d0ddeb900b0a56df76e80b0182ddf71c222d611ecfaf3ea133fa4b33b619
1ef6253a1856c4b212bd1ab29a69dc0dbeee4f56473aab3726716ceebaabafcd
20830a7a0a16e40221b0bbd3c541bbc7b6b568284b27d864c3c80c904cf118f0
22df025b68462c63877709c2d13749d25499125ddb0292ce3a9cf5ee09ead42c
2409ad320b628fead9ea22d57d8d0a1bb6b46a351df47e7bf7d3de6839324285
2feb39bd405a8f0299a4115689da22f8165bcc61e8f5d9ed4a1c4cc5fd3a85ab
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
338de273f529e717971d06587c95a880c0c4240b0cd24e79e14ac07a9522cd1d
358b041f779c4c2f82af83d25ddab61f5fd3fb3ba16350087788ffe16005ef21
3cda769850b7e6155d07c41864ee3a23b062826a1123ef62741fadc6da2896e1
3f47c75fa68e49b1cdca50c61e9cd6603b57c521e5e6809df59a4a15e291a4ef
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4215b73febfb95635539227324e96da15d044ace1b1a45301bf0e32e45b04b00
487914926695e5b4686ee19d62d5ca04ad98579893aa0a5251467a42c4ebf0be
4b9a7bdede208dc634debc53edee3ab4c7412e97063bd350c4726fb7625b532f
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
4e7e8a199519e1dee678d0affc72d862470054cd2e380362825705bbf40e4a42
4e9d6fc08dda63087bc377a7a48f037ef533824eefdbe03511258af3eb9c9b93
4f5ce28b648decbe34002be5a98606a6954f091efc19c265a142fa9001fc9965
52ef81f35cd6cfbb4ad081fd762c4bbcfb333cd29b733357ec263b1916ea1713
5473c7abfe3f735a00bbb767225e326c503c3ce9ea390d9f79be66ebd234d746
54f1228c4a0a07016155305f2ef11f299378f7348b0e07334166fa489fb91bc7
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
6412b40a1d7dfec4f4548e26661d38b3f90c1633ccb735fd9bd8c44a8f26a4b9
64b1e926728bc8f4cad4a2c65df158480e5f672f3b964feaeed99fadf4c47df0
66d18f6dc9983a817863220206f19b9b68ff7413f6f885bd2892c024fcc18252
6967697799a1a3fc3be15926cc5725b4c614549d3c3ad8c50d9ee0b2644f369a
6bc4cd3d234983b4d7790520e9f273c1f0f0ca4b9e017c5792845f99dc960905
6c57aec349a90319a99b94b8b43e99b513c823024bdea72e8cf4d8ee67b2abdc
6d82524320851cd20cae529e3b2e8f44041aac4cff1d5352d115fb2f3819d742
7097dcd10d86f191aa861da8955d905aec92109707bbe2b5c2ee12b181df86e8
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c
779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37
78642051eabdd4fb677a9f7efb5f7345fc06fece36901c809ec17031d79e0460
791c07488ac44202e42b742b2fbab448b48f7ec699da4770961f73f5e40dec97
79a0be939284ef1ca5b68189455821955a74b07d8cb3f6484534943622946a21
7b4c47b439d9a25e184671127d1aa619065edba8f4e7de808e541319912ad6cd
7f8c03fff95a665e5813b19151230a1cd566f97128691f487fa3e206cf6876af
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
828b6889aeb6a5b43bbff8ae0775491031206ea7df02aaa063c9b39cefd82340
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
897e7715a1454862e9a11dedb32ac824b02ace768a44d21d9e814335e5809491
8f6b79f26397ecc2f38878da52bf2f8612e06af9f3de945bfd2b805ef0e49563
91b314d1d6f84b49b65a2435232ea7325e3a57a4039442b9b3bcccc54f87818d
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
96b1d1374abc786b3e47687f95eb2efeb62fd3393a75436e66c63c0c12938e67
980833e93c3d22cb6bf14adc99ad0518455b545d1e1b01d407fe83c9f258d985
99609f305da56c09fadfff5a713e12310bc972884d55aed8d5df75aa536066da
a6f4d404865d30f5860c0ff6e39f0afb1f2a6465fb01b95cf34aaf225d768e61
ac11a69407aeaac27f7c75939b4a14a5f58b380e3eacf4c4cddcc0973b52ae7d
ac2ec780c7106d765cf8d5a2c1d607893f92eac7cf33a7f6141c5442e66cada5
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b20f5c44739d5a0cdef48f4f47eeec932f90ca2e24cb0ce91795ec813b73f449
b8d1b8b5769d718b79f7fe7708fadbb640890c53c550fe4b74420b51ee81f0a4
bbe862fecc8d22f26c0071a1283d1ee6302d0ee20663afe46caabbe16d11d59e
c53c56a2496fb8c8225d12e66d8dad3fd5c066d84e1296fd5b5fd7f2d3f0c2a7
c69162f1d1837c62e999d470302e1bf80cc8f38b3dd25bacbb028ffe6b638dbf
cbd5a09e4f66d3c6602521d5915c62ea9f6673ea50ca0147ab52c7ccd3f54ebc
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
cffc573bb349054cbbe8ff16713e646774262ae4810202c7421dae2bf5f8a38e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd828162a2e54e24de6f167733fea047e61317ac2f573b83b75589bcbe00e6af
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e051ede6c9577ddcb12adc60b2c41a4783484588eb02c5f2b185769cec71414f
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0a3ceea781311cafd77281f8525498e36f8b674f0261a98ebfb418aa30698
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e56ec12f1615bfbf4603d62731684bddb62445174406fd231ffd06fd82edae8b
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825
eebfbc9e23f08d221cff8a2a5be2b12269af2a43dcee1fc470a849306a3f7352
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f61c2033c763b170c33b5dd5fad3d429d9ac6e8886c0e1f1486b3b34c1ccc91a
f71e440bd8074d59686f35d87b824c16f5310a34bab7fb017b0178bd726e35d3
f96247787b9c442071dce74a2bc8d903f74b6db3b179500131099016f206ad13
ff2262ade95af945a2e89a5075ad4f962f06c13a18ff4c5d5d2a5841a1591455

www.guardicore.com Open in urlscan Pro 35.235.124.140 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

124 Requests

100 %HTTPS

50 %IPv6

30 Domains

43 Subdomains

39 IPs

6 Countries

3428 kBTransfer

9566 kBSize

24 Cookies

15 Outgoing links

Redirected requests

124 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.guardicore.com Open in urlscan Pro
35.235.124.140 Public Scan

Screenshot
Live screenshot

Full Image

124
Requests

100 %
HTTPS

50 %
IPv6

30
Domains

43
Subdomains

39
IPs

6
Countries

3428 kB
Transfer

9566 kB
Size

24
Cookies

124 HTTP transactions
0 data transactions